Complex Cyber Security Tools Aren’t Just Painful, They are Downright Dangerous

Securing your company is a big job. People are counting on you to stay one step ahead of cyber criminals and keep them safe. But, when the cyber security tools you rely on are too cumbersome to use, you can’t get your job done.

We believe cyber solution providers have a responsibility to make your life as easy as possible. That means giving you everything you need to get started right away. And, it means getting out of your way so you can customize a solution as you like.

When you implement a privileged account management tool, Easy Matters.

 What do we mean by that?

Your time is too important to waste

 One of your goals for investing in a privilege management tool is to rid yourself of labor-intensive manual work. When you think about the value of your time, consider the effort it takes to manage privileges at every point in their life cycle. That means everyday tasks like set up, rotation, removal, and monitoring passwords. Now think of the additional demands on your time when an auditor shows up and you need to pull and analyze reports. The goal of a PAM solution is to automate this labor and help you manage privileges with policy-based controls.

 When a tool is simple, your time to value is faster

 The faster you can get a new tool up and running, the sooner you can start to realize your return on investment. Some cyber security tools take many months to test, configure, adjust, and then roll-out across an organization.

Some tools are so difficult to use that they just sit on a shelf and never realize their potential value

In a recent report comparing PAM vendors, UK-based Cyber Management Alliance warns, “over-complicated solutions often become so cumbersome that operational teams are unable to configure, optimize and run the tools effectively. This circle of confusion leads to a downward spiral of lower product utilization and as a result, teams are unable to deliver on the overall task of ‘keeping the business secure and resilient.’”

Sadly, some tools get purchased but are so difficult to use that they just sit on a shelf and never realize their potential value.

You shouldn’t pay for complexity you don’t need

One of the ways that some security vendors try and justify a higher cost is by adding in more and more features and capabilities. We call this the “kitchen sink” strategy and it’s used to overwhelm buyers. With so many variables and interactions it’s next to impossible to test out everything in the buying stage, so you end up purchasing a lot of stuff you don’t actually need. It takes longer to prove your ROI and your leadership starts asking uncomfortable questions about the value of your purchase.

If a cyber security tool is too hard to use, people will reject it

Let’s face it. When you’re trying to implement a new security policy, you typically have to convince people to change their behavior, and that’s not something they enjoy doing. If you don’t prioritize business productivity along with security, your security policies can fail spectacularly.

Let me give you an example. If you tell people they have to wait for IT approval every time they need a critical business application because your least privilege policy means they can’t have local admin rights on their computers, they may start coming after you! Privilege management tools should automate policies and make application control work behind the scenes, so people don’t feel the impact on their work.

It’s easy to make mistakes with a complicated tool

Now comes the “dangerous” part. When security tools must be managed with multiple controls or in multiple locations, it’s easy to skip steps or cause your systems to get out of sync. We’ve talked with many customers who face this challenge trying to piece together GPO, Applocker, and other Microsoft tools for privilege management. Even a skilled security team runs this risk. Life is much easier – and safe – with a central interface where you can view and manage all your privileges in one place.

Without simple controls, you don’t have the agility you need to respond to threats

Cyber threats are becoming more sophisticated every day. If you can’t respond immediately to a change in the threat landscape you can’t count on your systems to keep you safe.

Security tools are constantly collecting data. So much data that it’s easy to feel overwhelmed and miss what’s important. That’s why simple, central dashboards and automated alerts are so important to help you respond quickly to a cyber incident.

Some privilege management solutions don’t give you direct access to make changes, run reports, customize scripting, or even upgrade to new versions. You’re forced to rely on their professional services team to make changes, which means you’re at the mercy of their schedule. Not to mention the additional cost involving with making the adjustments you should be able to handle on your own. You must have direct control over your privilege management tools to make changes as you need.


PAM requires careful planning and oversight to choose the right policies and solutions for your organization. We know the job is challenging enough without adding more road blocks. Once you choose a tool, you should be able to make it work the way you want without the pain.



1.How quickly can you get a PAM solution up and running?

  1. How long will it take you to achieve return on your investment?
  2. Is the user interface easy to navigate?
  3. Is there a central dashboard for PAM controls?
  4. How complicated is the user manual?
  5. Does it integrate with other solutions such as SIEM or ticketing systems?
  6. What type of reports are included?
  7. Are there APIs and SDKs that let you customize on your own or must you engage professional services?
  8. Can you update the software on your own or do you need to call professional services?

 Just remember:

Easy matters.


IT Admins: Our collection of free IT tools makes your life easy and your organization safer!

*** This is a Security Bloggers Network syndicated blog from Thycotic authored by Dan Ritch. Read the original post at: