There are many reasons to implement a Privileged Account/Identity Management (PAM) system, including audit and IT security standards compliance, risk mitigation, automation of password management, transparency of user activity, etc. Today we’d like to focus on some of the specific reasons why it is important to implement, maintain, and enforce the utilization of a PAM system for a company that is planning for, or foresees a significant Reduction in Force (RIF).
As pundits are predicting a bear market in 2016, IT managers are starting to prepare their contingency plans for dealing with potentially hundreds or thousands of employees, whose employment will need to be terminated abruptly. A PAM solution can help mitigate some of the very real risks associated with terminating an employee, particularly one that has key access to IT systems. Employees may react differently in the face of termination. The most technical employee assets may instantly become the biggest liability. The terminating employee may have full administrative access to hundreds of critical servers and network appliances that comprise the environment, creating tremendous potential risk to the company.
The following 5 reasons demonstrate how a PAM system can prevent disaster resulting from a RIF
1: Instantly Prevent Access
A well-implemented PAM solution will offer the capability to lock out specific employees from access to all servers at the press of a button.
2: Changing All Privileged Passwords Within Minutes
The PAM solution can not only prevent the terminating employee from seeing what the current Administrative Passwords are, it can also be used to initiate a password change on all of the systems that the employee previously had access to.
3: Recording Activities
A PAM solution can record the activities (on video in the case of Windows, or text in case of Unix/Linux). This capability can be invaluable in cases where terminating employees are given a deferred RIF notification (for example a two-week notification). The recording can discourage the employees from stealing company data as they’re leaving, installing dangerous Trojans or rootkits, as well as provide a trail of employee activity.
4: Documenting System Passwords
Often RIFs can be a chaotic undertaking, and without a PAM solution, it can be nearly impossible to guarantee that all critical knowledge, particularly system passwords, have been transferred or documented for the company. It could be difficult to contact a terminated employee, sometimes months after termination, to see if they remember or will release a password for even non-critical systems such as a Twitter account. There have been a couple of notable cases where rogue employees have held company passwords “hostage,” including the infamous case of Terry Childs and the city of San Francisco’s Department of Telecommunications and Information Services (DTIS).
5: Documenting Systems and Access
In addition to a Configuration Management Database (CMDB), a PAM solution can help the company identify systems that a particular employee supports. If the system has been around for a significant amount of time, a report could be run to see which systems the employee has ever interacted with, using privileged accounts.
How Can CyberSheath Help Your Organization?
In summary, it’s critical to implement and enforce a Privileged Access Management solution, long before the employees are notified of a RIF. CyberSheath’s engineers are well versed in fine-tuning the configuration of the Privileged Account Management suite; providing an automated, monitored, and controlled elevated privileged access. You can learn more about our approach by viewing our Privileged Access Management service area.