Implementing least privilege in infrastructure

M-Netics provide complete end-to-end solutions covering all aspects of retail (in-store and back-office), supply chain, mobile worker and proof of delivery requirements. Customers include leading logistics providers, manufacturers, retailers, and field service organizations. The pioneering technology company has over 15,000 customers and is now part of Peak-Ryzex, an end-to-end provider of supply chain, mobility, and retail solutions.

M-Netics’ technology allows their rapidly evolving retail customers to pick orders for stores from disparate hubs and for logistics companies to implement next generation proof of delivery systems. They continually look to improve their service and update the technology behind their handsets and software to provide a more streamlined, cost-effective, and secure solution for their customers.

Where privileged account abuse presents one of today’s most critical security challenges, M-Netics wanted a solution that was future-proof but also tied in with its goal of maintaining the highest levels of security across disparate locations.

Osirium PAM was implemented to control ‘off-domain access’ to servers on separate networks in multiple locations. A common challenge for organizations spread over many locations with remote workers and third-parties such as vendors and consultants that need access to corporate systems.

Out of the box, the Osirium platform lived up to our expectation

M-Netics found the Osirium platform deployment simple and fast; “out of the box, the Osirium platform lived up to our expectation. The user interface makes it obvious who can access what, where and when. The interface itself is easy to learn and it also has great depth,” explained Karim Kronfli, IT and Data Security Manager at M-Netics. “We love the look of the management pages, and in day-to-day use they have proven really useful – they definitely show us when and how work gets done.”

The interface is easy to learn and it also has great depth

Osirium PAM is being used to protect privileged accounts to ensure only the right people have the minimum level of privileged access needed to the right devices and at the right time. Often known as the “principle of least privilege (POLP),” removing accounts that have standing privileges (i.e. accounts that are always using a system with elevated permissions) is a significant step towards reducing the risk of privileged account abuse.

For M-Netics, Osirium now creates and manages the usernames and passwords of all personalised accounts, mapping users and assigning their accounts to an appropriate role, rather than entrusting every employee with full admin access; accounts can be given granular tasks instead.

With privileged credentials managed by PAM, compliance with internal and regulatory standards becomes manageable. For example, it is easy to rotate credentials without impacting users, ensure policy-conforming complex passwords are always used, and report on who used which privileged accounts, when, and what they did during those sessions.

Looking forward, automation is planned to build further efficiencies into the provisioning process.

A common goal for many organisations is to further protect privileged access by wrapping the processes that need this access with automation to prevent users doing anything they shouldn’t. In Osirium’s latest PAM release, Osirium Automation is included for easy and secure automation of IT operations allowing tasks that previously need an expert to be safely delegated to the IT help desk or end-users