Planning and deploying Privileged Access Management (PAM) can seem like a daunting task, but with some clear understanding of the objectives and planning, it can be straightforward.
In this checklist, built on years of practical experience of implementing PAM projects, you will learn:
If you're considering a PAM project, or already started, this is an essential guide to improve success.
Please enter your business email in the form and we'll send you the link to the Checklist.
Privileged Access Management or PAM is a solution for managing powerful administrator accounts on applications, databases, services and devices.
Management of those privileged accounts includes credential life-cycle management including generating passwords, regularly updating credentials, and removing accounts when no longer needed. PAM provides a secure vault for those credentials and a central command and control point so that policies can be enforced and audit trails maintained. It also means you can monitor session in real-time and record sessions for forensic investigations or training.
Many traditional PAM tools have been seen as potential blockers to IT teams moving fast, but modern PAM solutions such as Osirium PAM focus on being easy to use and make the admin's lives easier with fast access to the systems they need.
Identity Access Management (IAM) or Identity Governance and Administration (IGA) are solutions for managing users proving who they are. It's also sometimes known as "Privileged Identity Management (PIM), but that's still focusing on the identity, not the access. Identity management usually focusses on username/password combinations, biometric authentication or multi-factor authentication and password lifecycles, not on what people do while they have access to a specific identity.
It’s essentially about “who you are”. Privileged Access Management (PAM) controls what the users do while connected to services and devices. The combination is very powerful, IAM tools authenticate the person then Osirium PAM manages the sessions for that user.
Privileged Access works by sitting between the user and the required service or device. Once the user proves who they are, Osirium PAM presents a list of devices, services and tasks that a person is allowed to access. Those devices could range from Windows or Linux servers to network devices (e.g., routers, switches, firewalls), to web services like salesforce.com, Workday, and just about any cloud service used by the business.
Once the required service is selected, PAM connects to the service and injects the administrator credentials to establish the user’s session. At no time are those credentials returned to the user ensuring they cannot be intercepted or leaked.
Osirium PAM supports a broad range of connection types including SSH terminal sessions, full remote desktop sessions and access to specific applications but not the full desktop.
Privileged accounts are those with enhanced capabilities, so Privileged Access Management could also be called Privileged Account Management but "access" is important because it covers what a user does while connected to a system, application or device as an administrator. For example, an administrator account may be able to create new accounts, update critical configurations, change system settings or access confidential data.
These accounts can be across the business, not just in IT. For example, Marketing may have an administrator account for their marketing automation system or access to a customer database.
The Finance team may have administrator accounts for accounting systems. Because of this power, administrator accounts are highly valued by cyber attackers as they unlock the most valuable systems and data.
The primary benefit of PAM is to protect valuable administrator credentials. Having this control and being able to prove it to auditors is a requirement not just for good business management but also for compliance with regulatory standards such as PCI DSS, NIST-800, Sarbanes Oxley, Cyber Essentials and many more standards. PAM is a critical capability that goes beyond Identity Management and Governance (sometimes known as IGA or Privileged Identity Management, PIM) as it's concern not just with the account credentials but what users do with those accounts.
Modern PAM is also an enabler for digital business by making it easier and faster for users to access IT systems, automating complex operations and securely allowing access for external partners and vendors.