Session details
The premise is simple: most PAM programmes that struggle don’t fail because of the technology. They fail because of how the technology is introduced to people. PAM has a reputation as a parasitic programme – consuming time and resource from network, infrastructure, and operations teams who have their own priorities. Organisations that treat those teams as dependencies end up with slow, fragile programmes. The ones that treat them as stakeholders end up with something that lasts.
I’ll draw on real delivery experience, including leading the transformation at Hargreaves Lansdown from a standalone PAM deployment to a full shared services platform – onboarding over 19,000 accounts while navigating a complex digital transformation and cloud migration. The platform today gives users flexible access to privileged systems via multiple access methods based on their preference, secure storage for non-privileged credentials and file sharing, threat detection and response capabilities, and proactive discovery spanning both privileged accounts and non-human identities. Alongside the platform, I developed the PAM standards and governance that underpin it – and crucially, teams adopted those standards willingly. When people understand why a programme exists and can see that the standards are designed to make their lives easier rather than harder, compliance stops being something you enforce and starts being something you earn.
I’ll also cover where this is heading: using the same stakeholder-first model to move organisations toward zero standing privileges and a more mature approach to non-human identity – two of the most significant challenges facing PAM programmes today, and both entirely dependent on the organisational trust that good delivery builds over time.Depending on who or what needs to be accessed. Ensure that the right people (identity) can access the right resources, at the right times, for the right reasons.
Speakers
