I’ve been working in the privileged account management space for years, including a continuous line from Vintela, where we pioneered the Active Directory bridge space; through Quest Software, where we built the industry’s most comprehensive PAM offering; to now, where we’ve unified those powerful PAM solutions with governance. During that time thousands of organizations have used our solutions to address their PAM challenges.
When we’ve seen customers have success it’s been because they’ve embraced some simple tenets. And when they’ve struggled it’s because they haven’t. The four tents of PAM success are:
- Unix has special needs – the Unix/Linux root account is unique in that it is all-powerful, it is independent from every other root account and it is a point of vulnerability for the entire system, including Unix data. Observance of a few simple rules helps to improve security, efficiency and compliance for the Unix/Linux root account and the administrators who use it.
- Active Directory is important – the native management and security tools in AD lack support for PAM. Every AD management or PAM program should allow for delegating precisely the activities that AD administrators may perform and providing the permissions they need to do their jobs.
- Don’t just vault – anonymous administrative access is a big obstacle to successful privileged account management. A credential vault is a good way to deal with this problem, if you follow a few simple rules. But vaulting alone is not enough.
- Do it all with an eye towards governance – few PAM projects anticipate the governance needs that will eventually arise
I’ve written a new eBook called Strategies for Successfully Managing Privileged Accounts where I delve into each of these tenets and provide real-world recommendations on using them to front-load your PAM project for success – whether it’s a partial solution you hope to round out or a start-from-scratch PAM program that you want to get right from the start.
Learn how get PAM right.
And if you want to learn more about what makes up a comprehensive and successful PAM program read the eBook IAM for the Real World: Privileged Account Management.