Enterprise Password Management: The Hidden Cost of Scalability and Redundancy

Martin Cannard
July 2nd, 2018

Most IT teams have a repeatable process for evaluating software solutions — some use RFPs, others do research then rely on vendor demos and perhaps a proof of concept to validate the technology and functional requirements. Once you’ve determined the solution is a fit, the sales rep then provides the quote for the software licenses, maintenance, and implementation. And, of course, along with quote comes additional information that the IT team needs for implementation—product documentation, user guides, collateral, and deployment guides to give IT teams a sense of what it will take to get up and running.

But when it comes to critical solutions like enterprise password security, IT teams also have two questions to consider: 1) can it scale? And 2), what do we need to do in order to ensure it never fails? The answers to those questions often mean the true cost of ownership is much higher than that quote you’ve received from the vendor’s sales representative.

Consider, for example, your current infrastructure. Some commercial software solutions for privileged password and privileged session management have capacity requirements that could expand your infrastructure and server environment. During the Proof of Concept (POC) phase, or even if you began with a limited rollout, your hardware requirements may have been limited to 2-3 servers that were already in-house, hardened, and under-utilized. But once you move from a limited rollout to a full-scale deployment, the hardware requirements must be taken into consideration. Therefore, it’s important to understand the capacity of the software solutions in addition to the hardware requirements. If the privileged password management solution you’ve chosen wasn’t designed to scale and can therefore only handle 100 concurrent privileged sessions for each server, as you do the math you’ll soon see that an enterprise-wide rollout will require several additional servers.

This is where BeyondTrust PowerBroker Password Safe can help. Deployed on a hardened appliance, it’s designed to operate in a scalable environment, with but with a smaller footprint. If your organization has 2000 admins – that means, you’ll track approximately 700 concurrent sessions. With PowerBroker Password Safe, that would be 3 UVM appliances total, including 1 for backup.

And while we’re on the topic of servers, the next question to ask when considering privileged password and privileged session management solutions is about redundancy. How many fail-safes will be needed to ensure compliance with your organization’s redundancy/uptime policies? If your policy is to have 1 UVM for every 2 servers, you’ll need to budget and plan for up to 8 additional UVM servers in this scenario – what does that mean for your bottom line and for the total cost of ownership for the solution you select?

Addressing hardware and redundancy often come up as topics late in the evaluation process – sometimes, too late. With PowerBroker Password Safe, you can rest assured that your privileged password management solution can scale to meet your organizations’ capacity and redundancy issues without blowing the budget. With consolidated appliances, it’s hardened and locked down, certified by Common Criteria, can be automatically updated, it can fit more sessions into a single appliance.

To learn more tips and tricks about privileged password management solutions, join us for an upcoming webinar with industry expert Dr. Eric Cole, “Privileged Passwords are Easy Pickings for Attackers – Unless You Make These Fixes“.

 

Martin Cannard

Martin has been helping organizations solve challenges in the privileged account management and identity and access management space for over 24 years. At Dell Software, Martin managed a team of Solution Architects, focused on designing and implementing solutions in the Privileged Account Management (PAM) space. Prior to joining Dell, Martin was Sr. Product Manager for Novell Privileged User Manager, a privilege management application acquired from Fortefi, an organization where he served as Vice President, Corporate Development. Prior to this, he was Program Manager of Client Technologies at Symantec where he was responsible for many ground-breaking field and channel enablement applications. Additionally, Martin managed the European QA group at Axent Technologies and has held various management positions in consulting, systems development, and operations. Martin is a regular speaker for security events, and webinars.