Privileged Access Management (PAM) refers to monitoring and securing administrative accounts. These accounts are considered the most privileged of all user accounts in an organization.
When PAM-accounts are used in the wrong way, either intentionally or accidentally, the organization can suffer serious damage. Hence, it’s critically important to set-up a solid PAM strategy in order to properly monitor and secure these accounts. A typical component of a PAM strategy – which also clearly illustrates its importance – is that all activities that administrators perform within their accounts are recorded using screen capture videos.
Why PAM shouldn’t be called PAM
As PAM stands for ‘Privileged Access Management’, it makes sense to assume this addresses all privileged accounts in an organization. However, PAM doesn’t do that. In fact, PAM only addresses administrator accounts, a limited part of the total number of privileged accounts in an organization. And that is exactly why PAM shouldn’t be called PAM, but rather something like AAM (Administrator Access Management).
But whatever the name we use for it, it’s important to note that PAM leaves a number of privileged accounts untouched. Consequently, another solution is needed to take care of this. Before we go there, let’s take a look at the origin and nature of privileged accounts first…
Privileged accounts: a closer look
Apart from administrator accounts, many other accounts – the actual number depends on the size of your organization and the way access rights are handled – can and should be considered as privileged. In fact, every single access right that is offered to a user can be seen as a privilege. So, the question is: how many – and which – access privileges are needed before a user should be considered a privileged user?
A typical example is a staff member who is working for the organization for many years. As he advances through several positions, he is granted new access rights for each new position. However, the access rights required for his previous functions are – due to negligence, in most cases – never withdrawn. This way, the staff member will gradually collect a large number of privileges.
Why PAM is not enough
We made clear that PAM – even if it’s perfectly setup and executed – does not suffice to protect your organization from the risks associated with privileged users. So, what you really need is to supplement your PAM solution with an identity intelligence solution, such as Elimity, to rest assured that you’re monitoring all privileged users in your company.