Robert Weed slashes time spent on PAM by 90% by transitioning to Secret Server
Barbara Hoffman
Imagine walking into your new job as a CISO or head of IT operations. Your first order of business is to understand the risks your company faces. You’ve got to figure out which systems are critical, which security solutions are already in place, and where the gaps are. And you’ve got to do it fast.
Every time, the team would have to get out a shovel and dig, often learning that was the wrong spot to dig
When Gerry Thompson, Vice President of Commercial Excellence and Digitization, started his role at Robert Weed, he asked a lot of questions, but was often frustrated by the answers. “Every time, the team would have to get out a shovel and dig, often learning that was the wrong spot to dig,” he recalls. “We would have to start over and search elsewhere.”
At the top of Gerry’s list was discovering where passwords and secrets were stored. What he found was an Excel sheet that contained user accounts and passwords for critical assets.
It was wrong much of the time.
Gerry worried that if someone were to leave the company, the team might not be able to rotate passwords with confidence or even access a critical system. What if there were unknown dependencies? What if one of the many third-party vendors who support the organization still had privileged access, long after a project ended?
Every unknown, unmanaged privileged account was an opportunity for cyberattack.
At the time, Robert Weed was using a competitive product to perform some key security elements, but it didn’t provide all the features necessary to maintain a strong security posture. For example, it didn’t provide Microsoft® Active Directory-based authentication to Linux systems, which meant a huge number of servers and thousands of corresponding local accounts across the infrastructure required hands-on management. This was a costly, time-consuming approach, and the IT department was feeling the pressure.
Given the large number of servers and the complexities of managing local accounts manually, Robert Weed decided to implement a different Privileged Access Management (PAM) solution across the remaining infrastructure.
Secret Server now securely manages credentials for nearly 200 systems
As part of a holistic cybersecurity program, Robert Weed made the transition to Delinea Secret Server for Privileged Access Management.
During the PAM evaluation process, Robert Weed benchmarked Secret Server against the incumbent competitor and found the Delinea (formerly Thycotic) team had the characteristics they were looking for in a long-term relationship. “They were more responsive, with good communication,” says Noah Mechnig-Giordanno, who spearheaded the Secret Server implementation. “I was able to speak with engineers, really dig into the product, and be satisfied”
“Moreover, it had an extremely competitive cost-to-value ratio.”
Starting fast and growing smart
Robert Weed managed their Secret Server roll-out in stages.
First, they put PAM policies and process controls in place to safeguard the organization’s diverse IT infrastructure, including critical network switches, dozens of web portals, and local administrative accounts for over 100 workstations.
Secret Server has become the central repository to manage all privileged accounts, as well as protect them through a layered system of verification. Features such as heartbeat increase confidence that the system is working as expected.
As a result, Privileged Access Management tasks were slashed by 90%
Instead of hunting for credentials and managing them manually, the IT team can focus their expertise on other priority projects.
“Now, if I need to get into our firewall router or our server accounts, it’s a lot easier to just go into Secret Server,” Gerry reports. “It fits into our layered security approach and ensures process control. It brings great value in protecting the organization’s assets. What it can do is phenomenal.”
As a next phase, the company will onboard managed service and network service providers who have accounts on their systems, allocate them Secret Server accounts, and manage check-in, check-out, and rotation for third parties, all through Secret Server.
Welcome to the Delinea customer community, Robert Weed!
Read the full case study here.
Privileged Access Management Software for Servers