Explanation of terms

Privileged Access Management (PAM) refers to measures, processes and technologies that control and monitor access to particularly sensitive accounts and systems. The aim is to prevent the misuse of privileged authorizations and ensure the security of critical IT resources.

PAM is a central component of modern identity and access management strategies (IAM) and is based on the principle of least privilege. Only authorized persons, processes or applications are granted the necessary access to protected systems for a defined period of time.

What do you need PAM for?

companies use PAM to:

  • prevent unauthorized access to administrative or critical systems,
  • centrally manage and monitor privileged accounts,
  • detect misuse and lateral movements in the network at an early stage,
  • Automate password management, session monitoring and auditing,
  • demonstrably meet compliance requirements (e.g. ISO 27001, GDPR, SOX).

A PAM solution can enforce just-in-time access (time-limited) and multi-factor authentication (MFA), among other things, to minimize risks from compromised credentials.

What are privileged accounts?

Privileged accounts are user accounts with extended rights that go beyond standard or guest access. They enable the administration of systems, databases, applications or cloud environments, for example. These include

  • Domain and system administrator accounts: Full control over servers, networks and user rights
  • Local administrator accounts: Administrative rights on individual devices or servers
  • Service and application accounts: Technical accounts for automated processes or integrations
  • Emergency and break-glass accounts: Temporary access in the event of an exception or malfunction[1]

A PAM system protects privileged accounts, passwords and access across multiple levels. The aim is to prevent unauthorized activities, reduce risks and ensure compliance.

Central functions:
  • Password and account management: Secure storage, rotation and management of privileged access data.
  • Session monitoring: Recording, logging and real-time control of privileged activities.
  • Endpoint Privilege Management: Enforcement of the least privilege principle and control of local admin rights.
  • Cloud authorization management: Control and reduction of excessive rights in cloud environments.
  • Automated access control: protection and management of secrets, API keys and machine identities.
  • Compliance & reporting: Audit trails, role-based access control and verification in accordance with security standards.

Conclusion:

A complete PAM combines password security, session and cloud control in a central platform to effectively protect privileged access

Back to overview