Change Is Good: Why Moving to the Cloud Doesn’t Have to Be Scary
I’m going to come right out and say it: everyone hates change. Even in IT, where change is constant, administrators and engineers can get stuck and comfortable continuing to do what we’ve been doing for as long as we’ve been doing it. But eventually, something happens that shakes us out of our comfort zone and into the present. For the team at First PREMIER Bank, that “something” was moving to the cloud.
With $3 billion in assets, First PREMIER Bank runs two lines of business: banking and our credit card arm, PREMIER Bankcard. Even though the two domains are separate, they are both under our control in IT. I joined the company six years ago and am now the system administrator, working with a team of 200 people and managing some 3,000 mailboxes across the organization.
A Solution That Kept Us Safe and Compliant
We have a lot of administrative accounts to control, and for many years, we relied on Privileged Identity from BeyondTrust to maintain these accounts and rotate passwords. The passwords change every 24 hours using a new 25-character password on every server, workstation, and shared service account. We also own two other BeyondTrust modules: Privilege Management and Privileged Remote Access. We are especially fond of Privileged Remote Access since our SoftDev engineers use that exclusively. They won’t access a server remotely without it.
First PREMIER Bank adopted these solutions primarily for Payment Card Industry (PCI) compliance. I came to PREMIER from a company that wasn’t as concerned about security, so it was great when I arrived here and found the privileged access solutions already in place. Beyond meeting our compliance requirements, these solutions relieved the burden around the password management process. I—or another team member—don’t have to create a unique password. Privileged Identity has done it for us.
Our BeyondTrust solutions make everything easy, and with the Privileged Remote Access integrations, no one needs to remember their password: one click gets them where they want to go. In addition, the Just in Time Access Control of Privileged Access Management helps us avoid having too many domain admins come audit time.
A Larger Cloud Initiative Sparks Change
Things were going well in IT, and then the company began to lean into the cloud. There were multiple reasons, including the decision to move to AWS. First PREMIER Bank wanted to embrace the cloud, and as part of this larger initiative, we were to transition all of our applications from on-prem servers.
At the same time, BeyondTrust was turning its attention to Password Safe. I was interested and watched some demos to learn more about it. Password Safe seemed even more user-friendly than Privileged Identity, with more features. Between our larger cloud initiative and the Password Safe integrations with our other BeyondTrust solutions, adopting Password Safe seemed like a smart move—especially given our AWS migration. Password Safe could connect straight to the Privileged Remote Access device and, from there, go to AWS. It would make things easier and more seamless, offering a better experience for our vendor partners.
I’ll give you one example of how we expected Password Safe to make life easier. Trying to change passwords on a service account—an account used to run an application behind the scenes—used to be a nightmare. People don’t always remember where passwords are, and changing them could break things and create big headaches for many people. Sometimes, fixing that situation meant restoring everything to the moment before changing the password, which could again lead to lost work. It can get nasty, especially when dealing with other departments.
Password Safe would make the whole process more efficient, eliminating the need for duplicate work, easing collaboration between departments, and helping decrease audit findings.
Many “What Ifs?”—and Many Benefits
Even though the migration from Privileged Identity to Password Safe was part of the larger cloud initiative, people were hesitant. While I had spent a lot of time doing due diligence, others in the organization didn’t understand the platform yet and were worried about how the switch would impact them. They had a lot of “what if” scenarios on their minds, and I faced many questions about what would happen if/when we lost internet access. I remember one VP telling me he would ideally like to have a hybrid environment, despite the company’s cloud initiative.
What many people didn’t know, though, is that the plan included having an on-prem server that periodically replicates our data. Knowing that we had this option reassured everyone—including the VP.
Another benefit of moving to the cloud is that BeyondTrust will handle updates from now on. Not having to perform updates myself (and not having to schedule downtime for those updates) is a huge benefit. Upgrades for Privileged Identity used to be pretty intense because they required updating the SQL database, which took a few hours—if nothing went wrong. I would usually perform the upgrade in the test environment first to make sure everything went smoothly before scheduling the change in the live environment. The downside to that process is having to make the upgrade twice.
Shifting the responsibility to BeyondTrust will save me several hours per upgrade, and I know we will always be using the current version. We will also have the option to delay the update if we need to for any reason.
BeyondTrust Pushes Us to Be Better
Throughout it all, BeyondTrust has been a great partner. The leadup process to launching Password Safe took a few months, and during that time, our BeyondTrust project manager, Lauren, gave us plenty of prerequisites to check off the list. And because Lauren was so organized, we didn’t need to allocate a project manager from our side. Our server build team built all the servers for me, I created all the accounts to ensure a consistent naming convention, and Lauren had everything else covered.
But that’s no surprise. From sales to support to engineering, BeyondTrust has always extended dedicated care and attention to our projects. Even their Go Beyond conference offers a more personalized feeling than other large-scale vendor events. There are opportunities to meet so many people, and I feel like the BeyondTrust team values me, not just my company name.
We went live at the end of June, and we’re all looking forward to this next chapter. The move to the cloud comes with questions and concerns, but BeyondTrust has addressed these with a new solution that will improve security and compliance at First PREMIER Bank. Because that’s what change is about: finding new opportunities to succeed and improve at what we do every day. For anyone considering making the same move to the cloud, don’t be afraid of change. Think about the possibilities on the other side.