Privileged credentials (administrator rights) are a top target for attackers from outside the organization, or even from among unhappy staff within, because of the access they provide. A Privileged Access Management (PAM) solution is implemented to reduce or remove the need for humans to know these privileged credentials and reduces the chance that they might be misused.
The PAM system becomes the keeper of all privileged credentials, with policies that allow specific identified individuals access to use the appropriate credentials. To be the single source of privileged access, your PAM needs to support all of the authentication sources you use and all of the target systems to which elevated access permission is required. User acceptance is also important, and so the PAM solution should support or improve existing methods of accessing privileged systems, otherwise authorized staff will seek ways around the PAM solution.
A basic function of the PAM is to maintain an encrypted vault with the privileged credentials and other protected resources. Logging and session recording are crucial PAM features, and they allow auditing of privileged actions and forensic analysis after a privilege misuse event. Simply having logs and recordings is not sufficient; searchability is crucial for validating compliance and identifying the scope of any malicious access. Ideally, these logs would integrate into wider security analysis tools in a more holistic security approach.
Often, the PAM platform will act as a proxy or jump host to connect the unprivileged network where users operate to the privileged network that requires managed privilege credentials. The proxy function may support native tools, such as SSH or RDP gateway, or it may provide an HTML5 browser-based interface. The proxy may be part of the main vault application, or it may be deployable as a separate server, and can access the PAM vault as credentials are required. The separation of vault and proxy is essential when the PAM is used to bridge different trust levels such as internet-based privileged access, or any multi-tenant deployment such as PAM as a Service.
No matter how secure a PAM system is, there is always a risk of unintended disclosure of credentials or authorized staff who misbehave, whether accidentally or maliciously. Behavior analytics is a common method used to identify access that is being exploited inappropriately and is commonly integrated with a PAM solution. Ideally, the user behavior analytics would be able to identify the individual user’s actions both with their own credentials and using the PAM to exercise privileged credentials…
We appreciated his work ethics and clarity of thought. His mind was always on the “next step” and kept us all on our toes.
Chris is one of the most brilliant technologists and charismatic speakers I’ve met in a long time. He’s an absolute creative, has a mind focused on solutions, and is driven by a deep belief in what he does. He’s both an inspirational leader and great colleague. I’d work with Chris again any day of the week.
Chris Grundemann was among the most energetic and competent members of our Council throughout his time as an elected member. I found(find) Chris a most thoughtful man who brought insight and experience to the role, but was also always a genuine and professional member exerting leadership with tact and good humor. I think highly of Chris both as a technical professional and community leader, but also as a trusted friend.
Through the several tasks that we spent together in a professional environment, I have seen Chris accomplish things that many would consider impossible – both as a professional and technically – and neither has been a disappointment. Chris is a calculated risk-taker. He has an uncanny way of determining what the target market needs and has the capability of tweaking his designs and implementations accordingly. As a pragmatic leader and a realist, he can grasp ideas in a holistic manner and still pay attention to minor details. Chris has a well-deserved reputation as someone who is diligent and personable – two qualities that define him completely. As someone who is a creative thinker and possesses a can-do attitude, Chris is a pleasure to work with.
I enjoy working with him on a professional and personal level.
Chris is a great asset to any company. His dedication and drive for results makes him a consistent high achiever.
I have worked with Chris on several projects over the years. His leadership, cooperation, and execution skills are first class. Chris looks at the big picture, identifies necessary actions, builds a plan, and gets the project done
It was a pleasure to work with Chris. Chris possesses very detailed technical knowledge and solid experience, but never lost sight of his strategic and business goals when using that knowledge and experience.
His intelligence and wit are only outshone by his friendly and helpful nature. Working with Chris is always a pleasure and a smashing success.
I count my time working with Chris among my most rewarding professional experiences. Chris is someone with a voracious appetite for knowledge and a desire to understand the world around him. While these traits make him an incredible thought partner that excels at introducing new concepts and riffing off the ideas of others…it also makes him a multiplier, someone that helps others sharpen their own thinking by forcing them to be more introspective, to be more curious about what’s possible, and to think critically and objectively about the reality of a situation.
Chris is a tide that raises many boats, not just through his ability to cultivate innovation and promote positive disruption, but by the example he sets. Chris is one of the most accountable people I’ve ever known and consistently demonstrated a knack for bringing order to chaos, prioritizing diffuse – and often conflicting – objectives, and producing positive outcomes in situations where the deck seemed stacked in such a way that that doing so appeared impossible.
Chris is a strong team player with tremendous attention to detail. His approach was always well thought out with solid backing to his ideas. His role and growth in the company were key to its survival. He was also very willing and able to wear multiple hats and was a flexible asset to have on hand.
Chris is an exceptionally energetic individual, a talented thinker and an accomplished public speaker. He is a very rewarding person to work with due to the level of organization he brings to every project. He has vision and probity, a rare combination. I has been a great privilege to work with him.
Working with Chris has been a real pleasure. He is open, friendly, intelligent, discreet, skilled, productive, driven, resourceful and trustworthy! Our organisation has really benefitted from Chris’s skills and knowledge.
Chris is an excellent organizer and leader with vision and energy. He pulled together the Colorado Chapter of the Internet Society, wrote the inital by-laws and saw the process through to the actual chapter formation.
Chris was an excellent coach, mentor and problem solver. Chris consistently possesses a “can do” attitude while taking on more and more responsibility and taking the time to fully understand, upskill and learn as required for success. Chris is very organized and patient. He is proactive in identifying and addressing risks and issues that could erstwhile derail hard-earned successes. Chris’ list of talents and intangibles is long, but never a surprise once you get the opportunity to work with him.
Chris has the talent to completely embrace and encompass a technology and from that drive results. It is obvious that Chris enjoys sharing his knowledge base and ideas with others. It was a pleasure working with Chris.
Together we conquered many challenges, won impossible battles in the vendor industry and created a unique security practice. He has an interesting set of talents of being an engineer, innovator, and a thought leader, but never mixes any of these roles. That is what makes him successful as a leader. “Never be comfortable” is what Chris would tell me, which is what pushed me to do my first tech talk. I now have dozens behind me within some of the largest conferences known in the security vendor industry. Chris is nothing short of supernatural.
Chris is a focused individual, willing to go the extra mile to help customers, and do the job correctly. He is a great teacher, and a smart man.
Chris is a superior problem-solver with great people skills and ability to ask the really hard questions. A team player who is engaged and approachable, I expect Chris will have significant impact in the tech industry.
Chris was an amazing colleague to work with. I admire his ability to understand very technical concepts as well as business and market driven ones. He has amazing stakeholder management skills, and has the ability to build relationships and manage working groups and teams. He is a true leader who is very passionate about whatever he is working on. His desire for framing strategic direction and leading execution would be an asset to any organization. I would welcome any opportunity to work with Chris again.
Chris is an engineer and leader of the highest caliber as demonstrated by his ongoing volunteer responsibilities within the Internet technical community and his unwavering drive.
One thing everyone should know about Chris, he always provides nothing less then quality customer service and technical support. His professionalism and skill far exceeds all expectations because he always goes the extra mile.
Chris consistently generates and delivers on new and creative ideas both within the guided bounds of a project or team goal as well as when left unbounded and allowed to explore. In addition Chris is a great team player willing to help whenever asked. Chris is also a competent and organized leader with great communication skills capable of managing projects from inception to completion.
Chris is one of the sharpest minds you will be lucky to come across, whether in a personal or professional setting. His ability to cut through the noise and see the relevant elements and data in any situation is remarkable.
Chris is intensely focused, dedicated, and capable. He absorbs and synthesizes data quickly, finds the leverage points, focuses on what matters, and delivers results. Any high-performing team will get a boost from engaging with Chris.