Implementation Phases¶
Implementing a Privileged Access Management (PAM) solution requires careful planning and execution to ensure a smooth deployment while minimizing disruptions to operations. Once you have gone through the requirements and pre-requisites – you can proceed with implementation.
You can make use of the suggested phases of implementation.
Phase 1: Planning, preparation and information gathering¶
During this phase the Securden technical team will discuss with the stakeholders to gather information regarding the various applications in scope. All the prerequisites will be identified and shared with the customer during this phase. Additionally, cybersecurity gaps that exist in the organization will be identified. Corrective measures will be suggested to the customer.
- Establish project scope, objectives, and timelines.
- Conduct a risk assessment and gap analysis.
- Secure necessary budget and resources.
Phase 2: Implementation¶
During this phase, the Securden team will carry out the implementation of the product. Implementation of the Securden Server and configurations related to Unified PAM will be carried out.
Once the configurations are completed, the Securden team will work with individual application owners to assign the right set of access for various administrators, users, and teams.
Any other fine-tuning required will be covered during this Phase.
- Design architecture and deployment model.
- Develop policies and procedures for PAM implementation.
- Deploy Unified PAM in a controlled environment.
- Test functionality and user experience.
- Gather feedback from pilot users.
The implementation phase will broadly cover the following activities:¶
It's important to note that the timeline may vary depending on the size and complexity of the organization types of IT assets, network segmentation, access patterns, Unified PAM requirements and the availability of resources.
The following represents a typical implementation schedule. Regular communication and collaboration between stakeholders, including IT teams, security teams, and business units, are essential throughout the deployment process to ensure alignment with business goals and successful implementation of the PAM solution.
| Plan | Details |
| Day 1,2 |
Kick-off Discussion - Discuss business and security requirements. Deployment plan timeline and the detailed steps involved. Identify success criteria and stakeholders for implementation. |
| Day 3,4,5 |
General Settings |
| Mail Server Settings | |
| Proxy Server Settings | |
| Securden Server Connectivity & Starting the PAM Server | |
| User Onboarding | |
| Integration with AD/Azure AD/LDAP for user provisioning and authentication | |
| User Import Options | |
| Add Users Manually | |
| Assigning Roles to Users | |
| Custom Roles | |
| User Reports | |
| User Groups | |
| Import Groups Options | |
| Group Settings | |
| Basic Configurations | |
| Integration with multiple AD domains / Azure AD | |
| Integration with SAML 2.0 based Single Sign On Solutions | |
| Multi Factor Authentication Setup | |
| Day 6,7,8 |
Account Management |
| Automatic discovery of IT assets and privileged accounts | |
| Importing Accounts - Flexible import options to build inventory | |
| Secure, Centralized Repository of Accounts | |
| Storing SSH keys, documents, files, images, digital identities | |
| Organizing data as folders for bulk management | |
| Optional personal vault within organization's vault | |
| Manage Shared Admin Passwords | |
| Granular Sharing and Controls | |
| Secure sharing with third-parties | |
| Option to allow access without showing the password | |
| Periodically synchronizing assets and accounts | |
| Windows service accounts and dependencies management | |
| Password Management | |
| Automated, periodic remote password resets | |
| Self-supporting any SSH-enabled device for password resets | |
| Password release control workflow for just-in-time access | |
| Password policy creation and enforcement | |
| Role based access controls | |
| Remote Access and Session Management | |
| Support for one-click remote session initiation - RDP, SSH, SQL, HTTPS etc. | |
| Web-based remote connection launching | |
| Remote connection through native tools for RDP, SSH, SQL | |
| Session access without disclosing password | |
| Session Recording, Playback, Live Remote Session Monitoring, Concurrency Controls | |
| Custom connector for launching any application - Custom Application Launcher | |
| Remote gateways to manage distributed networks | |
| Application-to-Application Password Management | |
| APIs for managing machine identities, application identities, secrets, keys | |
| Eliminate embedded credentials on script files, applications | |
| Privilege Elevation & Delegation | |
| Remove admin rights across Windows endpoints, servers | |
| Configure Applications and commands for privilege elevation | |
| Elevate applications for standard users on-demand | |
| Configure policy-based application control | |
| Provision for granting temporary admin rights | |
| Support for command filtering and controls on Unix | |
| Technician Access - (/Third Party Access) | |
| Day 9,10,11 |
Audit, Reports and Notifications |
| Explore comprehensive auditing & reporting | |
| Searchable text-based audit trails | |
| Filtering audit trails to create custom reports | |
| User access and activity reports | |
| Policy compliance reports | |
| Password expiration reports | |
| Micro reports for specific requirements | |
| Breached passwords identification and notification | |
| Password security analysis report | |
| Provision to trigger automated follow-up actions upon events | |
| Password event notifications (real-time and periodic) | |
| Advanced Settings, High Availability, and Architecture | |
| On-prem, private cloud deployments | |
| Distributed server deployment architecture | |
| Database backup for disaster recovery | |
| High-availability | |
| Option to use Always-on MS SQL clusters, Amazon Aurora | |
| Best Practices, Security Hardening, Miscellaneous | |
| Configure ticketing system integration | |
| Configure cloud storage integration | |
| Provision web-based access to end users | |
| Enforce security settings and controls (IP restrictions, enabling/disabling access) | |
| Provision for restricted access over the internet | |
| Explore browser extensions | |
| Cross-platform access | |
| Mobile Apps | |
| Secure offline access | |
| Day 12 |
User Acceptance Testing |
| Day 13,14 |
Delivery and closure |
Phase 3: Monitoring and troubleshooting¶
During this phase, Securden will familiarize the team with product components and their uses. The customer team will be walked through the architecture configured for the customer. We will also explain various use cases, day-to-day handling, best practices approach, and troubleshooting tips. The training will be delivered in person and cost estimates have been provided as part of the commercial proposal.
- Implement monitoring and reporting mechanisms.
- Monitor Unified PAM for performance and security issues.
- Conduct regular audits and reviews with users.
- Track all issues and gather troubleshooting material
- Continuously update policies and procedures based on lessons learned.
Phase 4: Project Closure, Documentation¶
The project closing phase will involve gathering insights, checking implementation success based on the success criteria defined, handing over the project and gathering documentation.
- Gather security insights based on audits
- Deployment architecture and configuration documents
- Collect product guides and manuals
With all phases of implementation complete, you can track your progress and inform the executives of the program's success. While implementation is complete with these four phases, it is important to review your PAM objectives, and keep in touch with the Securden team to align with future goals.
When set up well, Uni ed PAM provides holistic access security for all your sensitive data and IT assets. It regulates privileged access, protects sensitive accounts, automates repetitive tasks and best practices, enforces policies and controls, safeguards your infrastructure from internal/external threats, and mitigates security risks. All while keeping operational efficiency high.
Note: You may refer to the PAM Admin Guide to know about the product configurations, troubleshooting steps, and other features to start working on the solution.