What Is Privileged Access Management (PAM)?

Privileged Access Management, also known as PAM, is a critical security control that enables organizations to simplify how they define, monitor, and manage privileged access across their IT systems, applications, and infrastructure.



Because administrator accounts have elevated privileges that can access valuable data and execute applications or transactions—often with little or no tracking control—it can be very difficult to manage privileged accounts. Privileged Access Management software centralizes management of administrator profiles and ensures the principle of least privilege access is enforced to give users only the access they need.

Organizations rely on PAM security not only for its efficiency, but also because they are often mandated by regulations, including Sarbanes-Oxley (SOX) Section 404, the Federal and North American Energy Regulations Commission (FERC/NERC), HIPAA 2, and state level regulations such as the California Information Practice Act and the Massachusetts privacy law 201CMR17.

Read More >




As Privileged Access Management has evolved, Gartner has established two further classifications to highlight different mechanisms of PAM solutions. These include Privileged Account and Session Management (PASM) and Privilege Elevation and Delegation Management (PEDM). PASM and PEDM are two categories of security tools that have distinct approaches in how they manage access. Both PASM and PEDM tools use the principle of least privilege, which mandates that users only have the access necessary to their job functions. While both solutions have the same goals, they have different mechanisms in how the target account is protected and accessed.

Read More >



PASM solutions are often referred to as password vaulting. Privileged account credentials are securely created and distributed exclusively by the solution. When users need access to a specific server, they request access from the vault, and are given a temporary account with full administrative privileges. This account is only valid for a single session. Additionally, the session activity is monitored and recorded.


What Are Privileged Accounts?


Privileged accounts are considered elevated accounts within your IT environment that hold the 'keys to the kingdom.' These types of accounts frequently have privileges to access valuable data and execute any application or transaction, typically with little or no tracking or control. A privileged account can take the form of an Administrator in Windows environments or Root in UNIX or Linux environments.

Each organization should determine what is classified as privileged data, where it is, and who has access to it. Control of privileged accounts is a major factor in compliance across regulations in every industry. Here are common types of privileged accounts:

  • Local Admin Accounts
  • Privileged User Accounts
  • Domain Admin Accounts
  • Emergency User Accounts
  • Service Accounts
  • Application Accounts


Because of their elevated access, privileged accounts have more significant risks than non-privileged accounts and have more potential for exploit or abuse. Privileged accounts, which can number in the hundreds in some enterprises, are frequently not tied to specific individuals, so the accounts can be used to do virtually anything, with little or no possibility of detection. 

Read More >

How to Select the Right PAM Approach


Organizations struggling to achieve effective protection of privileged and root accounts often wonder what the best approach to Privileged Access Management is for their business. Here we examine three of the most common approaches to PAM security within organizations today:

Home-Grown Privileged Access Management

Home-grown solutions are typically based on operating system capabilities, available utilities such as 'sudo,' clever password management procedures, and a lot of scripts. Home-grown solutions can become extremely costly and require system administrators to do considerable programming. Home-grown solutions are also often found insufficient from an auditor’s perspective. With sensitive information subject to insider threats, the capabilities of home-grown solutions are quickly superseded. 

Combination of Open Source and Commercial PAM Solutions

Some organizations look to combine various commercial or open source point solutions to create an operating system environment that provides an effective approach to protecting privileged accounts. This typically involves using one solution for user provisioning, another for centrally managed secure communications (SSH), a third for password management, and possibly another tool for audit log consolidation.

While combined solutions can amount to something powerful, one important aspect is lost: centralized access management on one security system. Combining multiple technical solutions into one leaves conceptual gaps, which in turn lead to security flaws and inefficient management. And while cost-focus may be the primary driver for this option, it typically ends up costing more and exposing organizations up to more risk than commercial options.

Commercial Privileged Access Management Solutions

Organizations that want to centralize management of their privileged accounts, secure systems without slowing down productivity, and easily enforce least privileged access look to commercially available PAM solutions. Investing in an agile Privileged Access Management solution specific to your multi-platform environment provides all of the components needed for effectively protecting privileged and root accounts both proactively and adaptively, without all of the overhead, costs, and complexities of full-blown identity and access management infrastructures. 

Commercial PAM solutions simplify an organization’s ability to enforce security policies, control access to critical systems and information, and provide full control over accounts, access and privilege, so IT and security teams can proactively prevent internal and external critical system attacks before they start.


What Are the Benefits of PAM Solutions?


Improve Security with Granular Privileged Access Controls

Card image cap

Effective Privileged Access Management defines who can have access to each part of a system and specifies what they can do with that access. This eliminates privileged password sharing and enables you to track administrator and account activities in detail so you can specifically identify who has done what. 


Why Privileged Access Management Is Important


For the second year in a row, Privileged Access Management (PAM) is listed as a top security priority by Gartner. Despite being around for decades, PAM security tools are becoming increasingly vital as access privileges become more complex. In fact, experts predict that more than two thirds of organizations will implement privileged access management in their enterprise in the coming years. 

Effectively managing privileged access has become a top priority for many organizations seeking to protect their data and systems from unauthorized users. That’s because inappropriate access can expose valuable organizational data, compromise sensitive information, and adversely affect system reliability. But with full control over privileged accounts, IT and security teams can help prevent internal and external attacks on critical systems before they start.

The latest Verizon Data Breach Investigations Report found that the majority of data breaches leverage privileged accounts directly. With compromised credentials a leading cause of data breaches, organizations cannot afford to ignore the importance of privileged access management. And more than ever before, companies are looking for more effective and efficient ways to protect their data with PAM solutions.

Regulatory compliance is only getting more intense as technology becomes more sophisticated. Privileged access management enables organizations to adhere to requirements. To remain compliant, many industries, particularly those dealing with sensitive information, like financial institutions, require frequent password changes.



PAM solutions reduce or eliminate the need to share passwords because technical controls restrict access only to authorized users, and can leverage stronger authentication methods.

Privileged access management is also ideal to combat insider threats and enforce the principle of least privilege, which mandates that users only have the access necessary to their job functions. Linking access to job roles, and subsequently, individual accounts, eliminates the need for superusers that have universal access. These tools can also require additional authorization for high-risk servers, providing additional protection. Finally, privileged access management provides user accountability through means like keystroke logging.

Read More >

What Are Requirements for Controlling Privileged Accounts?


The challenges associated with controlling privileged and root accounts within a multi-platform environment increases quickly as the number of people who need powerful administrative access for various job functions grows.

Wheel of privileged users being organized and monitored with a Privileged Access Management solution.




Privileged Access Management Best Practices 

To effectively and efficiently manage privileged accounts, below is an overview of best practices for PAM in your organization: 

  • Centralize Management of User Accounts Across All Real and Virtual Servers:
    Centralized administration of user accounts across your heterogeneous Linus/UNIX server environment ensures you can monitor and audit which users have access on which machines. 
  • Integrate with Existing Corporate Directories:
    With multiple corporate directories and identity management systems, privileged account management must integrate seamlessly, so that team and group identities can be associated automatically to the correct systems, applications, and data.
  • Ensure Contextual Authentication:
    Contextual authentication enables organizations to target strong authentication to particular servers and roles that bring a higher level of risk.
  • Enforce Secure Keystroke Logging:
    For sensitive sessions, you must also have the ability to adapt to enforce full keystroke logging, so administrator activities can be tracked in full detail.
  • Implement Granular Access Control:
    Instead of allowing functional accounts like 'root' or 'sysdba' to log in, you need to have enforceable authorization rules that mandate the use of individual and auditable user accounts. Implement fine grain security controls to define and enforce who is granted elevated privilege, when, how and from where.
  • Consolidate Audit Logging:
    Protecting privileged accounts includes centralized audit logging with a detailed record of user activities. Effective PAM solutions should deliver consolidated audit logs and reports from across your server domains and be kept on a separate security domain.

          Read More >

Privileged Access Management from Core Security 



Core Privileged Access Manager (BoKS)

Identity, Account, and Privileged Access Management Platform for Linux and UNIX