close icon
Home Page
Products

Products

PAM logo
Privileged Access Management
PEM logo
Endpoint Privilege Management
PPA logo
Automation
Industries

Industries

school_line
Education
bank_line
Finance
government_line
Government and Defence
hospital_line
Healthcare
computer_line
IT Operations
settings_5_line
Industrial Control Systems
briefcase_line
Legal
store_2_line
Retail
Partners

Partners

Resellers and Distributors
Partner marketing support
Partner opportunity
Resources

Resources

tool_line
Free Tools
bookmark_line
Blog
file_search_line
Case Studies
usb_line
PAM Integrations
video_line
Videos
Webinars
paper_line
White Papers
book_2_line
Osirium University
news_line
Documentation
Company

Company

IDcard_line
About
news_line
News & Events
Team
Investor Hub
Software reviews gold medal
See the report
search_3_line
BOOK A DEMO
home
▸
Resources
▸
Documents
▸
Case studies

Protecting Third-Party Access to Critical Systems

Challenge summary

  • Managing supplier and third-party access to IT systems
  • Protect critical systems with a limited team
  • Provide audits of who had access, when and where

Industry

Education

Location

United Kingdom

Products

Osirium PAM
  • Challenge
  • Approach
  • Benefits
  • Contact

Challenge

The University of Reading is one of the leading universities in the UK (ranked in the top 30 UK universities in world rankings). With over 18,000 students and 4,500 staff spread over three campus locations, a relatively small team of about 20 is responsible for keeping all student and infrastructure systems running and secure. They manage on-premises data centres, networks, cloud services in Azure, telephony, Microsoft 365 and more.

Many business systems are supported externally by vendors/partners. The University used to grant access to these suppliers via Virtual Private Network (VPN) connections, but that didn’t provide visibility and control over who could access which systems and what they did while connected.

When Kevin Mortimer, Head of Operations, Digital Technology Services Department, joined the University in 2017, he prioritised getting control over vendor access.

Approach

Mortimer had the experience of privileged access management (PAM) at a previous employer. He set out to find a PAM solution that would be easy to adopt and manage for the University’s complex infrastructure.

As we were introducing PAM for the first time, we wanted to ensure it would be straightforward to implement and use as possible. There are bigger brands in the market, but they are considerably more complex and expensive. From a capability and cost point of view, Osirium came top of the contenders.

After reviewing several vendors offerings, he quickly focused on Osirium PAM. “As we were introducing PAM for the first time, we wanted to ensure it would be straightforward to implement and use as possible. There are bigger brands in the market, but they are considerably more complex and expensive. From a capability and cost point of view, Osirium came top of the contenders.” says Mortimer.

Implementation started with a small set of vendors onboarded with PAM and then expanded usage. That’s a typical deployment pattern with Osirium PAM and an excellent way to show early benefits without large, all-encompassing projects. Now, almost all vendors can only access systems via PAM.

Administrator accounts on the target systems and devices are protected because the vendor never has direct access and can never discover the administrator credentials. Access can also be granted for specific periods, for example, only during working or non-working hours. Occasionally, access may be set up for a vendor for a short period around a specific project, for instance, during a recent upgrade to the campus CCTV system.

Since adopting Osirium PAM, whenever any issues were found, the University worked closely with the Osirium support team have been able to do everything they wanted to do, and now PAM “just ticks over and we have one less treat actor to focus on.”

Benefits and Next Steps

Almost all suppliers now use Osirium PAM, and the University has complete visibility into who from the vendor accesses their systems. Using the Osirium PAM MAP server, they can also control which applications are used. As sessions are recorded, the University has a complete record of exactly what the vendor did while connected, if they ever need to investigate an incident. “PAM is like an insurance policy you hope to never need to use in that regard,” says Mortimer.

For vendors, there’s nothing to install locally, and, if appropriate, they can let multiple staff members share access to the account on the university system.

Looking forward, endpoint management is becoming a priority. Many professional and academic staff want local admin rights to install and run their applications, but that opens a potential entry point for attackers. The University is interested in Osirium Privileged Endpoint Management (PEM), which allows approved applications to run with elevated privileges without local admin rights.

Share it

Related Resources

Documents
Overview
Osirium PAM Overview
Osirium

Related Blog Articles

Blog
No items found.

Industries

Industries

Education

Case Study
Osirium
University of Reading Case Study
download pdf

Want to know more?

If you have any questions or want to speak to one of our representatives, please complete this form and we'll be in touch.

+44 (0) 118 324 2444
Thank you! Your submission has been received and we'll be in touch
Oops! Something went wrong while submitting the form.
Back to top
Home Page
cyber essentials certified badge
Industries
EducationFinanceGovernment and DefenceHealthcareIT OperationsIndustrial Control SystemsLegalRetail
Company
AboutTeamBoard of DirectorsInvestor HubJob Opportunities
Resources
Free ToolsBlogPAM IntegrationsVideosWebinarsWhitepapersDatasheetsDocumentationCase Studies
Support
Support PortalOsirium University
© 2023 OSIRIUM. All rights reserved.
AccessibilityPrivacy PolicyEULATerms of ServiceSitemap