Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

The ROI (and Hidden Benefits) of Privileged Password and Session Management

January 8, 2016

  • Blog
  • Archive
Password Management ROI Time and again we hear about the increasing misuse of privileged insider credentials in data breaches. But despite the enormous people, process and technology investments made to mitigate these risks, breaches continue to happen. With the financial impact of each breach so deeply felt many customers are right to demand some calculation on security ROI. But, determining a return on investment for any security product is a challenging proposition. We find that getting to a security ROI has as much to do with mitigating the downstream effects of certain administrative practices as it does with reducing actual risk. Quantifying that risk reduction, however, is the trickiest part. That’s why the better way to look at risk is through the lens of reducing attack surfaces. Let’s take a look at two common mechanisms for determining ROI for a privileged password and session management deployment as a way to reduce a breach attack surface.

Mitigating the costs and risks of a data breach

The average cost of a data breach in the US is about $195 per compromised record (Ponemon, 2015), with the average number of records compromised in a data breach in the US roughly 29,000 records. A quick calculation shows that the average cost of a data breach could reach more than $5.6 million dollars. This cost varies by industry, of course. In this example we chose the Ponemon data for calculating impact, although there are other sources available as well. This is but one data point to show how expensive reactive measures such as forensic investigations, consulting services and legal fees can be, not to mention the distraction and lost productivity, after a data breach has occurred. An investment in a solution to proactively provide control and accountability over how enterprise passwords are managed (checked in and out), cycled (to prevent stale passwords from being used), and monitored (usage in real time) will shrink the attack surface from the misuse of privileged credentials used in data breaches and stave off some of those reactive costs. Risk reduction is a hard thing to measure, and you can never eliminate all risk, so you should be looking at reducing the number of attack surfaces instead.

Reducing the costs and inefficiencies of manual processes for password rotation

A second way to look at security ROI is in re-directing high-value assets to more productive purposes. The process of managing and cycling privileged passwords across an enterprise is time-consuming. For example, let's say you have 1 admin responsible for managing 100 systems. She has to rotate the passwords on those assets every 30 days according to policy. It would take several person-hours for her to:
  • visit each system's management console
  • know the administrator password (or find it if it’s not easily accessible)
  • change the password
  • note the password in some manual mechanism (which by the way isn't compliant with most industry regulations)
  • move on to the next system and repeat
Let's say that exercise takes 10 minutes per system. Multiply that times 100 systems, and you have 1,000 minutes, or roughly just shy of 17 hours over the course of month. That's more than two working days a month to execute this activity on top of the rest of her responsibilities. Every month. What's 24 working days a year – almost 5 weeks per year! – of an admin's job worth? Assuming a $100,000 salary, 5 weeks is about $10,000. Privileged password and sessions management solutions help to automate password management and cycling, enabling IT to manage password rotation policy in groups. A very comprehensive discovery exercise finds all passwords and puts them into smart groups to more efficiency manage from a single console. While no solution is going to eliminate all inefficiencies, re-directing 5 weeks of a talented IT administrator's time back to something value-creating is a positive ROI in any book. There is no magic bullet for determining ROI, and in the use case of privileged password and session management we’ve provided only a couple perspectives here. We’re interested in how you calculate ROI for security overall or a privileged account management deployment. Share it with us!

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.