GigaOm Radar for Privileged Access Management v1.0
Privileged credentials (administrator rights) are a top target for attackers from outside the organization, or even from among unhappy staff within, because of the access they provide. A Privileged Access Management (PAM) solution is implemented to reduce or remove the need for humans to know these privileged credentials and reduces the chance that they might be misused.
The PAM system becomes the keeper of all privileged credentials, with policies that allow specific identified individuals access to use the appropriate credentials. To be the single source of privileged access, your PAM needs to support all of the authentication sources you use and all of the target systems to which elevated access permission is required. User acceptance is also important, and so the PAM solution should support or improve existing methods of accessing privileged systems, otherwise authorized staff will seek ways around the PAM solution.
A basic function of the PAM is to maintain an encrypted vault with the privileged credentials and other protected resources. Logging and session recording are crucial PAM features, and they allow auditing of privileged actions and forensic analysis after a privilege misuse event. Simply having logs and recordings is not sufficient; searchability is crucial for validating compliance and identifying the scope of any malicious access. Ideally, these logs would integrate into wider security analysis tools in a more holistic security approach.
Often, the PAM platform will act as a proxy or jump host to connect the unprivileged network where users operate to the privileged network that requires managed privilege credentials. The proxy function may support native tools, such as SSH or RDP gateway, or it may provide an HTML5 browser-based interface. The proxy may be part of the main vault application, or it may be deployable as a separate server, and can access the PAM vault as credentials are required. The separation of vault and proxy is essential when the PAM is used to bridge different trust levels such as internet-based privileged access, or any multi-tenant deployment such as PAM as a Service.
No matter how secure a PAM system is, there is always a risk of unintended disclosure of credentials or authorized staff who misbehave, whether accidentally or maliciously. Behavior analytics is a common method used to identify access that is being exploited inappropriately and is commonly integrated with a PAM solution. Ideally, the user behavior analytics would be able to identify the individual user’s actions both with their own credentials and using the PAM to exercise privileged credentials…
We appreciated his work ethics andclarity of thought. His mind was always on the “next step” and kept us all on our toes.
Ed Partch, American Tech Support
Chris is one of the most brilliant technologists and charismaticspeakers I’ve met in a long time. He’s an absolute creative, has amind focused on solutions, and is driven by a deep belief in whathe does. He’s both an inspirational leader and great colleague. I’d work with Chris again any day of the week.
Lia Kiessling, Internet Society
Chris Grundemann was among the most energetic and competent members of our Council throughout his time as an elected member. I found(find) Chris a most thoughtful man who brought insight and experience to the role, but was also always a genuine and professional member exerting leadership with tact and good humor. I think highly of Chris both as a technical professional and community leader, but also as a trusted friend.
Bill Darte, ARIN Advisory Council
Through the several tasks that we spent together in a professional environment, I have seen Chris accomplish things that many would consider impossible – both as a professional and technically – and neither has been a disappointment. Chris is a calculated risk-taker. He has an uncanny way of determining what the target market needs and has the capability of tweaking his designs and implementations accordingly. As a pragmatic leader and a realist, he can grasp ideas in a holistic manner and still pay attention to minor details. Chris has a well-deserved reputation as someone who is diligent and personable – two qualities that define him completely. As someone who is a creative thinker and possesses a can-do attitude, Chris is a pleasure to work with.
Kyle Smith, Markley
Chris is smart, diligent and focused, and knows how to lead a tight team. His hands-on experience and industry analysis is second to none, but he’s still grounded and approachable. At GigaOm, Chris conducted, then was a key player executing on an end-to-end review that was pivotal in shifting the company from a smaller analyst business dealing with rapid growth, to an established player in the analyst market.
Jon Collins, GigaOm
I enjoy working with him on a professional and personal level.
Diane Turley, tw telecom
Chris is a great asset to any company. His dedication and drivefor results makes him a consistent high achiever.
Henry Yu, tw telecom
I have worked with Chris on several projects over the years. His leadership, cooperation, and execution skills are first class. Chris looks at the big picture, identifies necessary actions, builds a plan, and gets the project done
Richard Jimmerson, ARIN
It was a pleasure to work with Chris. Chris possesses verydetailed technical knowledge and solid experience, but neverlost sight of his strategic and business goals when using that knowledge and experience.
Graham McKinley, Overture Networks
His intelligenceand wit are only outshone by his friendly and helpful nature. Working with Chris is always a pleasure and a smashing success.
Susan Forsman, tw telecom
I count my time working with Chris among my most rewarding professional experiences. Chris is someone with a voracious appetite for knowledge and a desire to understand the world around him. While these traits make him an incredible thought partner that excels at introducing new concepts and riffing off the ideas of others…it also makes him a multiplier, someone that helps others sharpen their own thinking by forcing them to be more introspective, to be more curious about what’s possible, and to think critically and objectively about the reality of a situation.
Chris is a tide that raises many boats, not just through his ability to cultivate innovation and promote positive disruption, but by the example he sets. Chris is one of the most accountable people I’ve ever known and consistently demonstrated a knack for bringing order to chaos, prioritizing diffuse – and often conflicting – objectives, and producing positive outcomes in situations where the deck seemed stacked in such a way that that doing so appeared impossible.
Rick Kenney, Myriad360
Chris is a strong team player with tremendous attention to detail. His approach was always well thought out with solid backing tohis ideas. His role and growth in the company were key to itssurvival. He was also very willing and able to wear multiple hats and was a flexible asset to have on hand.
Mikael Rasmussen, WavMax Broadband
Chris is an exceptionally energetic individual, a talented thinkerand an accomplished public speaker. He is a very rewardingperson to work with due to the level of organization he brings toevery project. He has vision and probity, a rare combination. I has been a great privilege to work with him.
John Springer, ARIN Advisory Council
Working with Chris has been a real pleasure. He is open, friendly, intelligent, discreet, skilled, productive, driven, resourceful and trustworthy! Our organisation has really benefitted from Chris’s skills and knowledge.
Howard Baggott, Internet Society
Chris is an excellent organizer and leader with vision and energy.He pulled together the Colorado Chapter of the Internet Society,wrote the inital by-laws and saw the process through to the actual chapter formation.
Karen Mulberry, Internet Society
Chris was an excellent coach, mentor and problem solver. Chris consistently possesses a “can do” attitude while taking on more and more responsibility and taking the time to fully understand, upskill and learn as required for success. Chris is very organized and patient. He is proactive in identifying and addressing risks and issues that could erstwhile derail hard-earned successes. Chris’ list of talents and intangibles is long, but never a surprise once you get the opportunity to work with him.
Scott Perricone, Myriad360
Chris has the talent to completely embrace and encompass atechnology and from that drive results. It is obvious that Chrisenjoys sharing his knowledge base and ideas with others. It wasa pleasure working with Chris.
John McQueen, Broadcom
Together we conquered many challenges, won impossible battles in the vendor industry and created a unique security practice. He has an interesting set of talents of being an engineer, innovator, and a thought leader, but never mixes any of these roles. That is what makes him successful as a leader. “Never be comfortable” is what Chris would tell me, which is what pushed me to do my first tech talk. I now have dozens behind me within some of the largest conferences known in the security vendor industry. Chris is nothing short of supernatural.
Leo Cruz, Myriad360
Chris Grundemann shares an infectious passion for technology and process. His decisiveness sets him apart from other leaders because he is more than willing to take risk for what he believes in. He empowers those around him and he trusts his direct reports to make good decisions. His ability to stand side by side with his team and still exhibit strong leadership is what makes him effective. Chris helped to launch the PMO office with a clear vision and plan that has helped us to establish governance and better business alignment.
Catina Ross, GigaOm
Chris is a focused individual, willing to go the extra mile to helpcustomers, and do the job correctly. He is a great teacher, and a smart man.
Tyson Schaetzle, Tikkom Wire
Chris is a superior problem-solver withgreat people skills and ability to ask the really hard questions. Ateam player who is engaged and approachable, I expect Chris will have significant impact in the tech industry.
Deb Gerring, CableLabs
Chris was an amazing colleague to work with. I admire his ability to understand very technical concepts as well as business and market driven ones. He has amazing stakeholder management skills, and has the ability to build relationships and manage working groups and teams. He is a true leader who is very passionate about whatever he is working on. His desire for framing strategic direction and leading execution would be an asset to any organization. I would welcome any opportunity to work with Chris again.
Rupal Patel, CableLabs
Chris is an engineer and leader of the highest caliber as demonstrated by his ongoing volunteer responsibilities within the Internet technical community and his unwavering drive.
Connie Kendig, Internet Society
One thing everyone should know about Chris, he always providesnothing less then quality customer service and technical support. His professionalism and skill far exceeds all expectations because he always goes the extra mile.
David Corbett, tw telecom
Chris consistently generates and delivers on new and creative ideas both within the guided bounds of a project or team goal as well as when left unbounded and allowed to explore. In addition Chris is a great team player willing to help whenever asked. Chris is also a competent and organized leader with great communication skills capable of managing projects from inception to completion.
Joey Padden, CableLabs
Chris is one of the sharpest minds you will be lucky to come across, whether in a personal or professional setting. His ability to cut through the noise and see the relevant elements and data in any situation is remarkable.
Chris is intensely focused, dedicated, and capable. He absorbs and synthesizes data quickly, finds the leverage points, focuses on what matters, and delivers results. Any high-performing team will get a boost from engaging with Chris.
Andy Fisher, Myriad360
Chris helped us build our security and networking practice success that continues with us today. He also contributed across the organization by conducting listening tours to identify and then help design operational strategies for areas of the business we wanted to better optimize. Chris’s focus on execution helped set the standard for delivering high quality and important research to the market.