Privileged access management for an international client

About the project
Project type PAM
Client International financial institution
Make an enquiry

Like many other organisations of its type, this client had grown rapidly over the past few years. This resulted in an increase in the number of IT tools and technologies used in the organisation. The organisation reached a point where passwords supporting its critical IT infrastructure were being stored in spreadsheets, disparate password management tools and in “people’s heads”. In addition, some passwords had not been changed or rotated for a number of years. 

The organisation proactively ran a Red Team exercise to ‘ethically hack’ itself and identify high risk vulnerabilities. The Red Team testers managed to gain access to some of these passwords which proved to senior management that its critical IT infrastructure was at risk. 

It was recognised that a malicious attack or exposure of critical IT infrastructure could lead to serious regulatory, financial, and reputational risk for the organisation, especially if this resulted in an exposure of Personally Identifiable Information (PII). 

The organisation realised it required external assistance to resolve this as their existing security team did not have the bandwidth or specialist knowledge to tackle this extensive issue. 

We helped the organisation run a Privileged Access Management Project to secure its critical and privileged accounts. 

An outline of the stages involved: 

  • Stage 1 – Project scoping and requirements: This included agreeing success criteria with key stakeholders to clearly articulate what is achievable within the project timelines. 
  • Stage 2 – Design: High level and low-level solution designs described how the new privileged access management solution integrated with the existing environment. People and process elements were considered to determine how the solution would be maintained and what operational processes were required. 
  • Stage 3 – Execution: This included implementation of the solution, onboarding privileged accounts into the solution including changing of critical passwords. 
  • Stage 4 – Service transition: Training and transitioning from the project team to the in-house operational team. 

The outcome was that the organisation had an enterprise-grade privileged access management capability to secure its critical accounts, and the removal of password spreadsheets. 

The successful initial implementation of the project led us to further help the client enhance the capability in following years, further mitigating the risk of a cyber security attack. 

If you are concerned about the risk associated with privileged accounts in your organisation, then please get in touch with us at info@three-two-four.com or by phoning  +44 203 603 4733.

Case Study Tags

PAM,

Get in touch

If you’d like to discuss your cyber security concerns and how we could resolve them, please do get in touch.

Connect with us

Make an enquiry

    Other information you may be interested in

    Hey there, couldn’t help noticing you’re using Internet Explorer

    That’s great and all, and we commend you for pushing through with it. Unfortunately we no longer offer support for IE; it hasn’t received a major update since 2015 and Microsoft are dropping support for it later in the year.

    If you’re using Windows 10 and want to stick with a built in browser, please consider switching to Edge. Or, if you really want to enjoy the internet properly we strongly recommend downloading Google Chrome here.