How to Accelerate User Adoption
As you probably know, Privileged Access Management (PAM) refers to the higher levels of permission assigned to those with higher level control. With that in mind, let’s dive in!.
So, you and your organisation have decided to initialise a PAM programme, using CyberArk, to help bring more security and accountability to the credentials used to protect your most critical assets. You have identified your key business drivers and have created your PAM roadmap after many weeks/months of planning with key stakeholders. The time will come where you will have to engage with the people who will, ultimately, be using the solution – the end users. In this article, we will show you the challenges faced with user adoption and how to overcome them.
Challenges with User Adoption
User adoption will always be a hurdle to overcome. You will always have some users who will object to the idea of having to perform their daily activities through a PAM solution such as CyberArk, for one reason or another.
But why?
Typically, people don’t like change. You will have many people who have been at the company for years, performing their tasks in a particular way, unchallenged. They may be using the same password on multiple systems which makes their jobs easier but is a security risk. They may have their passwords stored in easily accessible places like spreadsheets or written on post-its. They can sometimes also feel a little bit threatened – but they shouldn’t, and you can help them feel better about it with solutions outlined in the ‘How to Overcome these problems’ section below.
Other common misconceptions are that using systems such as CyberArk will slow them down when performing their business-as-usual activities. It’s best to always be upfront with this – it can add a few more seconds and a few more clicks of the mouse but on the flip side, it can also make their jobs easier.
How?
• It will result in fewer passwords to remember.
• Automated password changes that they don’t have to do themselves.
• Being connected transparently to target devices.
The key is helping to dispel this misconception and promote the upsides of the tool. When it comes to onboarding accounts, whether it’s their personal accounts or a new shared account model which has been designed, employees fear that their access is going to be removed. This is another myth and provided the programme is doing its job properly and the discovery has been completed, the user will still have the correct permissions to do what they need to do according to their role.
How to overcome these problems
Firstly, one of the most important ways to promote this adoption of new software is to have active and visible leadership. If the message is pushed down from above by managers, and their manager’s managers and so forth, you are more likely to get buy-in from the people who work below them. If the message of why CyberArk is being used, and which risks it is looking to address are clear, the users should be responsive to that message and be willing to go on the journey.
Another method of driving this adoption, apart from a top-down approach, is a bottom-up approach. Get the users involved from the start of the programme. Invite them to workshops, enforce the message why you are doing what you are doing, make sure their use cases are covered, listen to any concerns they have and try to allay them.
Education should be there from the start. Get users interested in the product; allow them to see its benefits to move their minds away from their negative thoughts and opinions about it. Provide demonstrations of the product, show how they would use the product for their roles, hold open mic sessions where they can ask questions and provide admin guides which can show them how easy it is to operate. You need the users on board from the very start and the more success stories you can bring, the reputation of CyberArk will grow along with the programme.
In addition to the bottom-up approach mentioned previously, try promoting the ways in which they can still use their native tooling to do their job, even if they must retrieve accounts from CyberArk beforehand. As an example, Unix admins typically work from a command line – whether this is PuTTY, PowerShell, MobaXterm – and the thought of them having to access accounts through a web interface and through an RDP session, is not one which would typically be welcomed, and that is totally understandable.
To combat this, promote the use of Privileged Session Manager (PSM) for Secure Shell (SSH), and PSM for Windows, so they can still connect to their target devices using their usual tools whilst still benefiting from the security features which CyberArk brings.
And, finally, one other way to drive user adoption is to ensure you have an active PAM Awareness campaign to let the business know about the changes that are coming, why they are coming and how it will benefit the organisation's security posture. This could be posters on walls around office spaces, kitchens, lifts and email campaigns which can be used to send out newsletters with the latest updates.
Final thoughts
1. Provide training for onboarding. Get the users familiar with the system and distribute the user guides prior to onboarding. CyberArk also have several free training courses, and a free certification called Trustee, which users can undertake to give them a basic knowledge of the system prior to use.
2. Publish instructions for onboarding. Having a document which users can refer to is a great tool for helping them with their new ways of working. You can create a PAM SharePoint site with helpful documents.
3. Implement a single request system. Where possible, use a single request system for all things CyberArk. Whether that is requesting access, requesting an account to be onboarded; requesting support; etc. The more you simplify these processes, the more likely employees will find things easier and therefore be happy to embrace new changes.
4. Automate onboarding delivery. Leveraging automation for onboarding helps streamline the delivery processes for end users and speeds up the time it takes for credentials to come under management.
5. Allow Scheduled Changes. Involve the users in this. They want to only rotate passwords out of hours? No problem, we can do that. They only want them rotated at weekends? Again, we can do that. If the platform teams feel that their needs are being taken into account and you are working with them, you should find the user adoption process much easier.
6. Finally, define a clear escalation process. Problems don’t necessarily mean a bad perception of the PAM programme but if there is a lack of escalation or resolution, this can lead to one. Make it easy for users to report and escalate issues and get assistance when needed.
Now you are equipped with the tools to combat user-adoption challenges you might encounter when embarking on your journey with Privileged Access Management. Thank you for reading and if you would like any assistance in your PAM project, please reach out by contacting us using the form below; we want to help!
Lee Atkinson
CyberIAM, Principal Consultant
Complete the form below if you would like to find out more about us and the services we offer:
Want more information on CyberArk?
Or why not try this article here: PMTerminal deprecation – What does this mean for CyberArk Customers?
How to overcome User Adoption challenges with Privileged Access Management (PAM)
As you probably know, Privileged Access Management (PAM) refers to the higher levels of permission assigned to those with higher level control. With that in mind, let’s dive in!.
So, you and your organisation have decided to initialise a PAM programme, using CyberArk, to help bring more security and accountability to the credentials used to protect your most critical assets. You have identified your key business drivers and have created your PAM roadmap after many weeks/months of planning with key stakeholders. The time will come where you will have to engage with the people who will, ultimately, be using the solution – the end users. In this article, we will show you the challenges faced with user adoption and how to overcome them.
Challenges with User Adoption
User adoption will always be a hurdle to overcome. You will always have some users who will object to the idea of having to perform their daily activities through a PAM solution such as CyberArk, for one reason or another.
But why?
Typically, people don’t like change. You will have many people who have been at the company for years, performing their tasks in a particular way, unchallenged. They may be using the same password on multiple systems which makes their jobs easier but is a security risk. They may have their passwords stored in easily accessible places like spreadsheets or written on post-its. They can sometimes also feel a little bit threatened – but they shouldn’t, and you can help them feel better about it with solutions outlined in the ‘How to Overcome these problems’ section below.
Other common misconceptions are that using systems such as CyberArk will slow them down when performing their business-as-usual activities. It’s best to always be upfront with this – it can add a few more seconds and a few more clicks of the mouse but on the flip side, it can also make their jobs easier.
How?
• It will result in fewer passwords to remember.
• Automated password changes that they don’t have to do themselves.
• Being connected transparently to target devices.
The key is helping to dispel this misconception and promote the upsides of the tool. When it comes to onboarding accounts, whether it’s their personal accounts or a new shared account model which has been designed, employees fear that their access is going to be removed. This is another myth and provided the programme is doing its job properly and the discovery has been completed, the user will still have the correct permissions to do what they need to do according to their role.
How to overcome these problems
Firstly, one of the most important ways to promote this adoption of new software is to have active and visible leadership. If the message is pushed down from above by managers, and their manager’s managers and so forth, you are more likely to get buy-in from the people who work below them. If the message of why CyberArk is being used, and which risks it is looking to address are clear, the users should be responsive to that message and be willing to go on the journey.
Another method of driving this adoption, apart from a top-down approach, is a bottom-up approach. Get the users involved from the start of the programme. Invite them to workshops, enforce the message why you are doing what you are doing, make sure their use cases are covered, listen to any concerns they have and try to allay them.
Education should be there from the start. Get users interested in the product; allow them to see its benefits to move their minds away from their negative thoughts and opinions about it. Provide demonstrations of the product, show how they would use the product for their roles, hold open mic sessions where they can ask questions and provide admin guides which can show them how easy it is to operate. You need the users on board from the very start and the more success stories you can bring, the reputation of CyberArk will grow along with the programme.
In addition to the bottom-up approach mentioned previously, try promoting the ways in which they can still use their native tooling to do their job, even if they must retrieve accounts from CyberArk beforehand. As an example, Unix admins typically work from a command line – whether this is PuTTY, PowerShell, MobaXterm – and the thought of them having to access accounts through a web interface and through an RDP session, is not one which would typically be welcomed, and that is totally understandable.
To combat this, promote the use of Privileged Session Manager (PSM) for Secure Shell (SSH), and PSM for Windows, so they can still connect to their target devices using their usual tools whilst still benefiting from the security features which CyberArk brings.
And, finally, one other way to drive user adoption is to ensure you have an active PAM Awareness campaign to let the business know about the changes that are coming, why they are coming and how it will benefit the organisation's security posture. This could be posters on walls around office spaces, kitchens, lifts and email campaigns which can be used to send out newsletters with the latest updates.
Final thoughts
1. Provide training for onboarding. Get the users familiar with the system and distribute the user guides prior to onboarding. CyberArk also have several free training courses, and a free certification called Trustee, which users can undertake to give them a basic knowledge of the system prior to use.
2. Publish instructions for onboarding. Having a document which users can refer to is a great tool for helping them with their new ways of working. You can create a PAM SharePoint site with helpful documents.
3. Implement a single request system. Where possible, use a single request system for all things CyberArk. Whether that is requesting access, requesting an account to be onboarded; requesting support; etc. The more you simplify these processes, the more likely employees will find things easier and therefore be happy to embrace new changes.
4. Automate onboarding delivery. Leveraging automation for onboarding helps streamline the delivery processes for end users and speeds up the time it takes for credentials to come under management.
5. Allow Scheduled Changes. Involve the users in this. They want to only rotate passwords out of hours? No problem, we can do that. They only want them rotated at weekends? Again, we can do that. If the platform teams feel that their needs are being taken into account and you are working with them, you should find the user adoption process much easier.
6. Finally, define a clear escalation process. Problems don’t necessarily mean a bad perception of the PAM programme but if there is a lack of escalation or resolution, this can lead to one. Make it easy for users to report and escalate issues and get assistance when needed.
Now you are equipped with the tools to combat user-adoption challenges you might encounter when embarking on your journey with Privileged Access Management. Thank you for reading and if you would like any assistance in your PAM project, please reach out by contacting us using the form below; we want to help!
Want more information on CyberArk?
Or why not try this article here: PMTerminal deprecation – What does this mean for CyberArk Customers?
Lee Atkinson
CyberIAM, Solution Architect