Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Ostriches, Zero Day Exploits, and the Elusive CyberSec Expert: Why SMBs Should Implement Cloud-Based PAM


Written by Dan Ritch

October 2nd, 2018

Small and medium-sized businesses (SMBs) face a cyber security trifecta. Cyber criminals are increasingly targeting the most vulnerable businesses (not just the biggest fish). Sophisticated attackers quickly take advantage of newly revealed vulnerabilities. And, cyber security professionals are in short supply.

Maybe SMBs aren’t aware that they can use the same types of security systems as larger enterprises…

The combined threat poses a clear and present danger. Yet, too many SMBs drag their feet when it comes to beefing up security because it seems overwhelming. Or, they assume a cyber attack won’t happen to them. Maybe they aren’t aware that they can use the same types of security systems as larger enterprises, even if they’re unable to field an enterprise-sized team of experts.

Really? Enterprise-grade security without the enterprise-sized in-house team… how’s that possible, you might ask? Answer: the cloud.

Many SMBs already embrace cloud-based solutions for infrastructure and operations management, and more are using it for security, too. Once SBMs have chosen to head down a cloud-first path for their hosting, having additional software in the cloud as well streamlines integration and key processes.

The Problem with Ostriches

Some SMBs are consciously or inadvertently practicing security through obscurity, hoping that criminals either don’t try to attack them, or don’t discover their vulnerabilities. Such a security stance can feel passive, like the metaphorical ostrich with its head in the sand, rather than an active effort to mitigate risk.

There is a clear disconnect between how some SMBs think about their security vs. how likely they actually are to fall victim to a cyber attack. Eighty seven percent (87%) of small business owners don’t believe that they’re at risk of a data breach. Yet, 43% of cyber attacks target small businesses, and 61% of data breach victims are small businesses.

Large data breaches capture headlines, but SMBs pose a juicy target for hackers. SMBs often have less security in place than a large enterprise, and also have at least some valuable data worth stealing. Hackers understand that for even modest effort they can obtain worthwhile paydirt.

The average cost of an attack on a SMB in 2017 was more than $2.2 million

What’s more, since only 21% of SMBs typically carry cyber insurance, and 52% say they have no plans to obtain it, these businesses are more likely to pay a ransom or cooperate with the attackers to avoid the grotesque costs and publicity that can accompany a high profile breach. The average cost of an attack on a SMB in 2017 was more than $2.2 million in direct and ancillary costs, including lost productivity and costs associated with cleaning up in the aftermath of a breach. That’s enough to drive some SMBs out of business.

Proactive SMBs, on the other hand, understand the likelihood of a cyber attack and demand solutions that give them security capabilities they need, starting with protections for privileged accounts (the ones that manage applications, software, and server hardware).

The first step to proactive cyber security is to systematically protect access to your most valuable systems. One way to limit unauthorized activity on these systems is to ensure privileged accounts don’t fall into the wrong hands, and if they do, that damage can be contained. By keeping control, you create a moat around access to your most precious systems, the ones which represent your company’s value and viability.

Hackers Don’t Quit, So You Can’t Either

Problem number two: the work of maintaining a secure system is never done. Hackers can automate continuous, zero day exploits to identify vulnerable or unpatched systems.

Security professionals must maintain their systems weekly, daily, even hourly, to prevent an attacker from taking advantage of each new exploit. Too many SMBs are doing this manually, if they’re doing it at all. In light of these types of attacks, an automated, policy-based strategy to protect privileged accounts remains a critical line of defense for SMBs.

You Deserve The Same Level of Cyber Security as Enterprises

Now for the third problem: cyber expertise. SMBs often can’t find or afford cyber security staff. There are more than 200,000 unfilled cyber security jobs in the US, and by 2021 there could be as many as 3.5 million unfilled openings worldwide.

Large enterprises are able to compete for top-notch talent to ensure infrastructure is locked down and critical privileged accounts are protected. Smaller organizations need the same level of impenetrability, yet often cannot afford to have a team in place.

SaaS tools allow security-conscious SMBs to benefit from the same powerful privileged account management tools enterprises have, without worrying about server management, patches and upgrades, and ongoing maintenance.

 Unraveling the SMB Trifecta with Cloud-based, SasS PAM

Despite their size, SMBs are businesses with big plans. You need PAM tools which are business-strength, not password tools designed for individual consumers.

You have plenty to worry about without being concerned if your privilege management applications are up to date. So, rather than patching the threat after the fact, you can implement a cloud PAM solution which will automatically remain up to date, with no approvals, committee meetings, capital expenses, or project plans required.

A cloud-first, SaaS offering can combine the best of on-premises software, without the overhead of installing, supporting and maintaining it yourself.  That’s why Gartner says that by 2019, 30% of new PAM purchases will be delivered as a service.

A well-conceived hosted PAM solution will allow you to:

  • Instantly deploy with zero hardware or infrastructure requirements
  • Rapidly configure with wizard-driven setup, intuitive UIs, and a knowledge base built to enable self service
  • Completely own your PAM instance, roll it out on your terms and your schedule
  • Pay for what you use, not hardware or infrastructure costs, setup, or management overhead
  • Scale your PAM service automatically and elastically to meet your fluctuating volume and performance requirements, including for your DevOps teams
  • Deploy PAM on your terms, with editions to meet your precise needs today and tomorrow
  • Deploy and support the system without hiring a phalanx of IT, security personnel
  • Free your precious cyber security and operational resources from spending time on software upgrades and configuring hardware.

 With Secret Server in the cloud, you can avoid the financial and logistical nightmare of relying upon expensive professional service and consulting engagements to ensure your privileged accounts are properly protected and managed.

What to Look for in SasS Privileged Account Management

Evaluating a SaaS offering presents some unique requirements. The software must have all of the capabilities you need, while hosting infrastructure must conform to your most stringent standards. SMBs should look for integrated high-availability features and value-priced bundled offerings when choosing PAM software.

Additionally, you’ll want to confirm that the software you are using will be exactly the same as the on-premises version, and that the software provider is fully committed to keeping the hosted version in sync with the on-premises version.

Thycotic has the only feature-complete PAM service in the world, full stop. You can just sign up, log in, and get going.

Thycotic’s enterprise-grade feature set includes:

  • Discovery of local and service accounts across the organization
  • Secure vaulting and password management for privileged accounts across the enterprise infrastructure
  • Automation including password changing, heartbeat, and configurable secret policies
  • Auditing, reporting and alerts, both canned and custom, combined with an immutable audit trail, to proactively meet governance and compliance obligations
  • Secret workflow, including checkout, privileged access request, justification requirements, and “Doublelock”
  • Integrations with your cyber security fabric, including VSI, CRM, SAML, SIEM, and directory services
  • Session monitoring and control, including proxying, session recording, and keystroke logging
  • Custom script support empowering you to configure dependencies, hooks, and integrations on your own terms
  • DevOps workflow security via the Secret Server SDK, enabling the vaulting of embedded passwords at fast speeds and high-volumes

Software is only one part of the equation for cloud-based PAM. You also need to assess the hosting environment. It must be world-class since this is mission-critical functionality. 

Thycotic’s cloud hosting for Secret Server meets the toughest requirements. 

  • High-Availability: Because if it’s offline, it’s not helpful. Thycotic’s SLA offers 99.9% availability. Secret Server Cloud also implements a Web Application Firewall (WAF), capable of absorbing DDoS attacks well over 20 Gbps.
  • Azure Hosting: The service is hosted on Microsoft’s secure Azure infrastructure, which is designed to withstand evolving attacks, provides secure user access to the environment, and safeguards customer data through encrypted communications.
  • Advanced Threat Management Practices: Microsoft employs the latest in threat management and mitigation practices, including intrusion detection, denial-of-service (DDoS) attack prevention, regular penetration testing, and data analytics and machine learning tools to help mitigate threats.
  • Anti-malware: Secret Server Cloud leverages Azure’s Microsoft Anti-malware for cloud services and virtual machines.
  • Standards compliant: Azure meets a broad set of international and industry-specific compliance standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS.
  • Data isolation: Customer data needs to be completely isolated within the hosted environment, with encryption both in-transit and at rest. All Secret Server Cloud customer instances are completely isolated, with separate databases, supporting cloud infrastructure, and private encryption keys for each.
  • Geo-redundant: improve resilience and facilitate failover and recovery in the event of an outage or service interruption by taking advantage of distributed servers.

 When SMBs are Empowered and Secure, There’s No Stopping Them

When you protect vulnerable privileged accounts without time-consuming manual work, and you don’t spend limited resources managing tools and infrastructure, just think what your business can achieve! We can’t wait to help you find out.

Start your free trial of Secret Server in the Cloud today >

Request a Quote

What does cyber security like this cost?
Not as much as you think.

Get a quote for the ONLY enterprise-grade PAM solution available both in the cloud and on-premise.