“From the beginning it was clear we wanted a vendor that would work with us as a partner to plan and implement our long term strategy,” said Dave Pritt, IT Infrastructure Manager. “ We knew that privileged access was central to Saunderson House’s security. Our vision was to have not just an excellent PAM solution ensuring the day to day security of the business, but also to have a PAM capability at the centre of our universe that could easily integrate with the other key components of our infrastructure. ”Several PAM suppliers and solutions including Osirium PAM were evaluated, and a comprehensive Proof of Concept programme established. The essential POC criteria for determining ‘fitness for purpose’ were simplicity of setup and management, security of credentials, granular audit functionality, and ease of integration with the infrastructure and VM environment. Additionally, a consultative engagement model was seen as key.
"Working with the Osirium team we had Osirium PAM up and running in under a day,” explained Dave Pritt. “We were able to use the intuitive controls straight away and start testing Osirium PAM against our selected criteria. The other PAM solutions took over 3 days to get to a basic working state, and even then we found them overly complex by comparison. ”On the basis of the successful POC and Osirium’s collaborative approach, Osirium PAM was then selected as Saunderson House’s PAM solution. The core focus has been on implementing internal access controls. With credentials never revealed to users the Infrastructure Team is able to ensure there is no inadvertent sharing of passwords with potential security consequences. Likewise, Osirium PAM’s ‘identity in, role out’ model addresses the challenge of varying levels of expertise in the team: users are only allowed access to the parts of the infrastructure they are identified as approved to manage.
"users are only allowed access to the parts of the infrastructure they are identified as approved to manage"
To maintain the highest levels of security but also drive efficiencies, Saunderson House has made considerable use of Osirium’s task automation capabilities. The facility allows tasks requiring privileged access to be automated and delegated to less experienced staff with no credentials exposed. At the same time, Osirium PAM’s auditing function keeps detailed records of who accessed which system, when, and to carry out which activities.
One particularly innovative approach implemented by Saunderson House has been using Osirium PAM as a central hub for securely managing credentials across the whole IT environment. For example, AppViewX’s Cert+ system had been selected for certificate management and distribution. “We wanted to be sure our certificate distribution had secure access with high levels of privilege to update certificates,” explained Dave Pritt. “We set out the challenge and AppViewX and Osirium both shared the collaborative approach we needed. We defined a POC, with emphasis again on simplicity of integration. ”The integration was successful and thorough. Cert+ securely connects with Osirium PAM to retrieve credentials to access the required devices, and establishes the connection before performing its credential certificate management tasks. Cert+ users never have access to those credentials, so they are protected from potential exposure to phishing or other attacks.