What is Privileged Account Management?

Day after day, we see the evidence of an increased number of breaches. As a Privileged Account Management (PAM) provider, we are also seeing a similar increase in requests for proposals on our Core Privileged Access Manager (BoKS) solution. What is most interesting is that a large number of security professionals who contact us indicate that they are not not even sure what privileged accounts are in their organizations and have no idea where to start in managing them. 

What Are 'Privileged Accounts?'

Privileged accounts are any accounts that hold 'keys to the kingdom' in your network. These can be in the form of admin, root, SYS, or other credentials that would give administrative all-access passes to your applications. With a growing number of accounts, environments, devices, applications, manual managing of these accounts is not enough, which has led to so many breaches.

Why Is This So Challenging?

Enterprise networks are constantly evolving. Employee access roles change often, making it difficult for your IT staff to keep all privileged accounts under control. Privileged credentials, computer operating systems, databases, and network devices are highly regulated, causing more confusion and obstacles when managing these accounts. In order to comply with mandatory security regulations provided by SOX, PCI-DSS, HIPAA, FISMA, BASEL III, and others, your IT staff must have the proper tools to secure and monitor these accounts.

Privileged identities must be detected and tracked at all times. Service and application account passwords must be safely secured and recorded. These passwords must be able to change on a set schedule without disrupting the productivity of the company. User access to privileged logins must be audited to meet corporate requirements. All of these steps are very difficult to accomplish effectively without an automated solution.

Why Does Your Organization Need a Privileged Access Management Solution? 

In a word, scalability. PAM software has the ability to scale economically over many departments and systems to provide large cost savings should your company ever need to change. Also, your PAM solutions performance will not be impacted, no matter how much your organization grows. Ideally, you would want a multi-threaded application. This way your company is able to simultaneously change passwords on multiple machines in a reasonable amount of time. Also, it should be able to process simultaneous requests without decreasing productivity.

To make sure that these needs are met, you must pick an architecture that can prevent and size-up fail-over and still increase performance. This architecture should be an n-tiered architecture. This way you have the option to deploy the password database, management console, web server, and reporting database on multiple machines.

Your PAM solution should have the ability to deploy individual zone processors on remote machines to reliably handle password changes at distant locations and on multiple isolated (DMZ) networks. It should also have a console design and password change architecture, including a back-end database and highly tuned, multi-threaded password change algorithm.

This should provide increasingly responsive console interaction and reporting even when processing large password changes across multiple devices and accounts. A privileged access management solution can help you do more than maintain compliance, it prevents data loss by protecting your most valuable assets.