Privileged access management: taking back control of your secrets

by Julien Mathieu - Cyber Security Consultant
| minute read

Many of today’s tech analysts and consultants consider privileged access management (PAM) as one of the most important security initiatives for reducing cyber risk. This year, for the second year in a row, Gartner even put PAM at the very top of its annual list of Top 10 Security Projects (though in 2018 it was still called ‘privileged account management’). PAM is, in effect, the new cyber security perimeter, significantly reducing organisations’ risks from cyberattacks and insider abuse alike. 

Privileged access management is generally accepted as fitting within the broader scope of identity and access management (IAM). Or, as Gartner puts it: “the discipline that enables the right individuals to access the right resources at the right times for the right reasons”. Both terms are indeed, and generally speaking, about safeguarding data and systems by managing who has access to them and what those users are allowed to see and do with them. 

Securing identities and access.

Originally, identity and access management fell under the IT Security department. Today, however, that mission-critical process of securing the identities of your employees, contractors, customers and partners, as well as securing their access to your IT resources, is often managed separately. To the extent that IAM now even exists as its own separate department in many organisations. 

While online training modules and videos have become a standard part of many training methods for distance learning, some companies are looking to go back to the good old days of in-class teaching. And it has to be said, sometimes classroom training is in fact the best approach for learning complex information. Profiting from new advances in training technology, large companies can now implement virtual classrooms that allow such training across multiple remote sites without loss in quality. Just as their employees can now take advantage of a variety of learning methods that potentially match their learning styles: from classroom teaching to simulation training or roleplaying. 

In recent years, privileged access management or PAM has become an important integral part of the IAM ecosystem, supporting organisations on their journey to ensure that all access is approved and continuously verified. This is especially important now that cyberattacks are the order of the day, so to speak, generating a real impact on our economy and our lives and attracting more and more headlines in the process. 

Keys to the (IT) kingdom. 

PAM tools, which have their roots in password management, are specifically designed and used to manage and monitor so-called privileged accounts and access. Privilege, in an IT context, is the authority to make changes to a network or computer. Both people and accounts can have privileges, and both can have different levels of privilege.  

When an account has privilege, it basically has a higher level of access and permissions than a standard account. That is why privileged accounts are often referred to as the keys to the (IT) kingdom: they provide near-limitless access to an organisation’s most critical systems and data, making them liable to abuse by insiders and highly coveted by hackers. Forrester Research estimates that no less than 80% of security breaches involve privileged credentials or passwords. 

Improving the security of your secrets. 

A PAM solution not only allows you to take back the control over your secrets, such as passwords and accounts. It also helps you to improve the security of those secrets, for instance by automatically randomising, managing and vaulting passwords and other credentials. Finally, it also lets you delegate admin access without loss of security, just as it allows so-called firecalls for emergency access. 

Which leads me to the conclusion that we have successfully advanced from simply securing passwords to securing privileged accounts (privileged account management) and enabling the secure usage of privileged accounts and data (privileged access management).