Privileged Access Management (PAM) or Privilege Account Management is a collection of process, technology used to control, manage and monitor access to critical assets including application, endpoint, server, database in cloud and/or on premise and meet compliance objectives. The key goal of PAM is to reduce risk.
What are Privileged Accounts?
Privileged accounts are crown jewels for any organization – regardless of size. Due to the criticality of these accounts, they are most vulnerable for potential attack by bad inside actors and/or outside criminals/hackers. A fundamental definition per NIST is that a privileged user account “that is authorized (and therefore, trusted) to perform security-relevant functions that ordinary users are not authorized to perform”.
Privileged accounts are the "oil" that allow applications, servers, and databases to function as intended by IT & business requirements and enable system level communication feasible. These accounts have permissions to change configuration, backup/restore data, delete data, create/modify/delete user accounts, install applications & software, allow upgrades or apply patches, make kernel changes and access data which could include most restrictive information such as PII, PHI, Financial and/or trade secrets. In other words, privileged accounts are the master key(s) for any organizations. There are several type of such accounts that we categorize here:
Table: Privileged Account Types
Why use PAM Solutions
As depicted below, today’s organizations are highly distributed and have several types of privilege access that is not within control of a closed network. The attack surface for privileged account has a large perimeter and a need for a modern PAM solution is higher.
FIGURE: Privileged Accounts Attack Surface
PAM solutions allow organizations to manage end to end lifecycles of privilege accounts and access securely. Organizations will have many different types of privilege accounts, and without having a robust way to organize, administer and govern such critical accounts, security breach are highly likely. Per 2018 report from Forrester, it estimates that 80% of data breaches have a connection to compromised privileged credentials, such as passwords, tokens, keys, and certificates. Privilege access abuse (e.g. admin accounts being used to do normal (non admin) activities) is a risk that CIOs and CISOs are recognizing and therefore prioritizing privilege access management.
With today’s complex and hybrid cloud deployment, managing privilege access without a modern PAM solution is not efficient from risk, operational costs and efficiency standpoint. PAM solutions allow different features such as the discovery of privilege accounts, ability to manage request/approval and compliance via analytics, reporting and periodic access reviews. At a glance, PAM solutions offer the following benefits:
FIGURE: Benefits of Privilege Access Management Solutions
To stay organized and keep focus, take into account the application on boarding methodology to focus on higher risk/priority including privileged access. To learn more about privileged access management Contact us to find out how CredenceIA can help you!