When IGA Meets PAM: Extending Identity Governance to Highly Privileged Accounts

Hackers, thieves and cyber attackers never sit idle. They constantly evolve their technology and approaches to breach security perimeters, gaining access to highly sensitive and lucrative information. Now more than ever, they are targeting users inside your organization using malware, social engineering and a host of other tactics to compromise credentials and gain entry.

To protect mission-critical systems and applications, many organizations implement both Privileged Account Management (PAM) and Identity Governance and Administration (IGA) systems, yet do so separately and in isolation. Let’s consider an example: Alex, is a system engineer who is responsible for ensuring his company’s website and database is maintained and available.  To do maintenance work, he gains access to the database and webserver through the company’s PAM solution; checking credentials in and out of the PAM vault.  In addition, he also has access to other non-privileged systems and applications (including Office365, email, and HR system) which is managed by the IGA solution.  While this setup may be commonplace in today’s organization, it is a situation where PAM and IGA are managed in separate silos with no integration or communication between the two systems. This leaves a large gap in the organization’s security posture and provides limited insight into how privileged and non-privileged accounts relate to each other.  Moreover, it also opens the door to potential access violations and naturally increases risk of non-compliance with regulatory requirements such as HIPAA, GDPR and SOX. When you consider a recent Verizon report that states 14% of data breaches are due to privilege misuse, the question is how can organizations strive to reduce or eliminate the possibility of becoming one of these stats?

Now is the time for organizations to take a major leap forward in the maturity of their security programs by aligning and integrating IGA and PAM. Forrester reports that organizations with the highest IAM maturity experience half the number of breaches as the least mature. For instance, they are 46% less likely to suffer a server or application breach, 51% less likely to suffer a database breach and 63% less likely to suffer cloud infrastructure breach.

To address this challenge, SailPoint recently announced the availability of the IdentityIQ Privileged Account Management Module that extends identity governance processes and controls to highly privileged accounts for better oversight and risk mitigation.

The new Privileged Account Management module is the industry’s first standardized approach to extending governance processes and controls to highly privileged accounts.

By aligning identity governance with privileged access management (PAM), enterprises will now have a complete view of a user’s access, including standard and privileged accounts and entitlements, from a single pane of glass. The new Privileged Account Management module works directly with industry-leading PAM vendors and SailPoint Identity+ Alliance members BeyondTrust, CyberArk, Lieberman, Thycotic, and Osirum and their SailPoint-certified PAM integrations with IdentityIQ.

Organizations will quickly realize the innovative benefits that the IdentityIQ Privileged Account Management module provides including:

Complete visibility and governance over privileged accounts

By extending identity governance to privileged accounts, enterprises get 360-degree view over all access, especially high-risk identities with privileged access. Organizations can now cultivate a stronger security environment by ensuring identity governance policies are enforced consistently across privileged and non-privileged accounts, reducing vulnerabilities such as insider threats.

Simplify and centralize administration

Using the IdentityIQ PAM module, IdentityIQ can now serve as a central platform to govern access to both privileged and non-privileged accounts according to established policies. This prevents overprovisioning and limits the risk of providing access to highly privileged accounts to unauthorized users. Further, it speeds the delivery of privileged access based on user role or lifecycle event changes.

Integration with 3rd party PAM solutions

The new IdentityIQ PAM module enables organizations to rapidly deploy and integrate with their PAM vendor of choice. The IdentityIQ PAM module provides an open, standards–based integration framework (SCIM) that supports any third-party solution, resulting in a greater and faster return on existing PAM solution investments.

Modern enterprise organizations are leveraging SailPoint’s Open Identity Platform to establish synergies across their identity and security investments; aiding their efforts in creating a resilient environment that reduces risk as well as enhances their ability to adhere to strict compliance standards. The IdentityIQ Privileged Account Management module, is yet another example of how organizations can leverage the power of identity when it’s placed at the core of their security and IT infrastructure; allowing them to move forward at the pace that they need to be competitive while protecting sensitive data and assets.