close icon
Home Page
Products

Products

PAM logo
Privileged Access Management
PEM logo
Endpoint Privilege Management
PPA logo
Automation
Industries

Industries

school_line
Education
bank_line
Finance
government_line
Government and Defence
hospital_line
Healthcare
computer_line
IT Operations
settings_5_line
Industrial Control Systems
briefcase_line
Legal
store_2_line
Retail
Partners

Partners

Resellers and Distributors
Partner marketing support
Partner opportunity
Resources

Resources

tool_line
Free Tools
bookmark_line
Blog
file_search_line
Case Studies
usb_line
PAM Integrations
video_line
Videos
Webinars
paper_line
White Papers
book_2_line
Osirium University
news_line
Documentation
Company

Company

IDcard_line
About
news_line
News & Events
Team
Investor Hub
Software reviews gold medal
See the report
search_3_line
BOOK A DEMO
All posts
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
6
September 2016

Two Ideas

Andy Harris

We’ve heard a couple of deployment ideas recently and thought they’d make a very strong combination for increasing security and reducing the cost of managing Privileged Access Management Solutions.

The first seems counter-intuitive: Remove all Personalised Privileged Accounts. Of course managing these personalised accounts is one of Osirium’s best features! However, here’s the gain, if you organise your system access into role based accounts your team can ensure that these are kept to the absolute minimum. This means that your Privileged Account attack surface is as small as it can be. The issue here is that the credentials of role based accounts could get proliferated around the organisation. Therefore it’s vital that you:

Separate People From Passwords

The next step is to ensure that you can always determine the identity or whoever uses these accounts. This is very simple using Osirium’s profiles and groups. Everything will get SysLogged so your SIEM systems can tie everything up.

Here’s the second idea: People have no access to any system unless there is an authorised reason. This of course gives you the issue of how to manage all those authorisations, isn’t it easier for your SysAdmins and DevOps to work their way through the open tickets and deal with issues as they arise?

Your ticket system contains the inherent reasons why someone should be authorised to access particular systems. If you can combine your ticketing system with Osirium’s profiles you get this:

(Identity + Reason) IN — (SysLogged Role) OUT

You have now reduced the attack surface in two ways:

  • Reduced the overall number of Privileged Accounts
  • Gated the access to those Accounts by the ticketing system

You have reduced your management and reporting effort as well:

  • Osirium can give you a direct mapping between identities and role based accounts
  • Your ticket system (and Osirium) can tell you when and why access to these Accounts was enabled
  • Your SIEM system will have all the information nicely correlated
  • You’ve not added any new procedures or steps for your SysAdmins and DevOps to go through

Many customers have enjoyed our management of Personalised Privileged Accounts and this could be used in the scenarios given. However, looking to the future it could be used to migrate from personalised to role-based accounts.

We believe these two interesting ideas brought together have real merit and are perfectly suited to an implementation of Osirium. If you’d like to achieve this level of security with ease of management then please get in touch!

‍

Related Topics

Privileged Access Management
Manager
Identity & Access Management
all posts
Top
Home Page
cyber essentials certified badge
Industries
EducationFinanceGovernment and DefenceHealthcareIT OperationsIndustrial Control SystemsLegalRetail
Company
AboutTeamBoard of DirectorsInvestor HubJob Opportunities
Resources
Free ToolsBlogPAM IntegrationsVideosWebinarsWhitepapersDatasheetsDocumentationCase Studies
Support
Support PortalOsirium University
© 2023 OSIRIUM. All rights reserved.
AccessibilityPrivacy PolicyEULATerms of ServiceSitemap