Skip to main content

NEWS

PATECCO Developed FIM Query Service Platform

PATECCO, which is specialized in Identity and Access Management consulting, developed a new platform – FIM Query Service, integrated with CA API Management tool. It provides the capabilities you need to bring systems together, to protect these integrated solutions, enhance customer experience, and unlock new business opportunities in the digital transformation.

FIM Query Service easily allows connectivity to a different source of information. That source could use the benefit of cache for recurring searches like Active Directory all information available to standard Xpath. Besides, the new tool provides a single entry point to the whole environment and this allows easy connectivity from third-party clients based on REST standard.

FIM Query Services Platform could be easily secured with third-party security gateways, resulting in better logging and improved GDPR compatibility.

In the integration processCA API Gateway toolacts as policy-driven identity and security enforcement points that can be implemented both in the enterprise and in the cloud to address a broad range of behind–the–firewall, SOA, B2B, API management and cloud security challenges.

The tool is designed to address multi-domain issues, especially the need to maintain trust when exchanging information with third parties. It also acts as Policy Enforcement Points (PEPs) located in the enterprise, allowing organizations to layer on key control and visibility capabilities for all third party interactions.

The integrated CA API Gateway provides OAUTH 2.0 to Windows Authentication for the production environment, so the services should be security compliant to the industry standards. In this way it ensures unparalleled flexibility in defining and enforcing identity-driven security policies, leveraging SSO session cookies, Kerberos tickets, SAML assertions and Public Key Infrastructure (PKI).

An advantage of the new platform is that it helps ensure enterprise application and infrastructure services are protected against malicious attacks or accidental damage due to poorly structured data. The tool provides not only protocol mediation and efficient data transformation, but also more traditional application-layer functionality such as caching and traffic throttling.

The other benefit of FIM Query Service is that it limits the number of no standard Clients to the database. This means that there is a lower number of locks for the tables resulting in better response time. The information, which is already searched, is available immediately from the cache.

The next advantage of FIM Query Service is that it phase out the lower level SQL language and replace it with standardizing REST based XPath. The verification and conversion between XPath and SQL are done by approved Microsoft Service and eliminates the need for knowing the internal database structure. This leads to future speedier updates.

PATECCO believes that APIs are the building blocks of digital transformation. Being successful today and asserting oneself on the market, requires the companies in every industry to make a fundamental change. This transformation process is not just about gradually introducing improvements, but also about developing core businesses to meet the needs of today’s connected world.

How Cloud Access Control Enables Security and Innovation in the Digital Age (Part 2)

Each organisation should take into account that security must remain the cornerstone of the cloud deployment strategy. There are several forces driving big companies toward public clouds – reduced costs, scalability, reliability, efficiency and the ability to attract and retain technical staff. But in most cases, the success or failure of any project is measured by the level of security that is integrated to safeguard an organization’s data and that of its customers.

In the past two years, several high-profile security breaches have resulted in the theft or exposure of millions of personal customer data records. The headlines are a constant reminder of the disruptive impact on a business in the wake of a breach. Concern about the security of public cloud technology itself, however, is misplaced. Most vulnerabilities can be traced back to a lack of understanding of cloud security and a shortage of the skills necessary to implement effective security measures.

Security should need not altogether be viewed as an impediment to migration efforts, but it must not be swept aside due to pressure or demands from business units. While companies cannot prevent every attack, building cloud security awareness at the right levels of the organization from the outset is a first line of defence for blocking the malicious activity that often precedes a breach.

Which are the biggest security threats of the companies when using cloud technologies?

1. Data breaches

The risk of data breach is always a top concern for cloud customers. It might be caused by an attacker, sometimes by human error, application vulnerabilities, or poor security practices. It also includes any kind of private information, personal health information, financial information, personally identifiable information, trade secrets, and intellectual property.

2. Data Loss

Data loss may occur if the user hasn’t created a backup for his files and also when an owner of encrypted data loses the key which unlocks it. As a result it could cause a failure to meet compliance policies or data protection requirements.

3. Ransomware attack

Ransomware is a type of malicious software that threatens to publish the victim’s data or block access to it. The attack leaves you with a poor opportunity for get your files back.  One of them is to pay the ransom, although you can never be sure that you will receive the decryption keys as you were promised. The other option is to restore a backup.  

4. Account hijacking

It happens, when an attacker gets access to a users’ credentials, he or she can look into their activities and transactions, manipulate the data, and return falsified information.

5. System vulnerabilities
System vulnerabilities can put the security of all services and data at significant risk. Attackers can use the bugs in the programs to steal data by taking control of the system or by disrupting service operations.

6. Advanced persistent threats (APT)

An advanced persistent threat is a network attack in which an unauthorized person gets access to a network and stays there undetected for a long period of time. The goal of such kind of attacks is to steal data, especially from corporations with high-value information.

7. Denial of Service (DoS) Attacks

Denial-of-service attacks typically flood servers, systems or networks and make it hard or even impossible for legitimate users to use the devices and the network resources inside.

How does the Cloud Infrastructure protect the business from the dangers?

Nowadays most companies are still in a process of searching for the right formula and developing successful strategy to prevent all of the above mentioned threats.  What they should do is to adhere to strong security requirements and proper authorization or authentication.

In the report, “Assessing the Risks of Cloud Computing,” Gartner strongly recommends engaging a third-party security firm to perform a risk assessment.  Coding  technology is also a way to  give  no  chance  to  hackers to  hijack  your  computer  or spread ransomware infection. Data  is  encoded  in  your  computer  and  the  backup  data  is  uploaded directly to the cloud storage locations.

Another effective way to prevent unauthorized access to sensitive data and apps is to ensure secure access with modern, mobile multi-factor authentication. Cloud security is enhanced with compliance regulations which keep high standards of privacy and protection of personal data and information. In such situation PATECCO recommends organizations to focus on Cloud Access Control, Privileged Access Management, Role Based Access Control, GRC, SIEM, IGI.

It’s important to have a full understanding of the services available to protect your infrastructure, applications, and data. And it’s critical for teams to show that they know how to can use them for each deployment across the infrastructure stack. By implementing security measures across your deployments, you are minimizing the attack surface area of your infrastructure.

How Cloud Security Enables Innovation and Security in the Digital Age (Part 1)

Nowadays security technologies such as IoT, Big Data, Artificial Intelligence, User Behaviour Analytics, Cloud Computing are on the rise. Rapidly changing customer needs force firms to adapt and create new business models. More and more companies choose to implement cloud systems, because of the rising number of digital identities rises and the rising need to protect and manage how personal information is collected, used and distributed.

Cloud based applications are convenient for different types of businesses and at the same time enable secure data management, analysis, and access from anywhere. Businesses that implement cloud computing, report improved security, efficiency, agility and scalability.

Agility

Companies should regularly reinvent their business models and when using Cloud systems, they are provided with the required infrastructure, platforms and computing abilities that helps them stay agile and ready for a change.

Security

Cloud offers increased protection at each layer from threats such as data breaches, disasters, and system shutdown. 

Efficient collaboration and flexibility

Cloud computing gives the business the flexibility to share files or data, from different devices, with the people across the world.

Cloud systems also play a crucial role in marketing activities, bringing the following benefits to marketing teams:

1. Superior Customer Experience

Cloud business model helps marketers to offer a superior customer experience. Not only because of the single sign-on convenience, but because of the unified cloud infrastructure, as well. It allows marketers to easily access and share their files, both within the team and with clients. That makes the collaboration and communication easier and more effective than ever.

2. Improved Analytics

The cloud makes it easier to track leads, customers and prospects by the use of CRM system. Marketers have the ability to test new channels, and to determine which elements of the marketing strategy worked well and which not.

3. Innovation

With improved accessibility, collaboration, and analytics, marketers can focus better in understanding customer needs and their pain points, consequently they can spend more time creating innovative campaigns to connect with customers and respond their requirements.

Beside this, there are some examples for successful marketing activities in the cloud. One of them is IBM Digital Marketing Network in the cloud. It provides customized dashboards, allowing marketers to integrate new marketing services, to view how their marketing campaigns are performing through the different channel thanks to real-time analytics to any marketing service such as Google Display Network, Doubleclick Search, etc. This is an efficient way to improve customer engagement and responses.

The next successful example is Amazon Web Services. AWS is a cloud computing solution that allows millions of customers to build applications with increased flexibility, scalability, security, and reliability. A lot of marketers use Amazon Simple Email Service (SES) which provide the software for doing e-mail campaigns. In this way they can easily send email communications to large numbers of customers, and prospects.

Moving forward to Hybrid Cloud

As cloud computing becomes mainstream, many organizations prefer their IT environments to include public and some private cloud. Most of them believe that exactly the combination of clouds ensures robust cloud governance model.

Hybrid plays a key role for organizations that want to successfully manage data access between private networks and public clouds. And this interconnection acts as the bridge to securely and directly connect cloud service providers and enterprises. In this way the companies will be able to continue their business transformation journey and develop deeply innovative and business models for future growth.

Challenges and Benefits of Access Governance

Many enterprises deploying Identity Management Solutions believe that this will suffice for access governance. The truth is that an identity management solution is only a point solution and access governance requires something more complex – monitoring of the dynamic access rights of multiple users to myriad applications. On one hand, Identity management solution allows IT to automate identity management and access control. On the other hand, an access governance system provides a high-level business overview of access requests, compliance processes, and in what way the risk management strategy ties into user roles and responsibilities. This means that access governance cannot work without identity management and at the same time facilitates advancements.

Today’s compound regulations make compliance an essential consideration. While providing the data trail required for audits and compliance requirements, it’s important at the same time to track, audit, and control what individual employees have access to. More and more companies recognise the need for access governance caused by multiple factors and challenges. This is for example increasingly complex regulations that demand strict adherence, the escalating scale and frequency of cyber attacks, adoption of the cloud which poses a concern about monitor which employees access what data, using which device!

How access governance system governs access rights?

Assigning specific rights to employees for accessing only what they need to ful­l their job roles and responsibilities, efficiently and in a secure manner.

Aggregating data on user accounts that have access to the different applications, databases, data centres, network devices, etc., together a single and easy-to-manage view into access rights and accounts on all systems.

Implementing strong security controls

What benefits does Identity Governance bring to the business?

Identity governance system enables the regulation and control of access in an efficient, systematic, and continuous manner.

Identity Governance grants a comprehensive view of roles and privileges within each department of the company. This results in deep insight into how access is used across the organization by different users.

An access governance system also positively impacts the certification process. Certification and recertification requirements are reduced and users can be certified on an ad-hoc basis, at any point in time.

Access governance facilitates collaborative and analytics-based decision-making, based on the data aggregated across users and departments.

Access Governance goes well beyond access recertification, role management and analytics. Strong capabilities for access request management, access analytics, and advanced direct or indirect capabilities of provisioning changes back are more often than not mandatory features. Increasingly, improved integration with Privilege Management tools or User Activity Monitoring solutions are being developed as a key focus area for many organizations.

PATECCO enables Digital Transformation for enterprises by delivering seamless customer experience, business efficiency and actionable insights through an integrated set of IAM, Governance Risk and Compliance and Cloud technologies.

8 Tactics to Get Identity and Access Management Right

Identity and Access Management has always been an ongoing process and an essential element of the enterprises’ infrastructure that demands continuous management. No matter you have completely implemented directory, it’s useful to take advantage of best practices to help continuously manage this crucial part of your IT environment.

PATECCO management team has a long experience in executing projects from different industries. When it comes to IAM implementations, its experts know what exactly works effectively and what not. For this article we have tapped the collective knowledge of these experts to come up with these eight IAM best practices: They will help you improve your identity management system to ensure better security, efficiency and compliance.

#1: Create a clear pan

IAM projects require excellent planning and project management expertise, with a project team representing various stakeholders within the company. Most importantly, you need to have a business perspective and tie the phases of your IAM project to quantifiable business results and benefits. IAM solutions need regular care and feeding long after the initial go-live date, which means planning for follow-up optimizations is crucial.

# 2. Implement IAM in phases

Implementing IAM in phases will definitely shorten the “time to value” of your project — the time before the business sees a distinct benefit — in the process giving you executive backing that will ensure the full funding of future phases.

# 3. Define identities

Start implementing a single, integrated system that ensures end-to-end management of employee identities and that retires orphaned identities at the appropriate time. This is where IT responsibility begins in the identity management lifecycle. You should also identify a primary directory service (often Active Directory) and a messaging system (such as Exchange Server).

#4. Implement workflow

Implementing workflow on the base of “request and approval” provides a secure way to manage and document change. A self-service web-based interface enables users to request permission to resources they need. It’s necessary to define who can control that list of services and who is responsible for managing workflow designs.

# 5. Make provisioning automated

Manging new users, users who leave the organisation, and users who are promoted or demoted within the organisation require provisioning, de-provisioning and re-provisioning. Automating them will reduce errors and will improve consistency. Start first with automating the basic add/change/delete tasks for user accounts, and then integrate additional tasks such as unlocking accounts.

# 6. Manage roles

You will need a certain amount of inventorying and mining to precisely identify the major roles within your organisation, based on the resource permissions currently in force. When the user places a request, the owner of the affected data has the ability to review, approve or deny the request. It is also important to define who will manage these roles and to ensure that roles are created, modified and deactivated by authorised individuals following the proper workflow.

# 7. Become compliant

Many companies are now affected by the GDPR regulations, and your identity management system plays a beneficial role in remaining compliant. You should focus on clearly defining and documenting the job roles that have control over your data, as well as the job roles that should have access to auditing information. Determine compliance rules, and assign each step to a responsible job role.

#8. Provide knowledge and control to business owners

After the IAM system implementation, you should let business data owners manage access to their data and to provide central reporting and control over those permissions. For that purpose education is needed of both end users and the IT staff that will be charged with ongoing administration and operation. From time to time, make a refreshment of their knowledge, to keep up with turnover and new product capabilities.

Best Practices for IAM Implementation

Identity and Access Management has always been an ongoing process and an essential element of the enterprises’ infrastructure that demands continuous management. No matter you have completely implemented directory, it’s useful to take advantage of best practices to help continuously manage this crucial part of your IT environment.

When it comes to IAM implementations, PATECCO experts know what exactly works effectively and what not. For this article we have tapped the collective knowledge of these experts to come up with these eight IAM implementation tactics: They will help you improve your identity management system to ensure better security, efficiency and compliance.

#1. Create a clear pan
IAM projects require excellent planning and project management expertise, with a project team representing various stakeholders within the company. Most importantly, you need to have a business perspective and tie the phases of your IAM project to quantifiable business results and benefits. IAM solutions need regular care and feeding long after the initial go-live date, which means planning for followup optimizations is crucial.

#2. Implement IAM in phases
Implementing IAM in phases will definitely shorten the “time to value” of your project — the time before the business sees a distinct benefit — in the process giving you executive backing that will ensure the full funding of future phases.
#3. Define identities
Start implementing a single, integrated system that ensures end-to-end
management of employee identities and that retires orphaned identities at the appropriate time. This is where IT responsibility begins in the identity management lifecycle. You should also identify a primary directory service (often Active Directory) and a messaging system (such as Exchange Server).

#4. Implement workflow
Implementing workflow on the base of “request and approval” provides a secure way to manage and document change. A self-service web-based interface enables users to request permission to resources they need. It’s necessary to define who can control that list of services and who is responsible for managing workflow designs.

#5. Make provisioning automated

Manging new users, users who leave the organisation, and users who are promoted or demoted within the organisation require provisioning, de-provisioning and re-provisioning. Automating them will reduce errors and will improve consistency. Start first with automating the basic add/change/delete tasks for user accounts, and then integrate additional tasks such as unlocking accounts.

#6. Manage roles

You will need a certain amount of inventorying and mining to precisely identify the major roles within your organisation, based on the resource permissions currently in force. When the user places a request, the owner of the affected data has the ability to review, approve or deny the request. It is also important to define who will manage these roles and to ensure that roles are created, modified and deactivated by authorised individuals following the proper workflow.

#7. Become compliant

Many companies are now affected by the GDPR regulations, and your identity management system plays a beneficial role in remaining compliant. You should focus on clearly defining and documenting the job roles that have control over your data, as well as the job roles that should have access to auditing information. Determine compliance rules, and assign each step to a responsible job role.

#8. Provide knowledge and control to business owners

After the IAM system implementation, you should let business data owners manage access to their data and to provide central reporting and control over those permissions. For that purpose education is needed of both end users and the IT staff that will be charged with ongoing administration and operation.

For more info about PATECCO Best practices in IAM, check out here:



How to Achieve Stronger Protection for Applications, Business, and Customers with AZURE AD B2C

Microsoft Azure Active Directory B2C is a cloud-based identity and access management service focused on facilitating business to consumer applications. It is used for authentication, authorization and allows users (consumers) to authenticate quickly by using social media logins (including Facebook, LinkedIn and Google, Amazon, and Microsoft accounts).These services simplify account creation process by consumers and add self-management. That means that users can change their sign-up and profile details, and to reset the passwords they create.

Depending on the company’s needs and strategy, you can choose between two types of Azure AD B2C:

Azure AD B2C Basic: Azure AD for “basic needs” leverages a dedicated “Microsoft Basic Trust Framework” in which you can customize policies.

and

Azure AD B2C Premium: Premium edition gives you full control, and thus allows you to author and create your own Trust Framework through declarative policies. Azure AD B2C Basic is upgradable to the premium edition at any time, with a smooth migration path for the customized policies.

The extensible policy framework of Azure Active Directory (Azure AD) B2C is the key strength of the service. It could be simply explained by the following structure:

Sign up policies – offer basic settings: identity providers, application claims and MFA settings and Sign in policies – offer the same basic settings as sign up policies, but they do not have settings for information that a user has to supply.

The other advantage of Azure AD is to provide you the ability to create multiple policies of different types in your tenant and use them in your applications as needed. Policies can be reused across applications. This flexibility enables developers to define and modify consumer identity experiences with minimal or no changes to their code. (Source: Microsoft).

Azure Active Directory B2C helps organizations to build a cloud identity directory for their customers, so there is no need of on-premises AD. Thanks to that solution, enterprises are able keep their applications, business, and the customers protected. In contrast to Azure B2B, Azure B2C does not support SSO to Office 365 or to other Microsoft and non-Microsoft SaaS apps. The applications, able to work with Azure AD B2C should be based on OAuth 2.0 and OpenID Connect standards.

When our clients ask us why we use Azure AD B2C we are always ready with an answer listing the main benefits that solution brings:

  • Convenience: Handles multi-factor authentication and password self-service reset with just a flip of a switch.
  • Time Savings: The solution is relatively quick to deploy.
  • Cost Savings: A lot of third-party authentication services are expensive. Azure AD B2C is pay-as-you-go and has reasonable prices.
  • Security: Delivers integration with multi-factor authentication (an important element regarding security and upcoming regulations under the GDPR).
  • Integration: It can integrate with additional data sources and services to build a single consumer identity view.

For more information about PATECCO solutions, check out here:

Ensuring Security and High Business Value With RBAC

In the era of digital transformation the tight privacy laws have imposed new levels of confidentiality on health care, insurance companies and financial institutions. As the number of their electronic systems increases along with the number of interfaces, identity management has become a critical component in ensuring information security and access control. Access control plays an essential role in safeguarding both physical security and electronic information security. Role-based access control could be simply explained as the security process of assigning specific rules or policies to individual users, or groups of users, that are connecting to your network. It simplifies the process in assigning user’s access based on their job function.

It has become a critical component in ensuring information security and access control. Access control plays an essential role in safeguarding both physical security and electronic information security. Role-based access control could be simply explained as the security process of assigning specific rules or policies to individual users, or groups of users, that are connecting to your network. It simplifies the process in assigning user’s access based on their job function.

Developing and using a role-based access control system in conjunction with an identity management solution makes it possible for organizations to ensure that accounts for new employees are always created with proper access rights. That means that there is a control defining which users have access to resources based on the role of the user. Access rights are grouped by role name, and access to resources is restricted to users who have been authorized to assume the associated role. For example, if a RBAC system is used in a hospital, each person that is allowed access to the hospital’s network has a predefined role (doctor, nurse, lab technician, administrator, etc.). If someone is defined as possessing the role of doctor, than that user can access only resources on the network that the role of doctor has been allowed access to. 

Four steps for providing data security

There are four steps which are of a great importance for providing proper data security. The first phase is to ensure that new employee access and accounts are created properly when the employee is on boarded. Second phase refers to giving those access rights remaining accurate and up-to-date during each of the company’s employee’s tenures. The third, and most essential step in this process, is revocation of access rights when individual employees leave the organization.

The fourth step is performing Information audits. The sooner you get used to them, the better. They are required to successfully manage the information and the access of rights. Our advice is to periodically review your roles, the employees assigned to them, and the access permitted for each. Once an audit of access rights is performed, it can be compared against the baseline template for each employee role initially established. If needed, the managers and systems owners could make for verification or revocation of the rights.

What are the benefits of RBAC?

Ideally, the RBAC system is clearly defined and agile, making the addition of new applications, roles and employees as efficient as possible. One of the greatest advantages of RBAC is the ability of giving you granular visibility, which is necessary to securely support your mobility in today’s digital environment. Another benefit of RBAC refers to maximized operational performance. Thus, companies could streamline and automate many transactions and business processes and provide users with the resources to perform their jobs better, faster and with greater personal responsibility. With RBAC system in place, organizations are better positioned to meet their own statutory and regulatory requirements for privacy and confidentiality, which is crucial for health care organizations and financial institutions.

Organizations should implement necessary security measures to provide that access to data, groups and applications are right for an employee during their tenure. They also should bear in mind that quite critical is the revocation of all account access when they depart. Failure to respond these criteria can lead to data theft and costly access to external applications.

If you are interested to read PATECCO White paper for Privileged Access Management, click the image below:

White paper for Privileged Access Management, click the image below:

6 Steps for Higher Security and Compliance in the Cloud

Nowadays the cloud industry is growing more due to its widespread adoption. But the more it’s growing, the more questions arise whether the cloud is secure. People are thinking about risks such as financial losses, lawsuits or losing the company’s reputation and even future progress. That’s why managing compliance has always been a challenge for IT companies. Today’s business environment requires cloud providers who are proficient in ensuring high level of security and who offer comprehensive cloud services at a much lower cost.

But let’s go back to the question – is cloud more secure? No doubt, yes! Almost all data stored in the cloud is encrypted, so the users need a key to decrypt the information. Business should take care more of the question how the data is accessed than – where it is stored.

As a cloud service provider PATECCO shares its best practices in six steps, ensuring better security and compliance:

1. Create an end-to-end security and compliance framework 

It’s important to create compliance framework, allowing to view, assess and manage all risks, security, and compliance for the cloud environment. Thanks to the instant access to a compliance infrastructure you can download all the certifications and audit reports you need to demonstrate compliance to your own stakeholders.

2. Create Authentication tools

Authentication, also called identity and access control, gives people permission to access different systems and documents according to their role. With cloud providers, implement multi-factor authentication which is more secure process than single sign-on. It requires a verification code that is texted to the users’ phone, or a link in an email that they have to click.

3. Ensure Encryption

Encryption means systematically scrambling of data so that nobody can read it unless having the code key to unscramble it. What needs to be done is to set up virtual networks which are not accessible to anyone within your company and all the traffic between machines in the cloud is securely encrypted. Let’s take for example Office 365’s service encryption. Office 365 offers customer-managed encryption capabilities, allowing you to have greater control over the protection of your sensitive data.

 4. Enforce privacy policies

Privacy and protection of personally identifiable information (PII) is gaining importance across the globe, often involving laws and regulations relating to the acquisition, storage, and use of PII. It is critical that privacy requirements be adequately addressed in the cloud service agreement. If not, the cloud service customer should consider seeking a different provider or not placing sensitive data in the cloud service. For example, customers that wish to place health information subject to the United States HIPAA regulation into a cloud service, must find a cloud service provider that will sign a HIPAA business associate agreement.

Step 5: Assess the security provisions for cloud applications

Companies should proactively protect their business-critical applications from external and internal threats throughout their entire life cycle, from design to implementation to production. Clearly defined security policies and processes are essential to ensure the applications are enabling the business rather than introducing additional risk. In order to protect an application from various types of breaches it is important to understand the application security policy considerations based on the different cloud deployment models.

When developing and deploying applications in a cloud environment, it is critical that customers realize they may forfeit some control and should design their cloud applications with these considerations in mind.

6. Audit and ensure proper reporting of operational and business processes

Offering tools for monitoring what’s going on with your infrastructure and application is quite useful. You can look at relevant log data from your applications or systems to see who’s doing what or if there were any threats. With the cloud, you can go in any time and pull down any number of pre-configured reports.

It’s essential that security controls encompass not only the cloud services themselves, but also the management interfaces offered to customers. Incident Reporting and Incident Handling process that meets the needs of the customer should also be available in the Cloud System.

PATECCO has a new White Paper about Privileged Access Management Services

The new PATECCO White Paper in Privileged Access Management has already been issued by the German Analyst company – Kuppingercole, with the valuable support of Matthias Reinwarth. The report consists of 16 pages describing main points about PATECCO PAM solutions – Functionalities, Capabilities, Deployments, Landscapes, Implementation.

PATECCO Privileged Account Management (PAM) focuses on the specific requirements of privileged user accounts in a company’s IT infrastructure. PAM is used as an information security and governance tool to support companies in complying with legal and regulatory compliance regulations. It also helps to prevent internal data misuse through the use of privileged accounts.

For the past several years, PATECCO developed high skills in implementing PAM
solutions, describing and designing necessary processes, and connecting systems
to these solutions. The white paper presents in details PATECCO best practices in implementing PAM solutions in the following function subsets:

  • Identity Consolidation
  • Privileged Access Request
  • Super User Privilege Management (SUPM)
  • Shared Account Password Management (SAPM)
  • Application to Application Password Management (AAPM)

The report presents PATECCO’s projects as a good example of demonstrating PAM capabilities allowing privileged users to have efficient andsecure access to the systems they manage. They also ensure that audit and compliance requirements are met, provide secure and streamlined way to authorize and monitor all privileged users forall relevant systems.

More about Patecco Services for PAM implementation, check out in the report below:

PATECCO PAM Services