Why SMBs Need Privileged Access And Password Management
Expert Insights interviews Maurice Côté, VP Business Solutions at Devolutions
Devolutions offers an identity and password management platform that provides identity management solutions to small and mid-sized businesses. The challenges around protecting privileged accounts from compromise are hard enough for enterprises to deal with, but for smaller organizations solutions are often very expensive and difficult to manage.
At RSAC 2020, Expert Insights spoke to Maurice Côté, VP Business Solutions at Devolutions, to talk about why small businesses need to be thinking about privileged access and identity management, the challenges that small businesses face in implementing these solutions, and how Devolutions is helping organizations.
Who is Devolutions and what is Privileged Access Management?
Privileged access management is a component of identity management, which prioritizes protecting high-level admin accounts from compromise. This includes implementing password vaulting, multi-factor authentication features, role-based access, enforcing password rotation, and auditing account access.
Devolutions delivers privileged access management, password management and remote connection management solutions for small and mid-sized organizations. Côté is the VP of business solutions at Devolutions. He is in charge of customer success and business development, and their IT operations team. Côté has worked heavily in identity management and has recently run the development of Devolutions’ Privileged Access Management (PAM) solution.
Devolutions’ core differentiator is taking typically enterprise-focused solutions and tailoring them to the needs of smaller and mid-market organizations. “We went after the minimum viable feature set for PAM,” Côté says. “Because there’s a lot of confusion out there about what PAM actually is. What we strived to do was offer the PAM feature set for SMBs.”
Why is Privileged Access Management Important for Small Organizations?
Protecting privileged accounts comes down to protecting the keys to the castle, Côté says. By having a secure, robust password vault, organizations are able to protect themselves from account compromise, and crucially from insider threats.
“If you look at data breaches under GDPR, most of them have come from insider threats,” says Côté. “We want to protect that data with password vaulting, but we also want to provide logging, to prevent a user or administrator from performing something critical and erasing all traces of it.”
Insider threats are becoming more and more prevalent, but it’s not always malicious, Côté says. “As we see in phishing attacks, bad guys can be extremely successful in tricking users into compromising accounts,” he explains. Without a PAM solution in place there’s often no way for organizations to know if accounts have been compromised, or how long they have been compromised for.
PAM is especially important for small and midsized organizations, because they often can’t afford to implement the technically complex security tools that are used by larger enterprise organizations. This makes them an easier target for attackers, while still being a lucrative source for sensitive data.
Ease of Use and Deployment for Small Teams and MSPs
Devolutions has focused on taking enterprise identity management systems and scaling them down for use by SMBs. One of the most important aspects of this is ensuring that the platform is easy for end users to use, with no barriers to accessing their accounts. It’s also important that the solution is quick and easy to deploy, as resources are far more stretched in SMB organizations over larger teams.
One of the groups most affected by attacks that seek to exploit vulnerabilities in privileged accounts are managed service providers (MSPs), Côté tells me. MSPs are often small organizations, with a few employees. But they can have access to the IT environments of hundreds of other organizations, making them an attractive target for cyber-criminals.
“A sizeable chunk of our business are MSPs,” Côté says. “They save a ton of time by using our tools because they often run multiple firewalls, use different remote access technologies, and various MFAs. So, it’s amazing the time we can save them by consolidating into one technology.”
Thinking of implementing a PAM solution?
Côté’s advice to organizations considering a PAM solution is to consider their security requirements as a whole. “Looking for PAM is not good enough, you need to look at the feature set they are offering,” he says.
“You really need to focus on your requirements, according to your regulatory space and the laws of your area. Typically, you don’t need that much [in terms of features]. Password vaulting is not complex. You may not need check out approvals, if you don’t need time-based usage, you don’t need a really complex system.”
“Our focus is robustness, being easy to deploy and affordability, because we’re not for huge companies with lots of analysts. Instead, we’ve created something that is good for the SMB community.”
Find out more about Devolutions: https://devolutions.net/