A Checklist for Modern Privileged Access Management (PAM)


Privileged Access Management solutions help organizations to control, secure, monitor and audit privilege and its use across the IT environment; they manage access to privileged accounts for human users such as system administrators as well as service accounts for applications. Privileged accounts are pretty much what the name suggests, they provide access to the most secure and sensitive information in your environment which makes them highly susceptible to misuse by attackers and malware threats.

PAM solutions prevent privilege misuse by granting only the necessary amount of access for a specific amount of time to authorized administrators, thus lessening the risk of security threats. This “just-in-time” approach helps to minimize access to sensitive information. Modern PAM solutions take things a step further by removing “standing privilege” from accounts when they are not in use, this approach removes an attack surface very commonly exploited in lateral movement attacks.

Insider threats are becoming more frequent resulting in data breaches and costly disruption. Without a PAM solution, businesses are constantly at risk: employees can accidentally install malicious software and compromise the network; internal attackers can gain access to the organization’s most critical systems and sensitive data; in addition, compliance audits might not be passed due to strict privileged access control requirements. Today, PAM is an essential component of cybersecurity strategy.

But where should you start when selecting a PAM solution? Start by identifying what your privileged access needs are exactly. When selecting a PAM solution, consider deployment options and integration capabilities. Evaluate the ongoing effort of administration as well as the initial implementation and rollout. Another important point to consider is whether the solution can co-exist with other solutions and programs.

Key PAM Features to Drive the Most Value

When selecting a PAM solution, there are a number of differing capabilities. Consider the following options:

  • Privileged account discovery and onboarding — The tool you select should help you locate privileged accounts in your IT ecosystem and bring them under control.
  • Just-in-time (JIT) privileged access — To reduce the risk of privileges being exploited by malicious insiders or outside attackers, look for a tool that grants privileged access only when needed and only for the time necessary to complete a business task.
  • Zero Standing Privilege – It is important to make sure that the privileged attack surface does not exist in your environment when not actively being used. Make sure that your tool can dynamically provision privilege when it is required and remove it when it is not.
  • Privileged session management and activity tracking — Being able to monitor and record how privileged credentials are being used helps you spot improper behavior, immediately block access to sensitive information and resources, and hold individuals accountable for their actions.
  • Reporting and analysis — In addition, evaluate how well the PAM solution enables you to analyze and report on how privileged accounts are used. In particular, consider whether it will help you find insights for improving your security posture and prove compliance with regulatory mandates.
  • Privilege elevation and delegation management (PEDM) — Check whether the solution makes it easy to grant and remove rights from privileged accounts as needed in Windows or Unix/Linux systems.
  • Privileged credential management and access governance — A central hub can be an ideal way to review privileged accounts and permissions and formally manage privilege assignment to comply with your governance policies.
  • Secrets management — Assess the methods and tools the PAM solution provides for managing privileged accounts and service credentials, such as APIs, keys and tokens.
  • Multi Factor authentication (MFA) — Make sure privileged users are required to confirm their identity in more than one way before accessing company systems and applications.
  • Automation — To help minimize IT staff time and required resources, consider whether the solution provides automated workflows for handling repetitive PAM tasks. This may also help to reduce the burden of human error.

Modern Privileged Access Management solutions can help secure your business’ sensitive information and lessen cybersecurity threats. Consider the above capabilities to select the PAM solution that is best for your organization.

Photo credit: Adobe Stock

Related News:

New Features in BeyondTrust Privileged Remote Access Speed Vendor Onboarding, Enable Raspberry Pi Access, and Extend RDP Capabilities

Remediant Announces Interoperability with VMware Carbon Black to Deliver Industry Leading Integrated PAM and EDR Solution to Prevent Lateral Movement


About Author

Martin Cannard is Vice President, Product Strategy at Netwrix, provider of cybersecurity solutions that simplify data security. He is an accomplished executive and product manager with 30-year track record of success from startups to enterprise software organizations, specifically in the privileged account management and identity and access management space.