Skip to Main Content

Balancing IAM-Related Business and Security Requirements that Satisfy Leadership

A large company contracted TrustedSec to perform a penetration test to evaluate the security of network infrastructure. Upon review of the technical report findings, the client partnered with TrustedSec again to develop the framework required to successfully implement the desired Identity and Access Management (IAM) process and further mature their Information Security program.

Leadership was concerned that an actual motivated threat actor would be able to easily breach the organization’s systems, leading to both tangible as well as intangible negative business impact. At the same time, there was concern about balancing security and the user experience. In addition, there was intense pressure on the security team since it was the second time the same findings were discovered during a penetration test.


  • Multi-Factor Authentication (MFA) Implementation
  • Privileged Account Information Storage (PAIS) Review
  • Identification of Insufficient Password Policies and Account Controls
  • Privileged Account Management (PAM) Process Deployment


  • Requirements prioritization
  • Balanced business and security requirements with user experience and productivity
  • Ensured critical security findings were addresses quickly and professionally