The largest electric cooperative in Texas, United States, deploys Securden Unified PAM to achieve robust access control for critical infrastructure, granular application control on endpoints, and automated service accounts management.
Company Profile
Headquartered in Texas, this electric cooperative is one of the largest and oldest power transmission and distribution organizations serving over 60 counties in Texas. With more than 16 member organizations, the electric co-operative is responsible for delivering wholesale power to its member-owned distributors. With core principles of customer satisfaction, safety, responsibility, and commitment to excellence, the electric co-operative aims to demonstrate complete reliability to its customers.
The Challenge
The Texan Electric Cooperative works with the energy grid and deals with a lot of information technology (IT) and operational technology (OT) assets. The cooperative depends on these IT and OT systems to run business-critical operations. The member organizations control their OT machinery using their IT systems through processes that rely on service account credentials for authentication purposes.
Apart from service accounts, their IT systems contain other sensitive data and information like certificates and admin account credentials that are spread across servers and databases.
The North American Electric Reliability Corporation considers these cyber systems as bulk electric systems (BES) along with the OT machinery. Due to the nature of their work, the cooperative must demonstrate regulatory compliance with the North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP) standards.
The NERC-CIP guidelines provide strict standards for managing cyber systems such as strict access control for critical systems, strong electronic security perimeter, configuration change management, and information protection.
The electric cooperative wanted to eliminate admin rights on endpoints to restrict users from making configurational changes on bulk electric systems. By controlling who gets to run which applications with admin rights, they could control who can effect change in configurations within the organization.
Along with eliminating local administrator rights and managing application access privileges, NERC-CIP also stresses enforcing a set of password security measures such as automated password rotation across the organization for improved security.
The cooperative was relying on manual password resets that proved unreliable from time to time.
The changes in service account passwords were not propagated to dependent services properly and resulted in the stoppage of services which could prove costly for a power distribution company that is dependent on its internal services working seamlessly.
The IT team also felt a lack of visibility on where and why admin privileges are used in their organization. A complete log of activities that tracks ‘who’ did ‘what’ and ‘when’ would provide the much-needed oversight on privileged access.
The IT team had done their homework in researching possible solutions and decided to explore the adoption of a privileged access management solution.
“The lack of visibility into the use of admin rights and the access history of critical IT systems is eating away at our progress with NERC-CIP. We expected the PAM solution to solve this as well” their CTO said
Periodic password changes were breaking things like services here and there. Rotating the password of service accounts was extremely stressful their Vice President of Information Services said.
With a very clear goal of eliminating local admin rights and a set of privileged access management requirements, the IT team set out to find the right solution for them and implement it right away.
Industry:
Energy
Location:
Texas, USA
Challenges Faced:
- NERC-CIP compliance requirements
- Uncontrolled use of administrative rights
- Unexpected downtime caused by inefficient management of service accounts.
- Error prone and time intensive manual password management.
The Solution:
Securden Unified PAM
Results:
- Demonstrated NERC-CIP compliance
- Eliminated admin rights from endpoints
- Enforced the principle of least privilege
- Streamlined privileged access
- Automated password management
- Improved helpdesk efficiency
- Eliminated unnecessary downtime
The lack of visibility into use of admin rights and the access history of critical IT systems is eating away at our progress with NERC-CIP. We expected the PAM solution to solve this as well. - Vice President of Information Services
Finding the Right Solution
When the IT team started looking for a PAM solution, they created a checklist with the following requirements.
- Effective management of service accounts and their dependencies
- Eliminating local admin rights and adopting just-in-time privilege elevation and application control
- Complete activity tracking with clear and concise reporting for demonstrating compliance with NERC-CIP
- Scalable and robust PAM solution capable of handling their complex network of IT and OT devices with a quick implementation time.
Keeping these requirements in mind, the IT admin team started searching for a suitable PAM solution. When they found Securden Unified PAM, the IT team felt that it could potentially solve all their access governance problems.
The IT team at the electric co-operative was primarily looking for a solution to reliably manage privileged access and eliminate admin rights to demonstrate compliance with NERC-CIP regulations.
They came across Securden Unified PAM and saw that it could solve their issues with unreliable service account password resets as well as streamline privileged access management.
Instead of going with separate solutions for eliminating admin rights and PAM, we decided to go with Unified PAM, which has all the features to solve our problems. - Vice President of Information Services
The Securden difference
With Securden, the energy cooperative transformed privileged access governance across all its member organizations and demonstrated compliance with NERC-CIP regulations.
Once they rolled out Securden Unified PAM, they felt drastic improvement in the privileged access security, operational efficiency, and ease of achieving and demonstrating compliance.
1. Robust Security
Securden Unified PAM helped the cooperative adopt just-in-time secure remote access to IT assets, enforce password management best practices, and multi-factor authentication. As a result, the energy cooperative significantly improved its overall cybersecurity stance.
2. Improved Operational Efficiency & Productivity
Automated periodic password resets, dependency management, dynamic application control policies, and role-based access control helped the energy cooperative improve its operational efficiency and productivity. Securden helped the IT team achieve improved efficiency by eliminating redundant and repetitive manual tasks through effective automation.
3. Achieve and Demonstrate Compliance
Securden Unified PAM provided important security controls that helped them demonstrate compliance with NERC-CIP regulatory requirements such as:
- Data encryption when stationary and when in transit
- Implementing password security best practices
- Enforcing the principle of least privilege
- Secure remote access for internal users and third parties
- MFA for remote access to bulk electric systems
- Separation of administrative duties and change management
- Revoking access permissions from leaving employees
- Granting and revoking access privileges based on job roles
- Activity tracking and access history of bulk electric systems
With reliable password rotation and dependency management, Securden helped the energy cooperative streamline their IT – OT communication. Using automation and workflows to replace manual tasks, Securden helped the IT helpdesk to become more efficient and the processes free from human errors.
Using the comprehensive reporting capabilities offered by Securden Unified PAM, the IT team readily demonstrated compliance with the NERC-CIP requirements.
4. Complete Control over Admin Rights
Using Securden their IT team was able to eliminate and restrict admin rights from user accounts in the organization. They successfully enforced application access controls through policies. With control over admin rights and application access, the IT team was able to restrict users from performing administrative changes and control ‘who’ has the permissions to run ‘what’ applications and with ‘what’ privileges, achieving change management.
5. Enhanced Visibility
Securden Unified PAM records every activity related to privileged access as audit trails. The IT administrator can export meaningful reports that can provide visibility over privileged access and use of admin rights to the IT administrator. The IT administrator made use of these reports to create better control policies which helped improve the operational efficiency of the entire workforce, creating a workflow for continuous optimization.
After extensively using the product, the electric co-operative is extremely satisfied with the capabilities and the reliability offered by Unified PAM. They are planning to expand the usage of PAM across their member organizations very soon.
We were struggling with manual processes for access management and activity tracking. With Securden’s PAM solution, we (the IT team) were able to automate password management, control remote access, and improve the overall security of the organization. - Vice President of Information Services
Securden made it incredibly easy to demonstrate compliance with specific NERC-CIP requirements. - Vice President of Information Services
Securden is stable, better priced, and has more features than most of the solutions available in the market. - Vice President of Information Services
