Privileged session management is a control feature that limits how long and for what purpose an admin – which can be human or a machine – can access a digital resource. Privileged users can access critical IT assets, such as the management UI for devices or the root file for UNIX server. Sessions management is an additional level of control and security that puts a time limit – or a functional limit along with a time limit – on what the admin can access for that particular session. This instructional web page is directed at non-privileged users and procurement managers assessing One identity for investment.
In the simplest worst-case scenario, if your PAM security system is a legacy system, it may have a simple admin access policy of yes or no. The privileged user has access to everything or nothing. Often with legacy systems, this elevated access may have been managed with shared credentials, which meant there was no individual accountability nor was there any limitations on what an admin could access. With that said, for IT infrastructure to function, there needs to be users that have privileged access at the end of databases, control infrastructure, set user-access permissions and add code to apps to make them even better. But you can’t just leave the vault door open all the time, that encourages users who shouldn’t be in there to be in there. You must control it. So, you give them a time limit and you don’t ever share the keys or the access code with them directly. If they need to access critical infrastructure, they can ask and get issued a hidden password with access that allows them limited capabilities and a specific time limit. They can’t stray from their purpose, and they can’t stay longer than the need to. So, privileged session management is just that, elevated access that has a specific time limit for a user to get a task completed.
Privilege sessions are akin to when mom says she’s counting to three by which time you need to choose an afternoon snack and close the refrigerator door. If you can’t decide on what to eat by the time mom says ‘three,’ your access to the privileged resource – in this case the refrigerator – is immediately shut down. On a more technical level, a privileged session is when an admin is allowed access to a resource for a specific amount of time to complete a task before access expires. Privileged sessions are a mechanism to manage who and how long a privileged user – human or machine user with elevated privileges – can have access to a digital resource.
Access is immediately cut off when a session expires. At that point, if a privileged user needs to re-access that resource, they must reauthenticate and request access to continue working or to perform another task. These privileged resources can be a SaaS tool, an on-prem application, control settings for a router or a database of customer information. PAM security as technology controls access to critical infrastructure like the resources mentioned here.
With One Identity Safeguard for Privileged Sessions, you can control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Content of the recorded sessions is indexed to make searching for events simple and helps automate reporting so you can easily meet your auditing and compliance requirements. This solution can also serve as a proxy inspecting the protocol traffic on the application level. This makes an effective shield against attacks by rejecting all traffic that violates the protocol. For more information about One Identity Safeguard for Privileged Sessions: