Case Study: A North American Energy Company Presents The Carrot, Not The Stick, Of PIM

A North American energy company recently faced a serious challenge — it could not successfully pass Federal Energy Regulatory Commission (FERC)/North American Electric Reliability Corporation (NERC) and Sarbanes-Oxley (SOX) compliance audits because of the way it managed privileged users. Its manual PIM processes didn't scale. System administrators (SAs) spent a great deal of time locating, verifying, and changing administrative passwords manually for hundreds of systems. The company had to do something, so it decided to implement an automated privileged identity management (PIM) solution. The implementation was a success, in large part because the company overcame organizational resistance by recruiting technologically savvy SAs to provide feedback on policies and champion the rollout with peers. As a result, the PIM solution has not only reduced risk associated with the once manual PIM processes, but it has improved system administration and achieved regulatory compliance in understanding how it assigns and practices access to its sensitive systems.