The fifth key success factor for a successful PAM deployment
In a PAM implementation, some of the aspects of the project, such as data collection, analytics, and provisioning, can be facilitated with a software solution of some sort. Sometimes, it can be as simple as Excel (although we would warn you to be very careful about how much you rely on Excel for anything beyond simple spreadsheets), and sometimes it might mean buying a software solution from a third party. There is a third option: building it yourself. Whatever the choice you will make (Excel, market solution, or internally developed), always keep in mind that the chosen solution must meet the CIAT: Confidentiality, Integrity, Availability, and Traceability.
The use of Excel can give the feeling of a quick implementation (and without extra costs) to move forward more quickly in launching a PAM project. The temptation is all the stronger when the team responsible of the project is under intense pressure from Management to get as many applications and users on board as possible in a short timeframe. However, this choice may cause you to lose much more time than you initially gained by succumbing to this «emergency» dimension (lack of follow-up and collaboration, unreliable data, no visibility, etc.). Investing in a dedicated solution designed to manage a PAM implementation project could well be the key to the success of your project and will, in any case, be a real booster.
The immediate priority in identifying a software solution for your organization is robustness. The solution will need to be able to scale to meet the organization’s needs, and it will need to anticipate a whole lot of human error. Remember, almost all implementation projects rely on the cooperation of a wide number of people across (and often outside) the organization, and these people will not have the same level of knowledge, focus, attention to detail, and personal and professional investment in the project as you do. There will be errors, but any good software solution should be able to cope.
In-house solutions are often proposed by helpful IT departments and familiar IT consulting firms. Their pitch is essentially that off-the-shelf software solutions are significantly more expensive than building in-house, and even the off-the-shelf solutions usually require non-trivial set-up and customization time and costs. Given that the bulk of the work done by the solution will be done during the implementation phase and not afterwards, does an off-the-shelf solution have a long-term positive ROI? Besides, the IT department or consulting firm knows the peculiarities of the organization and can build a bespoke product for a fraction of the cost.
The catch is that, like any software solution, an in-house solution has a lifecycle, meaning it will need to be maintained beyond its initial use. The first question is: who will maintain the solution? What if the employee or employees who built it leave the organization? And even if they stay, they might wind up with more pressing responsibilities, meaning that any issue with the software could create extended delays in time-sensitive aspects of the project.
Another aspect to consider is that your PAM solution provider will inevitably have updates to its product, some of which might impact your custom-built solution. This will require additional maintenance and development. Furthermore, as the industry evolves, certain features or integrations might become indispensable. Will your organization have someone to act as a product manager or product owner for the solution? If you are relying on a consulting firm to build you a bespoke solution, are you comfortable having a third party having that much leverage over the management of your PAM solution, potentially for years after the initial phases of the project?
This is not to argue that all in-house development is unwise. The point is that even a stark difference in ROI needs to be balanced with considerations that go beyond the immediately measurable.
To read about the rest of our steps to obtain a successful PAM deployment project download our white paper here: https://ignimission.ac-page.com/en-ignimission-protec-white-paper
Read other articles related to Privileged Access Management here: https://www.ignimission.com/blog-pam/