What is Privileged Account Management (PAM) ?

Privileged account management can be defined as managing and auditing account and data access by privileged users.

A privileged user is someone who has administrative access to critical systems. For instance, anyone who can set up and delete user accounts and roles on your Oracle database is a privileged user.

Like any privilege, a privileged account should only be extended to trusted people. You only give accounts with “root” privileges (like the ability to change system configurations, install software, change user accounts, or access secure data) to those that you trust. However, as the old saying goes, you should “trust but verify”.

Even trusted access needs to be controlled and monitored. That’s what privileged account management is for. Effective administrative access governance ensures companies maintain the ability to revoke privilege at any time. And ideally, most account privileges should either automatically sunset or else be subject to periodic review. The best practice is to limit privileges to those who actively need them.

Doing all this manually, depending on the size and complexity of your organization, is either time-consuming or impossible. This is where implementing a comprehensive PAM platform becomes essential for organizations of any significant size.

But the scary reality is that stealing and exploiting privileged accounts is a critical success factor for attackers in virtually all advanced attacks, regardless of attack origin. Privileged accounts are quite literally the keys to your IT kingdom. This makes elevated account safety a critical priority for any security-conscious organization. Forget about all that “people are our most valuable asset” nonsense, we all know that your data is the most valuable asset for virtually any organization.

The larger and more complex your organization’s IT systems are; the more privileged users you have. Privileged users can be employees or contractors, remote or local, human or automated.

Many organizations have more privileged users than employees!

The result is an explosion of growth for the “Privileged Account Management” software sector.

How Does Privileged Account Management Work?

Privileged Account Management (PAM) protects your systems from accidental or deliberate misuse of privileged accounts. Understanding core privileged access management principles is essential as PAM offers a scalable and secure way to authorize and monitor all privileged accounts across all your systems.

It allows you to:

  • Grant privileges to users only for systems on which they are authorized.
  • Grant access only when it’s needed and revoke access as soon as the need expires.
  • Eliminate local/direct system passwords for privileged users.
  • Centrally manage access over a disparate set of heterogeneous systems.
  • Create an unalterable audit trail for any privileged operation.

Components of a Privileged Account Management Solution

Privileged Account Management solutions vary, but most offer the following components:

  • Access Managersgovern access to privileged accounts. They provide a single point of policy definition and policy enforcement for privileged account management. A privileged user requests access to a system through the Access Manager. The Access Manager knows which systems the user can access and at what level of privilege. A super admin can add/modify/delete privileged user accounts on the Access Manager in a centralized system—thus greatly improving efficiency and effective compliance levels.
  • Password Vaults PAM systems keep passwords in a secure vault. All system access is via the Password vault. Thus, end users never have direct access to root passwords.
  • Session Managers – Session Managers track all actions taken during a privileged account session for future review and auditing. Further, some systems can prevent malicious or unauthorized actions and/or alert Super Admins if suspicious activity is detected. Effective high-privilege session administration requires these advanced monitoring and control capabilities.

The difference between Privileged Account Management and Privileged Access Management ?

Privileged Account Management?

Privileged Access Management?

Privileged User Management?

It doesn’t matter. People refer to this technology by all of the above. Privileged Account Management is also often referred to as “Privileged Access Management” or even “Privileged Session Management”. It all means basically the same thing.

Some folks call it PSM or PxM… but at WALLIX, we prefer to keep it simple with the acronym PAM.

Want to learn more about Privileged Account Management?

Download our free whitepaper about the basics of PAM and other access management tools, the Beginner’s Guide to Access Security.

Download : Guide to Access Security

Related content

Related resources