5 Reasons that Show How a PAM System Can Prevent Disaster From a RIF

By Yanni Shainsky • February 2, 2016

There are many reasons to implement a Privileged Account/Identity Management (PAM) system, including audit and IT security standards compliance, risk mitigation, automation of password management, transparency of user activity, etc. Today we’d like to focus on some of the specific reasons why it is important to implement, maintain, and enforce the utilization of a PAM system for a company that is planning for, or foresees a significant Reduction in Force (RIF).

As pundits are predicting a bear market in 2016, IT managers are starting to prepare their contingency plans for dealing with potentially hundreds or thousands of employees, whose employment will need to be terminated abruptly. A PAM solution can help mitigate some of the very real risks associated with terminating an employee, particularly one that has key access to IT systems. Employees may react differently in the face of termination. The most technical employee assets may instantly become the biggest liability. The terminating employee may have full administrative access to hundreds of critical servers and network appliances that comprise the environment, creating tremendous potential risk to the company.

The following 5 reasons demonstrate how a PAM system can prevent disaster resulting from a RIF

1: Instantly Prevent Access

A well-implemented PAM solution will offer the capability to lock out specific employees from access to all servers at the press of a button.

2: Changing All Privileged Passwords Within Minutes

The PAM solution can not only prevent the terminating employee from seeing what the current Administrative Passwords are, it can also be used to initiate a password change on all of the systems that the employee previously had access to.

3: Recording Activities

A PAM solution can record the activities (on video in the case of Windows, or text in case of Unix/Linux). This capability can be invaluable in cases where terminating employees are given a deferred RIF notification (for example a two-week notification). The recording can discourage the employees from stealing company data as they’re leaving, installing dangerous Trojans or rootkits, as well as provide a trail of employee activity.

4: Documenting System Passwords

Often RIFs can be a chaotic undertaking, and without a PAM solution, it can be nearly impossible to guarantee that all critical knowledge, particularly system passwords, have been transferred or documented for the company. It could be difficult to contact a terminated employee, sometimes months after termination, to see if they remember or will release a password for even non-critical systems such as a Twitter account. There have been a couple of notable cases where rogue employees have held company passwords “hostage,” including the infamous case of Terry Childs and the city of San Francisco’s Department of Telecommunications and Information Services (DTIS).

5: Documenting Systems and Access

In addition to a Configuration Management Database (CMDB), a PAM solution can help the company identify systems that a particular employee supports. If the system has been around for a significant amount of time, a report could be run to see which systems the employee has ever interacted with, using privileged accounts.

How Can CyberSheath Help Your Organization?

In summary, it’s critical to implement and enforce a Privileged Access Management solution, long before the employees are notified of a RIF. CyberSheath’s engineers are well versed in fine-tuning the configuration of the Privileged Account Management suite; providing an automated, monitored, and controlled elevated privileged access.  You can learn more about our approach by viewing our Privileged Access Management service area.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security