How to Get Started with PAM and CyberArk


Organizations are recognizing the critical importance of effective privileged account management (PAM), but many remain in the early stages of implementing a PAM strategy. According to a 2017 Forrester report, just 17 percent of organizations have a mature approach to identity and access management (IAM). Those at lower IAM maturity levels are behind in their implementation of essential PAM controls.

It’s understandable. The typical organization has thousands of systems, applications, devices, cloud platforms, etc. As each of these is implemented, administrative credentials are created. Sometimes, these are, by necessity, shared by multiple administrators. Critical dependencies and concern that administrators won’t be able to access systems when needed might prevent strict adherence to account management and access policies. Trying to retrofit all of this into a disciplined PAM strategy might seem overwhelming.

One approach is to select a PAM solution and develop a PAM strategy as part of the implementation process. CyberArk, for example, is a well-established and respected platform that features a number of powerful tools for securing and monitoring privileged accounts and meeting business, legal, and regulatory requirements. Clango’s experts have helped many organizations take advantage of CyberArk to enhance their security posture.

Implementing the central component of CyberArk’s Core Privileged Access Security solution — the Enterprise Password Vault — is fairly straightforward. It might take an IT team a couple of days with Clango’s help and guidance. But implementing Enterprise Password Vault is only part of the process. That’s why Clango works closely with customers to assess their business and IT requirements and develop a plan that will put them on the road to PAM maturity.

Some CIOs go into the game with the goal of implementing a comprehensive PAM strategy. However, many if not most IT managers prefer a phased approach that allows the organization to take incremental steps toward privileged account security. After all, PAM requires not only policy and technology but behavioral changes on the part of system administrators. A phased approach gives IT teams an opportunity to grow accustomed to PAM and work out any problems that arise along the way.

There’s no “right” way to go about PAM implementation using CyberArk, but here are some examples of what a phased approach might look like:

  • Use a risk classification system to identify privileged accounts that are most vulnerable and/or would pose the greatest threat to the organization if compromised. Start by securing these credentials, then work through those of lesser priority.
  • Implement PAM by types of systems and devices. For example, start with all Windows systems, then Linux/Unix servers, backup systems, databases, network gear, etc. This allows you to build on lessons learned for each platform.
  • Create implementation phases for groups of system and platform “owners.” This might be by business unit, region, department, or IT function, depending on the organization’s size and corporate structure.

Clango helps customers develop a PAM strategy based on industry best practices and our extensive field experience. Clango’s CyberArk consulting and implementation services are designed to maximize the value of CyberArk in executing that strategy.

Forrester estimates that 80 percent of security breaches involve compromised privileged account credentials or privilege escalation. Most of these credentials are used by an organization’s system, database, and network administrators. A mature PAM program can prevent these credentials from falling into the wrong hands. Clango offers expert services to help organizations advance their PAM strategy and implement the CyberArk platform.


For more information about getting started with CyberArk, please send us an email at (!

Leave a Comment