Identitätsmanagement und Berechtigungsverwaltung Der Eckpfeiler der Unternehmenssicherheit
Privileged Access Management (PAM) is a sub-discipline within the identity governance framework. PAM can be implemented and operate on its own or be integrated into an organization’s Identity & Access Management (IAM) policy and processes.
Organizations may choose to start with either an IAM or PAM implementation in order to meet their objectives, however unifying both should be their ultimate goal as they mature through the IAM lifecycle. In fairness, many organizations will never mature to this point, but the goal should always remain to streamline the identity and security process.
To that end, IAM plays a critical role in an organization’s IT security strategy. As organizations grow, so do the number of applications, servers, and databases used. Access to the organization’s resources is typically managed through IAM solutions, which offer capabilities like single sign-on, provisioning, user management, access control, and governance.
But securing an organization’s sensitive data and applications requires a deeper understanding of privileges. Privileged users (administrator and root accounts) can leave an organization exposed if activity of their usage is not monitored Identity & Access Management: The Cornerstone of Enterprise Security and documented properly. Identity and access management solutions help IT teams answer: “Who has access to what?” But, to achieve complete user visibility, PAM solutions address the remaining questions: “Is that access appropriate?” and “Is that access being used appropriately?” That is, PAM solutions provide greater visibility and deeper auditing of actual behavior based on the monitoring of privileged account sessions.
The resources under PAM management can include anything from an operating system to applications, databases, network devices, scripts, DevOps, IoT, cloud resources, and so on. The implementation of PAM is performed using dedicated solutions, policies, and procedures that focus on managing privileges and all the locations where they may be present. IAM solutions interface with PAM by managing and certifying the identities associated with privileged accounts and credentials.
PAM solutions provide organizations the secure privileged access tools needed to protect all assets regardless, but typically focus on the critical resources containing the most sensitive information and infrastructure and the removal of privileges from all endpoints regardless of server or workstation. This allows an end to end management strategy from joiner, mover, and leaver to the individual privileges assigned and what the account did with those privileges based on actual usage.
Read this article and more in the Identity Insider magazine!