Privileged Access Management (PAM) refers to a class of solutions that help secure, control, manage and monitor privileged access to critical assets. ~ The Secret Security Wiki
PAM integrates strategies that can assist security teams to gain more control over systems, accounts and data in order to prevent unwanted or unnecessary access. A comprehensive privileged access management program will include password management, monitoring and logging, access approval and workflow and remote access.
Who needs administrative access?
- Local or Domain Admin accounts that manage servers and Active Directory
- System admin accounts, that help manage databases such as human resources or payroll
- Root accounts for management of Unix/Linux platforms
- Accounts that run and manage Windows applications, services, and scheduled tasks
- Networking equipment accounts that give access to firewalls, routers, switches and wireless access points
Management is a key word in PAM. Failure to manage access and accounts can result in breaches, credential and data theft or other security related issues.
Avoid ‘privilege creep’. This occurs when excessive and unmonitored access occurs.
How can privilege creep happen?
- Employees leave the organization or move into alternate roles and access is not adjusted
- Default accounts are not disabled
- Accounts are abandoned and never used
- Privileged access is too broad, exposing the organization to unfettered access should the credentials become compromised.
When planning your PAM environment you will need to identify these areas:
- Who needs access to what in order to perform appropriate duties? Keep the rule of “need to know’ in mind.
- Consider third party contractors
- Consider other restrictions such as a time window, VPN, IP and/or port restrictions and segmentation
- Review and audit policies regarding access
Implementing privileged access management, along with security best practices, can exponentially increase your defenses against external and internal risks, both intentional and non-intentional. Exercising the principle of least privilege is key to your overall security and preventing security incidents from occurring.