home
Resources
Documents
Case studies

Leading law firm protects ‘crown jewels’ and quickly achieves security goals with Osirium

Challenge summary

• Find a PAM solution that balanced cost with required features

• Enhance cyber resilience, particularly Privileged Access Security

• Standardise and secure third party access

• Automate key processes for new starters, leavers and movers

• Ensure new staff have the right access to right systems

• Enable effective password rotation

Industry

Legal

Location

United Kingdom

Products

Osirium PAM
Osirium PPA

Challenge

As a successful, modern law firm, London-based Howard Kennedy understood the critical nature of protecting its clients’ data and the crucial IT systems involved in the day to day running of the organisation.

The firm, which specialises in providing straightforward advice for entrepreneurial businesses and individuals on domestic and international matters, was looking to enhance IT security as part of a wider digital transformation process.

The technology and security team understood the critical nature of Privilege Access Security and of having a robust, fully featured Privileged Access Management solution.

Protecting firm’s ‘crown jewels’

Jonathan Freedman, Head of Technology and Security at Howard Kennedy, spearheaded the project. Emphasising how important he feels PAM is, he says: “It’s very much about protecting your crown jewels. You put a lot of effort into designing access control policies and locking down platforms, but the key to all of that is your administrative credentials. If you don’t maintain strict control over your high level accounts then what’s the point of all your other security controls?”

The firm, which employs about 450 staff, had been using a free PAM platform. However, that was no longer meeting requirements, restricted as it was by various limitations.

Howard Kennedy wanted to find a robust, simple PAM solution with a full feature set; one that would offer value for money and a return on investment. Jonathan adds that satisfying cyber insurance requirements was another significant element.

Additionally, they had a long-held aspiration to improve efficiency within the IT team by automating key administrative processes.

"Our tech team... have complimented the ease of setting up and using Osirium PAM, and how straightforward it is to use when onboarding vendors.”

Approach

Jonathan and his team embarked on a search for the right PAM solution, talking to all the major providers.

He explains: “There were certain competitors who had a very full feature set, but the licencing cost was more than we felt we could justify on PAM alone. There were some others that were either not fully featured enough or had other restrictions and weren't suitable.”

Indeed, justifying the investment can be a challenge for security and IT professionals, however clients security expectations as well as those of insurers presented a compelling business case.

Third party access challenge

Another key requirement the firm was looking to meeting during its search of the PAM market was the ability to standardise third party and vendor access.

"We wanted to implement a single platform to support both internal and third party access to secure infrastructure," Jonathan says.

“And for us to be able to, not only monitor what they were doing, but to limit their access to only very specific systems they were supporting at specific times.”

It became clear during the procurement process that most providers were only offering this capability as part of an expensive add-on – on top of what Jonathan says was “already a very significant investment - so we didn't feel that offered value for money”.

“There were certain competitors who had a very full feature set, but the licencing cost was more than we felt we could justify on PAM alone.”

Weighing up cost and features

Having weighed all the requirements and what the various providers offered, they settled on Osirium. Why?

Jonathan says: “We felt Osirium had the best balance for us between commercial costs and a full feature set. It was a full-featured product and the way the licencing terms are structured works really well for us for what we need.”

Benefits and Next Steps

Jonathan says Osirium PAM helped him deliver exactly what he wanted for the business in terms of Privileged Access Security, saying: “I think it's a key part in showing our maturity in cyber security.”

The product has helped the business reach the required level of security clients would expect.

“I would say Osirium PAM platform has worked very well for us,” he says. “It’s a very fully featured product. As an organisation, Osirium has been very easy to work with and helped us to achieve our goals very quickly.”

PAM is now in place for internal systems, network devices and infrastructure, and has also extended to cloud services and programs accessed through a web browser.

“We felt Osirium had the best balance for us between commercial costs and a full feature set."

Third party access solution

Osirium PAM helped the firm achieve another of its key objectives - to create a secure, efficient way to grant third party vendor access.  Jonathan estimates it has saved the team “several hours per month”.

Ryan Tate, Information Security Analyst, explains: “The process we followed previously was quite lengthy and convoluted. Our tech team who process these requests and interact with vendors have complimented the ease of setting up and using Osirium PAM, and how straightforward it is to use when onboarding vendors.”

‘Vital’ automation took security to new level

On top of delivering all their Privileged Access requirements, Osirium offered something else – taking protection to the next level with automation.

The information security team recognised Osirium PAM included advanced features such as automation of privileged access credential management – full password credential lifecycle support.

Jonathan explained: “One of the reasons we wanted a platform like Osirium was that rotating passwords is a crucial security control. However, you need to automate it to ensure it is completed in a timely manner. So having suitable automation behind doing it was vital.”

Privileged Process Automation (PPA)

Talking of automation, Jonathan was eager to utilise the capabilities of Osirium PPA – our Privileged Process Automation solution, which integrates very closely with PAM.  

Combining the capabilities of the Osirium PAM and PPA products was a bonus as the team were due to embark on a search for the right automation solution. “There were certain things we’d been talking about automating for years, so the automation offered via PPA was a key factor for us,” says Jonathan.

 “To find we could get two solutions from Osirium – PAM and automation - was a bit of a no brainer.”

“One of the reasons we wanted a platform like Osirium was that rotating passwords is a crucial security control."

Automating joiners and leavers process

The added capabilities of automation have helped to ensure colleagues have the right access to the right systems when they join the organisation, and then keep that up to date as staff move between roles or leave the company. Indeed, it enabled them to achieve a long time prime objective - to automate the process for joiners, leavers, and movers.

Jonathan says: “Now with the PPA platform for the first time we are actually achieving it, which is phenomenal! It’s significantly reduced the amount of time to process new joiners.”

Accounts are being provisioned more accurately, removing human error, and freeing up resources.

With around 100 or so joiners to be onboarded per year, Ryan says, Osirium PPA has “shrunk manual interventions from the service desk”. He is now looking to extend automation to the HR process.

“We’ve got a very positive, friendly working relationship. We’ve found Osirium to be very easy to work with.

Replacing a rigid solution

Furthermore, PPA enabled the team to replace an existing, but limited automation tool.

They had been using an Active Directory (AD) automation tool for managing user accounts in AD before discovering Osirium.

“It wasn’t anywhere near as comprehensive as PPA,” Ryan says. “It had limitations and was quite rigid, certainly in comparison with PPA, where you’ve got that flexibility to decide what way you want to approach a certain process and how to automate that.”

Conclusion

How does Jonathan sum up Howard Kennedy’s experience with Osirium?

“We’ve got a very positive, friendly working relationship. We’ve found Osirium to be very easy to work with.

“Sometimes when you get to the much larger software vendors it gets quite complicated as there are more and more teams you have to go through. Account management often becomes distant.”

Ryan adds the Osirium team have been “super helpful and supportive”.

Catherine Jamieson, Sales and Operations Officer at Osirium, commented: “Howard Kennedy recognised the risks to their business that could be addressed with privileged access management. They focused on finding a practical solution for managing third-party access and credential lifecycle automation – one that delivered what they needed in a short time frame, with support available when required. They've also started taking advantage of the opportunities for secure automation to address a wide range of IT challenges.”

Share it

Related Resources

Documents
Whitepaper
IT Process Automation Buyer's Guide 2023
Osirium
Whitepaper
Privileged Access Management Buyer's Guide 2023
Osirium

Related Blog Articles

Blog

Ransomware: The threat and blocking lateral movement

Andy Harris

Industries

Industries

Legal

Want to know more?

If you have any questions or want to speak to one of our representatives, please complete this form and we'll be in touch.

+44 (0) 118 324 2444
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Back to top