A Privileged Access Management (PAM) tool is a cybersecurity solution used to secure privileged users and sessions. Privileged users, such as administrators and root users, wield elevated control over network resources, like databases and applications.
While this elevated control is necessary for maintaining and managing these resources, it also presents a substantial security risk. PAM tools are designed to mitigate this risk by offering specialized, dedicated security controls for privileged accounts and sessions.
PAM tools can discover and inventory all privileged identities, use encryption to protect privileged credentials, grant temporary privileged access and detect any suspicious activities (e.g. data exfiltration). In the following sections, we will discuss the different categories of PAM tools.
The three core categories of PAM tools are: Privileged Access and Session Management (PASM), Privileged Elevation and Delegation Management (PEDM), and Remote Privileged Access Management (RPAM).1. Privileged Access and Session Management (PASM)
Privileged Access and Session Management (PASM) is a core category of PAM that primarily focuses on securing privileged credentials and sessions. PASM tools:
Privileged Elevation and Delegation Management (PEDM) is another core PAM category that addresses the nuanced challenges of elevating and delegating privileged access within an organization. PEDM tools:
In today’s remote-first world, Remote Privileged Access Management (RPAM) has emerged as another core category of PAM tools. RPAM tools are specifically designed to manage privileged access to remote systems and applications. RPAM tools:
Just-in-Time (JIT) privilege is not strictly a core PAM category, but rather an invented concept that is often presented as such. JIT Privilege tools focus on granting temporary elevated privileges, on an as-needed basis, for a specific task or purpose. Here’s how they work:
While these concepts align with the overarching principles of PAM, JIT privilege is not a distinct category of PAM tools. A JIT privilege tool is also not a replacement for a comprehensive PAM solution.
In addition to the core categories of PAM tools, there are a few other categories that are closely related to PAM. These include:a. Secrets management
Secrets management tools allow organizations to manage sensitive data, such as passwords, PINs, API keys and certificates. Typical features of these tools are the ability to
Cloud Infrastructure Entitlement Management (CIEM) tools focus on managing permissions in cloud environments. Some standout CIEM features are:
Even though CIEM and secrets management solutions are not strictly PAM tools, they can be used to support PAM initiatives as part of a comprehensive IAM policy.