Privileged access management (PAM) encompasses the policies, strategies, and technologies used to control, monitor, and secure elevated access to critical resources for human and service accounts.
PAM strategies enforce the principle of least privilege, restricting account creation and permissions to the minimum level a person requires to do a job. Least privilege helps prevent the spread of malware, decreases your cyber attack surface, improves workforce productivity, and helps demonstrate compliance.
Privileged access control provides security teams with fine-grained governance over sensitive systems and the ability to monitor how privileged company resources are being used. Whether your organization is a three-person startup or an enterprise giant, privileged access management done correctly will protect you against cybersecurity threats and prevent catastrophic user error while improving workflow and policy compliance.
PIM or PAM?
Privileged access security is a jargon-rich category, so let’s begin with a quick look at similar and related terms. Although there is a clear difference between IAM and PAM, many of these acronyms overlap. Furthermore, industry leaders sometimes use terms interchangeably, leading to greater confusion. The important thing to understand is not the acronyms but the functionality they represent.
- Identity and access management (IAM): A term with broad scope, encompassing the processes, policies, and tools involved in authenticating access to ensure that the right users can connect to the right resources at the right time.
- Privileged access management (PAM): A subset of IAM, focused on defining and controlling who or what has the authority to make changes to a network or device. PAM establishes policies and practices to ensure the security of sensitive data and administrative accounts.
- Privileged account management (PAM): A subset of privileged access management, this PAM focuses specifically on managing accounts that you have defined as privileged.
- Privileged identity management (PIM): Often used interchangeably with privileged access management, PIM involves managing which resources privileged users can access. PIM is also the name of a service inthat controls and monitors access to crucial resources.
- Privileged session management (PSM): A feature of good PAM tools, PSM allows administrators to control, monitor, and record privileged access sessions. Privileged session management may include SSH and RDP logging, remote session monitoring, auditing and reporting, and workflow coordination.
This article will focus primarily on the first two terms—namely privileged account management and how it fits into a larger IAM strategy. But first—what qualifies as a privileged account?