Council Post: How To Ensure Your PAM Solution Helps Eliminate Workflow Disruption
David Schiffer is the CEO of RevBits and formerly of Safe Banking Systems (SBS). develops cybersecurity software for organizations.
“Disruption” in the context of technological innovations can be a powerful and positive force that expands enterprise growth and inspires new industries. Disruptive technology can provide improvements to leapfrog competitors, with solutions that deliver next-level opportunities for IT, security and business operations.
The pandemic-induced remote workforce, the explosion of the cloud and ubiquitous mobile connectivity are fueling technology innovation. Unfortunately, the adoption of some digital solutions can negatively disrupt operations by impeding productivity and creating user friction, resulting in marginal benefit and user dissatisfaction.
Leveraging Native Client Workflows
For privileged users, like system and database admins, workflow disruptions create frustration and complications. Invariably, they find workarounds to avoid using those products.Such is often the case with privileged access management or PAM.
PAM is becoming a business imperative for securing organizations of every size and in virtually every industry. PAM controls access and permissions to IT resources and data and is a critical part of a zero-trust architecture. With the expanding perimeter-less enterprise, all user access and permissions need tight controls, including privileged accounts and users who manage the infrastructure.
Eliminating Obstacles Between Admins And Their Jobs
PAM users are responsible for administering servers, databases, networks and endpoints-whether on-premises or in the cloud. Managing infrastructure that runs business operations is accomplished through clients, like DBMS software, MySQL and SQL Server Management Studio. Admins work with HTTP, RDP and other protocols and use tools like PuTTY, which supports several network protocols, including SCP, SSH, Telnet and rlogin. To help ensure security, SCP or SSH port forwarding should be conducted using a native SSH client, with PAM video capturing the sessions.
Some PAM solutions have integrations with limited functionality into clients and protocols and require admins to separately authenticate to the PAM via an RDP or browser session. This may seem like a minor inconvenience, but imagine taking away the workflows admins rely upon daily to manage servers, databases, Kubernetes clusters, CI/CD environments and more. Enterprise IT teams have long-established processes and workflows that make their work easier, faster and more efficient by automating complex and time-consuming tasks.
Removing Friction For Privileged Users
Admins know their client software inside and out, often having worked with it for years. They rely upon shortcuts, scripts and automation they’ve built to save time and reduce complexity. When they’re required to use different tools that obstruct that familiar organization and structure, they experience frustration, lost productivity and job dissatisfaction.
Adding security shouldn’t create workflow disruptions and disadvantages. When forced to use unfamiliar software or when they lose established workflows, scripts and automation, admins may resort to shortcuts or find ways around the product.
Ensuring PAM Is An Enabler, Not A Barrier
Many PAM solutions involve manual bypass strategies and an assortment of connections. But when you have native client capabilities within PAM, they offer a jump server function requiring no API integration, code or scripting. Operating at the protocol level allows the PAM to natively support a variety of operating systems and browser extensions on any type of device. PAM native client capabilities support databases, operating systems and protocols through the system’s protocol handler. Admins use their credentials to log into PAM, and the sessions go through the jump server with full session recording. They can then access all of their resources using their favorite clients, automation, tools, scripts and shortcuts.
It’s hard to change user habits, and admins will find ways to bypass systems that inhibit their work. PAM should be transparent to clients and their workflows. With native client capabilities, admins don’t have to log in, locate the account and server and download an RDP file to gain access to IT resources.
Throughout each day, system admins run servers and manage assets with products like SQL Server Management Studio and use SSH, SCP, WinSCP and PuTTY to transfer, copy and back up config files. Developers use SSH tunneling to transfer data between hosts. Database admins grant users permission and ensure databases run efficiently by managing, updating and troubleshooting. With native client-enabled PAM, users can continue using their client of choice for all of their job functions.
Admins are responsible for numerous systems that must be secured and data that needs to be kept private. A PAM solution should be an advantage and one that’s transparent to the client software it relies upon. PAM should expand asset security, making onboarding easy, efficient and seamless without requiring additional training or a steep learning curve.
Originally published at https://www.forbes.com.