How Come So Many Privileged Account Management Programs Fail?

Perhaps the fastest growing market in the already fast growing identity and access management (IAM) sector is privileged account management (PAM). It goes by many names (PAM, PIM, PIAM) but really it boils down to the age-old need to control and monitor what superusers do with the all-powerful administrative accounts that are a necessity on virtually every system. The emphasis is well-deserved – most major breaches are due to abuse or misuse of these credentials. I’m sure you have a PAM program already, and I’m equally sure that you have room for improvement – everyone does.

So where can you improve and how can you do it?

Let’s start with a definition of what PAM is. Depending on who you purchased your PAM solution from, you may have been brainwashed into a narrow, limited view of the scope of the problem. There are four major categories of PAM solutions:

  1. Unix root delegation – granting Unix/Linux administrators only the amount of root permission necessary to do their job. Open source sudo is the most common type of delegation solution but there are several commercially available sudo replacements available as well.
  2. Credential vault or safe – storing administrative credentials in a virtual vault and issuing them on an as-needed, according to policy basis.
  3. Windows delegation – similar to Unix root delegation but for Windows systems and perhaps most importantly for the Active Directory Admin account
  4. Session monitoring – watching what administrators do with their elevated permissions and administrator credentials (either delegated or vault-issued)

In reality, any organization with a complex, heterogeneous environment will at one point need all of these. But the problems come when the vendors selling you PAM solutions skew the discussion to focus on only the area that their solution plays (and very few vendors have solutions across all of them).

That’s why so many PAM programs under-deliver – they are too narrow in focus. Consequently the only option is to research, evaluate, and buy another solution (or two, or three) to fill the gaps, which results in a disjointed mess full of inefficiencies, inconsistencies, and difficult integration efforts.

One of the few vendors to offer the complete range of PAM solutions, and the only vendor to offer mature and proven technology across the board is Dell. We’ve been doing PAM, and doing it well, for more than 12 years and have thousands of customers that have seen success. I’ve taken this wealth of real-world experience and created a new eBook titled: Strategies for Successfully Managing Privileged Accounts. It details what works, what doesn’t work, the common pitfalls facing many PAM programs, and proven strategies and technologies that will place you in a position to succeed.

Learn how to achieve PAM Success.

And if you want to see which vendors offer which PAM solutions check out this Gartner report.

 


About the Author
Todd Peterson
Todd Peterson manages product marketing for the One Identity family of identity and access management (IAM) solutions. With more than 20 years of experience in security software, Todd has deep expertise...