Privileged Access Management Enhances SecurityBy Eileen McCooey | Posted 2017-08-30 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
AMOCO Federal Credit Union tightens employee and vendor access to its IT infrastructure, reducing security risks without hampering productivity.
Locking down a network is one way to keep data secure, but such extreme measures are impractical when employees and vendors require remote access to networks and servers to do their job. The trick is finding a way to provide the necessary access with minimal risk.
AMOCO Federal Credit Union, a major financial services organization in the Houston/Galveston area, has managed to achieve the right balance of access and security. One of the most significant changes has been the adoption of a secure access solution that defines how privileged users connect to a system and granularly controls their access rights without hindering their work.
"Until five years ago, we were using a free app for a help desk to remote employees," recalls Tommy Green, vice president of information systems and technology (IS&T) for AMOCO. "It allowed screen sharing, but it didn't record who was doing what. So if a problem arose, there was no way to determine who caused it."
Green knew they had to find a better approach. After considering several options, AMOCO switched to Bomgar Remote Support with an on-premises appliance deployment. "The system records every session, so we know who did what," he explains. "It's fantastic."
That was just the first step. As the credit union grew—it currently has 79,000 members and $800 million in assets—the focus on security intensified.
"We needed to significantly upgrade our security measures to comply with the National Credit Union Association's requirements," he says. That process began in 2013 and accelerated in 2016. Among other things, AMOCO revamped its IT policies with more stringent password requirements and an emphasis on strong security patching for operating systems and apps.
VPN access was one area of concern. "It wasn't uncommon for us to give vendors full VPN and remote desktop access, which is really risky," Green remarks. "It made me incredibly nervous. If we gave users access to one server, they could get to all of them."
Given their satisfaction with Bomgar Remote Support, the AMOCO team considered the company's Privileged Access solution, which would tighten control over what privileged users could do while on the network, and would also audit and record their actions. The system offered numerous options for defining access parameters.
"When a user logs in, he or she sees only the machines to which we've granted access," Green notes. Rather than giving vendors persistent access, the IS&T team opted for individual sessions so that access is disabled when a vendor completes a project.
Accessing the System Anywhere
AMOCO employees are comfortable with the look and feel of the product, which is easy to use, according to Green. "Logging in remotely takes 10 seconds or less, and the desktop is an exact replica of what they see in the office," he says. Another plus: The system supports multiple screens, allowing a dual-monitor setup.
Users can access the system anywhere there's an internet connection, facilitating evening and weekend work. Apps for Windows and Mac computers, as well as smartphones and tablets, add convenience.
Green mentions one instance in which that capability was a lifesaver. One weekend, he was alerted to a problem while in a shopping mall. "Our members weren't able to check their balances or transfer funds by phone," he recalls. "I launched the Bomgar client on my phone and restarted the services so they worked properly."
The recording capability has been invaluable. "Our vendors are usually expert in their products, but anyone can mess up occasionally," Green observes. "At one point we had trouble with our phone system, and a vendor logged in and made configuration changes to the router that made things worse. When we reviewed the Bomgar recording, we discovered the problem and were able to get the system up and running again. That kind of oversight is awesome."
Ease of collaboration is another advantage, allowing joint troubleshooting and review from remote locations and eliminating "shoulder surfing" in the office.
Initially, AMOCO used Privileged Access only in the IT group. It has since pushed it out to Records and Retention and is now adding Accounting. The IS&T team has started to integrate Privileged Access with Bomgar Vault to improve password management and security for privileged users, reducing the risk of cyber-breaches. In addition, the credit union uses Duo dual-factor authentication alongside Bomgar to heighten security, and it also leverages tools from KnowBe4, which minimize the risk of phishing.
Green couldn't be happier with these security enhancements. "We're well on our way to an extremely secure environment," he says.