Pre-Deployment Preparation¶
Deploying an endpoint privilege manager is going to change the way users make use of the privileges and permissions. Before you go ahead and roll out the solution for everyone, ensure you have worked on the following:
Business & Security Requirements¶
| Step | Description |
|---|---|
| Define business objectives for deploying EPM | Whether your goal is to achieve least privilege, demonstrate compliance, eliminate insider threats, progress with zero-trust. |
| Identify the regulations governing your industry | Whether your company is required to be compliant with HIPAA, GDPR, ISO, SOC, PCI-DSS, NERC-CIP |
| Define policies that govern privileged access | Decide who in your organization should have privileged access, what should be the baseline privileges for users, who should be responsible for enforcing least privilege, and define exceptions for the policy. |
Infrastructure Readiness¶
| Step | Description |
|---|---|
| Check whether your identity provider can be integrated with the EPM solution | Ensure whether the EPM solution can be integrated with Active Directory, Microsoft Entra ID, Google Workspace, or your identity provider. |
| Verify OS compatibility for endpoints | Verify whether the endpoints you want to manage privileges on run on an operating system (Windows, Mac, Linux) compatible with your Endpoint Privilege Manager. |
| Assess network connectivity and firewall rules | Endpoint Privilege Manager works through privilege management agents that are deployed on the endpoints. The agents and the EPM server must be able to communicate frequently for a seamless experience. The firewall rules and network connectivity settings must facilitate communication between the agent and the server. |
| Create strategies for high-availability and disaster recovery | Endpoint Privilege Managers help users perform their daily tasks and are therefore considered critical for the productivity of the workforce. Configuring a high-availability setup ensures the right privileges are available to the users at the right time. Ensure that a robust high-availability strategy is developed, and the infrastructure is available to make use of the strategy. |
Stakeholder Planning¶
| Step | Description |
|---|---|
| Identify stakeholders (IT, InfoSec, Compliance, Helpdesk). | The Endpoint Privilege Manager is used by the IT helpdesk, cybersecurity teams, and the compliance team to ensure only the minimum required privileges are being granted just at the right time. Ensure everyone who will be impacted by the solution directly and indirectly is identified. Once identified, list how each of them is going to be impacted. |
| Define pilot user groups and rollout phases. | When deploying the solution, always rollout in phases. Identify the pilot group and let them know in advance about the changes being made to their workflow. When rolling out, follow this procedure: - Deploy Securden Agent - Run Agent in Learning Mode. - Create Policy Using Insights Gathered by the Agent. - Remove Admin Rights. These will be explained further in the ‘Deployment Phase’ section of this document. |
| Communicate policy changes to end-users. | Once the test run with the pilot group is successful, communicate the policy changes to the end-user before extending the roll out to everyone. |
Backup & Rollback¶
| Step | Description |
|---|---|
| Backup critical configurations (AD, system images). | Ensure you have taken a backup of all critical configurations in your Active Directory, Entra ID, and Google Workspace domain. Ensure you have taken a backup of all data on the device on which Securden Endpoint Privilege Manager is going to be installed. |
| Create Rollback points if the deployment fails. | Create a rollback point on the device that is going to act as the Endpoint Privilege Manager server. If the installation fails due to unforeseen circumstances, you can easily revert to a safe rollback point and try again. |
