THIS ARTICLE WAS WRITTEN BY THE TECH TARGET TEAM IN PARTNERSHIP WITH DEVOLUTIONS.
If you are an IT or security specialist in a typical smaller organization, the following scenario will probably have a familiar ring.
A need arises to access some remote servers and virtual machines, each with unique passwords. These machines and the various domains stored on them are accessible by different privileged users. The IT sys-admin knows some of the passwords and some of the users, but not all of them. Emails are sent, phone calls made, Excel spreadsheets and even ‘yellow sticky notes’ are parsed. Eventually IT gains access to the remote servers, but not before a lot of valuable time is consumed. And perhaps more importantly, this process does not occur with the kind of military-grade security practices that today’s hyper-dangerous threat environment demands.
This is the typical ‘fire drill’ that so often arises today in SMBs lacking a user-friendly, effective privileged access management or PAM solution. And, as will be shown, there are a number of factors and dynamics at work making it all the more important for SMBs to have just such a PAM solution in place.
By contrast, most enterprise-class organizations have had PAM solutions in place for some time, either a homegrown variety or one of many purchased from leading PAM vendors. But these comprehensive PAM solutions, which are way beyond the financial means and technical expertise of most SMBs, have their own issues. Most notably, they often are complex and not user friendly.
Thus there are specific PAM solution needs across all sizes of organizations, though the needs differ. What these organizations do share are the same drivers for PAM solutions, as well as the same security risks of not having a workable one in place.
What problems do PAM solutions solve?
As a result of the growing sophistication of hackers and the tools at their disposal, it has become increasingly easier for them to crack into a network and steal domain administration account credentials. These can be the keys to the data kingdom, and the pathway to data destruction, data theft, and in general a world of hurt for the organization attacked.
Simply put, the goal of PAM solutions is to make it very hard for hackers to get this prized access to privileged user accounts. PAM solutions further boost network monitoring while improving overall network visibility to system admins while adding more fine-grained controls at their fingertips. These solutions offer real time knowledge of just who the privileged users are, and what they are doing across the entire remote computing environment.
The better PAM solutions also automate the process of randomizing passwords and then managing them in a highly secure vault, which also can house other credentials for various service and application accounts.
A necessity, not a luxury
Seen this way, PAM solutions are an essential element of secure remote user and remote server environments. They allow organizations including SMBs to monitor and manage privileged accounts and manage access that not only enhances protection of critical data assets, but also helps meet compliance requirements as well.
Make no mistake, PAM is not a solution in search of a market. Rather, the fast-growing interest in PAM solutions, particularly among SMBs who formally thought them unnecessary or too costly, is being driven by strong forces and factors. They include:
- The distinct uptick in sophistication, frequency and destructiveness of cyber attacks on organizations of all sizes, including SMBs targeted by spear phishing and ransomware attacks
- The belief by attackers that many SMBs have not adequately protected privileged account and remote server access
- Increasing regulations and compliance that mandates better audit trails and ‘proof’ of data security efforts, such as PAM solutions
- The growing instance of third parties - such as contractors and cloud providers - being granted privileged user access
Password management essentials
Remote access by definition involves usage and sharing of passwords. It is in this area that many SMBs fall far short in taking relatively simple steps to shore up gaping holes in security defenses. One major study found that 63% of confirmed data breaches involved weak, default or stolen passwords. Another recent study determined that 20% of business users either use very weak passwords or routinely share passwords, both of which make such passwords relative easy to hack. The study also found that SMBs with higher than average percentages of compromised passwords similarly had higher than average percentages of shared passwords.
The remedy is a comprehensive password management system. The better ones feature a secure vault that stores all passwords and credentials, as well as a random complex password generator. Users need not remember any of these machine-generated complex passwords. And sysadmins using shared passwords for remote access never see the actual passwords as they are brokered by the password management solution. Thus these password management systems accomplish the dual task synching various passwords needed for remote access without getting in the way of overall productivity, all in a highly secure manner. As a side bonus, SMBs adopting password managers for the first time often find that helpdesk calls almost immediately are reduced as users no longer phone in looking for forgotten passwords.
PAM help for the enterprise
PAM solutions have been fixtures in enterprise-class organizations for years. Typically they are comprehensive, complex, expensive and often not particularly user friendly. So today many of the makers of these enterprise-grade PAM solutions are partnering with makers of PAM solutions targeting SMBs with more user friendly solutions, seeking to integrate the best of both types of solutions. In looking at such an integration, enterprises should first check to be sure the other solution integrates with a broad list of technologies including VPNs; credentials managers; secure shell protocols (SSH); virtual network computing (VNC); remote desktop protocol; and all personal password managers.
The IT team at Siemens Building Technologies’ West Sacramento, CA branch was continuously facing various challenges and problems associated with remote connection management for the 30 servers the team supports. They had no way of securely organizing and managing shared connections to customer sites, and sharing credentials with customer’s servers was clumsy, difficult and therefore costly.
Fed up with the failings of an incumbent remote connection manager, the senior programmer on site downloaded a free trial of another PAM solution, which quickly led to purchasing a license of the solution. Today the IT team at SBT can securely manage connections and credentials in a way that is easy to update, share and protect. No longer do team members email connections or store them in a network location, or text credentials back and forth.
Wresting order from chaos
Meanwhile a world away in Slovenia, engineers and the IT team at EM-Soft Sistemi had been storing credential data locally on a designated computer. That meant repopulating all credentials elsewhere in the event of a computer failure or if the machine needed replacing. They also could not access credential information away from the home office and additionally they were using a confusing hodge podge of tools for different devices and connection types.
After trying various PAM tools, all with poor results, the team settled on a remote desktop manager solution that now securely stores credentials for different users in a centralized vault. Those credentials can be securely accessed via the cloud from any desktop or mobile device. IT now controls all firewalls, switches and services from a single console. And a single, user-friendly application is used for all types of connections.
A common PAM thread
What these diverse companies and many others have in common is praise from strong results using PAM solutions from Devolutions, whose flagship Remote Desktop Manager is deployed today by more than 300,000 users in 130 countries. A hallmark of the Devolutions solutions is a highly secure vault for secure storage of passwords and credentials.
In addition, the Devolutions PAM tools are designed to work with the broadest array of VPNs, SSH tunnels, and personal password managers. A veritable Swiss Army Knife for security and IT professionals both in SMBs and in the enterprise, the Devolutions PAM solutions solves the central challenges surrounding secure privileged access.
To learn how remote desktop management solutions can help sysadmins do their job better and more efficiently, read Top Five Features to Look for in a Remote Desktop Management Solution.