A Fortune 100 Success Story
I could tell you the benefits of PAM, but instead, I’ll show you what happened at my previous role in a Fortune 100 financial services company that adopted this approach to cybersecurity. We’re talking a major player with over 90,000 people (employees, contractors), more than 50,000 servers, and over 80,000 end-user workstations.
It started in 2007. I’d worked with the company in various roles since the mid-1990s as a contractor and as an employee. At the time, I was working for a third-party services provider that operated the majority of the company’s data center resources.
That year, an audit revealed they weren’t adequately logging privileged activities on their critical systems. So, they started looking at the various solutions on the market. IT leadership at the time decided to acquire Symark’s PowerBroker as a solution. In 2008, I accepted an employee position in the company’s IT security group. Same parking lot, different badge color. That first year, my focus was deploying a host-based access control platform on Windows and Linux servers, and later evaluating enterprise password management solutions in the marketplace.
Over the next two years, PowerBroker was deployed in the enterprise by our third-party services partner with limited results. By 2010, we made the decision to take operational ownership of the PowerBroker platform back in-house. We aggressively expanded the coverage throughout the enterprise, remapped all local “sudo” rules to PowerBroker policy, and implemented an RBAC (role-based access control) policy model that would scale in the enterprise.
In 2011, Symark had acquired BeyondTrust, adopted its name, and added the former competitor’s Windows security applications to its portfolio of products. The company acquired the PowerBroker for Windows solution in 2014 and rapidly deployed it throughout the enterprise, dramatically reducing risks associated with administrator entitlements on these systems. We now had available to us a workable mixed-environment PAM solution that fit our needs.
Here’s where it got interesting. When we started our journey, some of the products we needed didn’t exist, and my team didn’t have the budget we’d hoped for. But we did have a vision and a clear idea of where we wanted to go.It’s important to think strategically and you have to think ahead. The solution to the problem you’re having now might be three years away, but when it’s finally available, you should have already secured management buy-in and set up the building blocks. Only then will you be ready to implement it.