Privileged identity management (PIM) is the monitoring and protection of superuser accounts in an organization’s IT environments.
Privilege Elevation and Delegation Management solutions remove user privileges completely and allow sysadmins to operate under the security of a standard user account.
Oversight is necessary so that the greater access abilities of super control accounts are not misused or abused. Unmanaged super user accounts can lead to loss or theft of sensitive corporate information, or malware that can compromise the network.
Privileged Access Management (PAM) is a solution that helps organizations restrict privileged access within an existing Active Directory environment and it accomplishes two goals:
The need for privileged access monitoring and control is:
A PAM solution offers a secure, streamlined way to authorize and monitor all privileged users for all relevant systems. PAM lets you:
PAM is focused on privileged user access. Identity management concerns authenticating and authorizing any user who needs access to a system.
Privilege Elevation and Delegation Management solutions remove user privileges completely and allow sysadmins to operate under the security of a standard user account. Admin rights are assigned only to the individual tasks, applications or scripts that require them. This granular level of control ensures the number of admin accounts within an organization can be dramatically reduced or eliminated.
Using comprehensive reporting, privileged operations can be identified. This allows organizations to request user justification for audit purposes or implement challenge / response mechanisms for additional security and control on critical systems. This approach not only improves security and regulatory compliance, but also allows for a much better user experience.