Service: Executing projects
Sector: Other
Area of expertise: Cyber security
THE SITUATION
Denmark’s largest railway company needed to further improve its protection of privileged accounts. Additionally, they had contracted a new service provider (that would run their servers) for which the migration was inbound. This also meant that the implementation of PAM would happen during the client’s migration to the new server environment.
WHAT WE DID
Kopenhagen Konsulting completed a pre-analysis of how to implement privileged access management (PAM). Specifically, the question was whether the client should build an interim PAM solution that would be operational for (best case) 4 months or if it should wait for the (already planned) PAM implementation during the client’s migration to a new server environment. It was advised that the client should focus its efforts on exploring mitigating activities to lower the risk of misused privileged access rights in the short run and prepare the migration and PAM implementation thoroughly to ensure a speedy implementation. Among the mitigating activities were; identification and revision of privileged access rights, removal of left-over accounts, forced password rotation, separation of admin-accounts and user accounts, and finally a structured clean-up of the active directory. These activities were scoped, managed, and completed ahead of the PAM implementation.
THE OUTCOME
The client received the pre-analysis and decided to do a clean-up and other hardening activities while waiting for the migration and PAM implementation that were already planned.
