Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

What to expect when working with Thycotic Professional Services

mm

Written by Barbara Hoffman

January 12th, 2021

Thycotic customers come in all shapes, sizes, and levels of experience.

Some are new to PAM. Perhaps they recently inherited the program. Or maybe they’re building a PAM strategy from scratch. Our pro services team supports them at every stage of their journey.

Some want more hands-on control. They prefer writing their own scripts, building custom reports, and setting up their own architecture. For these folks our pro services team is on standby, ready to help when needed.

Thycotic customers deploy PAM solutions in the cloud, on-premise, and hybrid models, without giving up any functionality. Our pro services experts are here to help on-prem customers with installation and architecture design. Even cloud customers that rely on Thycotic for hosting and maintenance may still want to work with pro services for strategic and technical support.

Our step-by-step framework helps customers build a PAM program that is technically sound—and usable

Thycotic Pro Services has a proven methodology—a step-by-step framework—to help customers build a PAM program that is not just technically sound, but also usable. It adapts as threats evolve and your organization changes. You can choose to work with our services team for all the steps, or just the ones where you need some additional support or direction.

Stages of a Pro Services rollout

1. Assessment and project planning 

At the start of a PAM project, we confirm your goals and discuss timelines to achieve them. Optionally, we’ll assess your current state of PAM adoption, using Thycotic’s PAM Maturity Model as a framework. If this is done, it can form the basis of our project roadmap, as we work together to get PAM fundamentals in place first and then accelerate your PAM maturity with additional capabilities.

A project manager from Thycotic services can team with a project manager on your side to create a joint project plan, including phases and key milestones. Throughout the engagement, these two PMs will work hand in hand to keep the project on track and ensure it’s meeting objectives.

2. Preparation for installation and configuration 

During this stage, we get to know the environment in which Thycotic’s software will be implemented.

If you’re using our software-as-a-service model, you can get started more quickly without provisioning or hardware decisions. High availability, controls, and redundancy are delivered by Azure with a 99.9% uptime SLA.

If you’re installing Thycotic on-premise, we work with you to understand the best hardware and software requirements for your environment. We review your security policies and procedures, as well as processes for Disaster Recovery and High Availability, and confirm any SLAs you have in place with business users or other functional teams for uptime. We consider any important environmental factors (e.g. high-security requirements, Active Directory implementation status, whether MFA or 2FA is already implemented, and any SIEM/SysLog and ticketing systems in use). We also discuss hardening your environment, the options available, and what best suits your needs.

3. Architecture development

If you’re using a cloud solution, we skip this step and move directly into implementation.

For on-prem customers, we prepare, present, and agree upon the suggested design for installation of Thycotic solutions, including Secret Server, Distributed Engines, Privilege Manager, and supporting software such as SQL Server, IIS, HSM, and SIEM integration. This phase typically includes the delivery of a customer-specific reference architecture that is agreed upon by both parties. We develop the architecture for QA and production environments and ensure they’re sufficient for your usage and uptime requirements.

4. Preparation for implementation  

Together, we confirm your priority use cases. We then identify and meet with critical stakeholders responsible for the implementation and ongoing management of the PAM solution. Often, we start with the IT groups that have been involved in the install, as they’re familiar with the process and goals of the PAM program.

As part of the project plan, we prioritize some “quick wins” to demonstrate early success and gain progressive buy-in from executives and different departments. For example, a quick win may be reducing the number of Admin accounts, a straightforward and low-risk process with immediate, measurable results.

We typically onboard accounts and processes with fewer dependencies first. In addition, we plan for expanding use cases to include additional stakeholders across the company, with a recommended timeline and key milestones along the way.

5. Installation  

With the plan in place and an agreed-upon design/architecture, we’re ready to go. For on-prem customers, our team installs and tests your PAM solution, starting in a QA environment, where possible.

6. Implementation

No successful PAM project ends here.

PAM is not a set-it-and-forget-it kind of thing. After the initial implementation, we make sure your team is set up for long-term success.

Based on the goals set forth in the assessment and planning phase, and the solutions you’ve purchased, we work with you to implement capabilities that range from PAM fundamentals to comprehensive, mature privilege management.

7. Supporting behavior change

Even technical experts sometimes need a little extra support when it comes to the human aspect of PAM – adoption.

IT operations, developers, and business users may have to shut down other processes or integrate them into the new way of managing privileges via a centralized web interface. You need their support to make a PAM program a success, but it’s pretty common to get some push back when you ask them to change how they’ve been doing things.

Thycotic will provide best practices to integrate PAM and least privilege policies into your organization as seamlessly as possible. We’ll work with your teams to build awareness and make new workflows suit your company culture and situation.

8.Ongoing knowledge transfer and training 

We’ll share best practices through presentations, online classes available for certification, our resource library, and support portal. We can customize training sessions for different teams within your organization to cover your specific objectives, policies, and workflow processes.

Thycotic customers also participate in The Secret Society, our online knowledge-sharing community. There you can find scripts, architecture diagrams, and other best practice advice, as well as pose a question to get advice from other users.

9. Health check 

Several months after implementation, we perform our first health check to make sure you’re getting the most from your Thycotic solutions. At this point, while most things are going smoothly, there may be some areas where you’re getting stuck or have questions. Once the PAM solution is in place, you’re likely to find new opportunities to apply privileged access management, for example to additional departments or account types.

10. Continuous improvement 

On an ongoing basis, we work with you to measure success and develop a long-term plan to progress through the stages of PAM maturity. With a strong foundation in place, you can go beyond the PAM basics to fortify your PAM program and become a PAM expert.

IT Security should be easy. We’ll show you how.

Try Secret Server and experience how FAST & EASY
IT security products can be.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS