Case Study
Global Bank's Journey to Enhanced Privileged Access Management (PAM)
- Securing & Managing Privileged Accounts
- Achieving Regulatory Compliance with DORA
- Enhancing Security & Operational Maturity
Case Study Introduction
Customer Summary
A long-established European financial institution, this organisation provides a broad range of banking and investment services to a diverse client base. With a presence in key financial hubs across multiple regions, they support individuals, businesses, and institutions by offering tailored financial solutions. Their expertise spans various areas of finance, catering to both corporate and private clients, and they are known for their commitment to long-term client relationships and strategic financial planning. Operating with a strong international footprint, they continue to adapt to evolving market demands while upholding a reputation for reliability and trust within the industry.
Requirements
The bank faced critical security challenges related to privileged account management:
- Limited Visibility Over Privileged Accounts: A lack of oversight on who had access to sensitive data.
- Regulatory Compliance Risks: The Digital Operational Resilience Act (DORA) mandated stricter control over privileged access.
- Security Threats: Privileged users logging in with personally identifiable accounts posed a risk.
- Inadequate Password & Key Management: Teams stored passwords in a password managed, and orphaned SSH keys were left unmanaged.
Business Challenges
- Poor Credential Management: Passwords stored in a password manager were not regularly updated or auditable.
- Uncontrolled SSH Key Access: A large number of orphaned SSH keys existed across multiple systems, creating vulnerabilities.
- Privilege Overuse & Violation of Least Privilege: Users remained logged into high-privilege accounts all day, increasing exposure.
- Failed PAM Implementations: Previous specific PAM solution evaluations failed, leaving no clear path forward.
Decision-Making Process
The Bank's senior stakeholders, including the Global Head of Technology, Head of Security and Global Procurement Lead, led a comprehensive evaluation of PAM solutions. The Bank evaulated Privileged Access Management (PAM) solutions based on:
Regulatory Compliance (DORA)
Alignment with Zero-Trust & Gartner Maturity Curve
Infrastructure Requirements & Deployment Speed
Audit & Reporting Capabilities
Given tight regulatory deadlines, the Bank opted for Delinea's cloud-hosted PAM solution, balancing fast deployment, minimal hardware requirements and strong security governance.
Solutions
Phase One: Meeting Compliance & Immediate Security Needs
• Deployed 100+ privileged users and migrated credentials from their password manager into the PAM system. • Secured SSH key access, enforcing governance over privileged authentication. • Implemented audit reporting & session monitoring, providing auditors with compliance evidence.
Phase Two: Expanding Privileged Access Controls
• Onboarded anonymous privileged accounts into the PAM solution. • Integrated technical workflows and Just-in-Time access models for enhanced security. • Addressed SSH key vulnerabilities, transitioning to unique key pairs per use.
Key Solutions at a Glance
Centralised privileged credentials for full visibility & compliance
Implemented secure password policies & governance frameworks
Aligned PAM strategy with Zero-Trust model
Achieved DORA compliance ahead of regulatory deadlines
Results & Impact
The implementation of Delinea's PAM solution led to significant security and compliance improvements. The PAM Deployment strengthened governance over privileged accounts, aligning the Bank with Zero-Trust principles and the Gartner Maturity Curve.
80% Reduction in Privileged Access Audit Findings
Increased Visibility & Control Over Privileged Accounts
Faster Detection & Mitigation of Security Threats
Successfully Met DORA Compliance Before the 2025 Deadline
Lessons Learned & Takeaways
The successful implementation of a Privileged Access Management (PAM) solution at the Bank has provided significant security and compliance improvements. From the start, this project required strong collaboration between multiple teams, including IT Security, Infrastructure, and Legal to ensure a seamless transition.
One of the key lessons learned was the importance of stakeholder engagement. Involving key business units early in the process helped align expectations, mitigate potential roadblocks and ensure that all teams understood the benefits of the PAM solution. Regular workshops and communication played a crucial role in driving adoption and reducing resistance to change.
Another major takeaway was the value of a phased deployment approach. By prioritising regulatory compliance in Phase One and following a structured roadmap aligned with the Gartner Maturity Curve, the Bank was able to achieve immediate security benefits while laying the groundwork for future improvements. The decision to adopt Delinea's cloud-hosted PAM allowed for a faster rollout while still meeting the Bank's long-term strategic objectives.
Before implementing PAM, the Bank struggled with visibility and control over privileged accounts. The reliance on their password manager for credential storage, unmanaged SSH keys and the lack of automated access controls posed serious risks. With the introduction of PAM, the Bank has centralised privileged account management, reduced security vulnerabilities and enhanced compliance with DORA ahead of the 2025 deadline.
As the bank moves into Phase Two, the focus will shift towards zero-trust principles, with Just-in-Time (JIT) privileged access, stronger SSH key management and expanded security automation. By continuing on this maturity path, the Bank will establish one of the most robust privileged access security frameworks in the financial sector.
