Protecting critical telecoms infrastructure with Osirium PAM

Gibtelecom is the largest supplier of telecom services in Gibraltar. With a range of consumer and corporate clients, including major financial services, maritime and gaming providers, the security and availability of their services is the highest priority.

It was clear to Gibtelecom that there’s an ever-increasing number of different attack vectors across IT that needed to be addressed. They also faced challenges caused by the wide variety of different tools used by admins, the growing reality that those admins are no longer only in IT, and the need to grant remote access to suppliers and partners.

As part of the ongoing process of enhancing IT security controls, they needed a platform to simplify access and control, improve visibility and separate people from valuable system credentials. But it was also critical that any solution should not impact productivity. If the solution was not usable, then security controls would be bypassed. If done well, then tasks that previously needed an Admin could be safely delegated to the Service Desk to resolve.

Gibtelecom identified the key use cases that needed to be managed especially given the challenges of a small team managing arelatively large IT estate. Visibility and auditing would be critical to show compliance and management of user access rights, such asby establishing regular rotation of credentials, and the consolidation of existing “local” password repositories. Absolutely critical intheir requirements was that any solution had to be readily available to guarantee access to credentials in a disaster-recovery scenario.Osirium PAM’s “break glass” capability was the solution.

They went further and considered future needs in theirrequirements. For example, automation of tasks that needprivileged credentials such as gathering data for technicalsupport and building custom applications.Having defined the requirements, Gibtelecom started theprocess of evaluating Privileged Access Management (PAM)solutions. A number of vendors were initially considered, butOsirium stood out as being straightforward and simple toimplement. As a result, Gibtelecom chose to progress to aProof of Concept (POC) with Osirium PAM.

“With Osirium, PAM’s a no-brainer. Just good security practice”

During the POC, Gibtelecom evaluated the abilityof Osirium PAM to support their broad rangeof system and device types, its ease of use,high-availability and failover scenarios. They alsoevaluated credential lifecycles, backups andemergency break glass access to systems.Gibtelecom were impressed by the number andbroad range of templates available to supportdifferent devices and services. They found theability to automate tasks was very flexible and thePAM client was intuitive and easy to use. It wasparticularly appreciated that the client is browserbased, with no need to install the client on staff orpartner systems.The expected ease of implementation was provenduring the POC. “We found Osirium easy to workwith. The Osirium team was highly technicallycompetent and Osirium had a clear roadmap andvision that aligned with ours,”said Alex Breedon, ITManager at Gibtelecom. “They worked closely withus every step of the way.”Gibtelecom saw many benefits during the POC: theywere able to consolidate and simplify remote accessfor on-call engineers and partners, they reduced thenumber of different configurations across a widerange of systems, and granular auditing of thirdparty access was possible (“session recording is awonderful thing,” according to Alex).

Having been running Osirium PAM in production for over a year, Gibtelecom have been observing the success they expected after the POC. The system has been straightforward to manage, remote users and partners have had easy access to systems via the PAM client, and the system has proven to be highly reliable.

Gibtelecom are now looking at future expansion for automation and, in particular, expanding out to business workflows using Osirium PAM’s approvals. They also intend to make use of Osirium PAM’s time windows to further improve access control. With this experience, Alex recommends that every organisation should be adopting PAM from day one – “With Osirium, PAM’s a no-brainer. Just good security practice.”

“With Osirium, PAM’s a no-brainer. Just good security practice.”

‍