offers an identity and password management platform that provides identity
management solutions to small and mid-sized businesses. The challenges around
protecting privileged accounts from compromise are hard enough for enterprises
to deal with, but for smaller organizations solutions are often very expensive
and difficult to manage.
2020, Expert Insights spoke to Maurice Côté, VP Business Solutions at
Devolutions, to talk about why small businesses need to be thinking about
privileged access and identity management, the challenges that small businesses
face in implementing these solutions, and how Devolutions is helping
Who is Devolutions and what is Privileged Access Management?
access management is a component of identity management, which prioritizes
protecting high-level admin accounts from compromise. This includes
implementing password vaulting, multi-factor authentication features,
role-based access, enforcing password rotation, and auditing account access.
delivers privileged access management, password management and remote
connection management solutions for small and mid-sized organizations. Côté is
the VP of business solutions at Devolutions. He is in charge of customer
success and business development, and their IT operations team. Côté has worked
heavily in identity management and has recently run the development of
Devolutions’ Privileged Access Management (PAM) solution.
core differentiator is taking typically enterprise-focused solutions and
tailoring them to the needs of smaller and mid-market organizations. “We went
after the minimum viable feature set for PAM,” Côté says. “Because there’s a
lot of confusion out there about what PAM actually is. What we strived to do
was offer the PAM feature set for SMBs.”
Why is Privileged Access Management Important for Small Organizations?
privileged accounts comes down to protecting the keys to the castle, Côté says.
By having a secure, robust password vault, organizations are able to protect
themselves from account compromise, and crucially from insider threats.
look at data breaches under GDPR, most of them have come from insider threats,”
says Côté. “We want to protect that data with password vaulting, but we also
want to provide logging, to prevent a user or administrator from performing
something critical and erasing all traces of it.”
threats are becoming more and more prevalent, but it’s not always malicious,
Côté says. “As we see in phishing attacks, bad guys can be extremely successful
in tricking users into compromising accounts,” he explains. Without a PAM
solution in place there’s often no way for organizations to know if accounts
have been compromised, or how long they have been compromised for.
especially important for small and midsized organizations, because they often
can’t afford to implement the technically complex security tools that are used
by larger enterprise organizations. This makes them an easier target for
attackers, while still being a lucrative source for sensitive data.
Ease of Use and Deployment for Small Teams and MSPs
has focused on taking enterprise identity management systems and scaling them
down for use by SMBs. One of the most important aspects of this is ensuring
that the platform is easy for end users to use, with no barriers to accessing
their accounts. It’s also important that the solution is quick and easy to
deploy, as resources are far more stretched in SMB organizations over larger
One of the
groups most affected by attacks that seek to exploit vulnerabilities in
privileged accounts are managed service providers (MSPs), Côté tells me. MSPs
are often small organizations, with a few employees. But they can have access
to the IT environments of hundreds of other organizations, making them an
attractive target for cyber-criminals.
chunk of our business are MSPs,” Côté says. “They save a ton of time by using
our tools because they often run multiple firewalls, use different remote
access technologies, and various MFAs. So, it’s amazing the time we can save
them by consolidating into one technology.”
Thinking of implementing a PAM solution?
advice to organizations considering a PAM solution is to consider their security
requirements as a whole. “Looking for PAM is not good enough, you need to look
at the feature set they are offering,” he says.
need to focus on your requirements, according to your regulatory space and the
laws of your area. Typically, you don’t need that much [in terms of features].
Password vaulting is not complex. You may not need check out approvals, if you
don’t need time-based usage, you don’t need a really complex system.”
“Our focus is robustness, being easy to deploy and affordability, because we’re not for huge companies with lots of analysts. Instead, we’ve created something that is good for the SMB community.”
Find out more about Devolutions: https://devolutions.net/