Large U.S. School District Reduces Risk With Optiv’s Managed PAM



A large school district headquartered in the southeastern U.S. has more than 20,000 employees and approximately 185,000 students in 139 schools. The school district faced several challenges and risks related to privileged accounts and ongoing privileged account management (PAM). 


This engagement focused on two key use cases. The first was the CyberArk solution deployment and continuous management of privileged accounts and credential management for approximately 50 thousand administrative accounts across workstations, servers and databases. Capabilities for each account included (1) Privileged account check-out and check-in with audit trails and approvals; (2) Automated password management; and (3) Configuration of native privileged session management for purposes of monitoring and recording administrator activity on high-risk enterprise resources. Another aspect of the use case was configuring the application integration manager (AIM) for the ServiceNow connector (Snow Software ITSM tool) and Tenable. The Credential Provider AIM component removes hard-coded accounts and credentials to reduce risk and comply with password rotation policy.


The second use case was endpoint privilege management. It involved configuration and continuous management to deny administrative rights to student and staff endpoints. An additional EPM component use case included configuring and managing the least-privilege model for staff members, including teachers, IT administrators and IT developers.


How Optiv Helped


Optiv designed the CyberArk PAM product, implemented it on premises and began managing it. Our experts also implemented the CyberArk Endpoint Privilege Manager (CyberArk EPM) SaaS to enforce least privilege and enable the school district to block and contain attacks on endpoints. CyberArk EPM, also managed by Optiv, is a combination of privilege security, application control and credential theft prevention – all work together to reduce the risk of malware infection.


Optiv’s Managed PAM simplifies program administration, helps ensure that compliance and cyber insurance requirements are met and enables internal security teams to redirect their time to other priority projects.


Learn More About Privileged Access Management

Industry Served: Education


  • Decentralized PAM processes without a holistic understanding of administrative, service and shared accounts
  • Lack of privileged account auditing and accountability
  • Inconsistent, manual processes with required password rotation
  • Use of hard-coded accounts and passwords within applications, scripts and batch jobs throughout the organization
  • Endpoint management of staff and student workstations


  • Design, deployment and management of a high-availability CyberArk PAM solution
  • Deployment and management of CyberArk EPM, including application integrations with certain highly credentialed accounts
  • Deployment and management of two complex environments: production and disaster recovery


  • Completed all deployments with minimal impact to the organization
  • Reduced the risk of malicious attacks such as ransomware and the risk of accidental misuse of elevated access privilege with implementation of least privilege
  • Removed standing application credentials in compliance with company policies to further reduce risk
  • Saved the school district approximately 485 support hours with managed services, which resolved 360 incidents, 123 service requests and five change requests in 10 months
Managed-PAM-school-Asset Download.png

Download a printable version of this case study


How can we help you secure greatness?


Optiv can advise on, deploy and operate end-to-end cybersecurity programs aligned to your business goals. As the cyber advisory and solutions leader, we serve nearly 6,000 companies across every major industry. Our certified experts can help you gain the agility, security, scale and control you need to stay ahead of the competition.