Privileged Access Management: Necessary, but not enough

Privileged Access Management (PAM) refers to the process of monitoring and securing administrative accounts, which are considered the most privileged of all user accounts in an organization. 

If these accounts are used in the wrong way, either intentionally or accidentally, the organization can suffer serious damage. Hence, it's critically important to set-up a solid PAM strategy in order to properly monitor and secure these accounts. A typical component of a PAM strategy - which also clearly illustrates its importance - is that all activities that administrators perform within their accounts are recorded in detail, by means of screen capture videos.

Why PAM shouldn't be called PAM

As PAM stands for ‘Privileged Access Management’, it makes sense to assume this addresses all privileged accounts in an organization. However, PAM doesn't do that. In fact, as explained above, PAM only addresses administrator accounts, which are only a limited part of the total number of privileged accounts in a typical organization. And that is exactly why PAM shouldn't be called PAM, but rather something like AAM (Administrator Access Management).

But whatever the name we use for it, it’s important to note that PAM leaves a significant number of privileged accounts untouched. Consequently, another solution is needed to take care of this. But before we go there, let's take a look at the origin and nature of privileged accounts first...

Privileged accounts: a closer look

Apart from administrator accounts, many other accounts - the actual number depends on the size of your organization and the way access rights are handled (according to your IAM-strategy) - can and should be considered as privileged. In fact, every single access right that is offered to a user can be seen as a privilege. So the question is: how many - and which - access privileges are needed before a user should be considered a privileged user?

A typical example is a staff member who is working for the organization for many years. As he advances through several positions, he is granted new access rights for each new position. However, the access rights required for his previous functions are - due to negligence, in most cases - never withdrawn. This way, the staff member will gradually collect a large number of privileges.

Why PAM is not enough

We made clear that PAM - even if it’s perfectly setup and executed - does not suffice to protect your organization from the risks associated with privileged users. So what you really need is an encompassing Identity Governance solution, which monitors and secures the accounts of all users in the company.

Elimity’s Insights tool allows you to do this - and much more - in a matter of minutes. Insights brings you all of the possibilities of a traditional PAM solution, along with lots of additional features, allowing you to take control of the status of all access rights in your organisation.

Did you like what you read?

Subscribe to our blog and always stay up-to-date on our latest posts

Related posts