ABSTRACT
This is an extensive review of Privileged Access Management, and how it can work within the Zero Trust Framework.
The technical definition of PAM is as follows:
Privileged access management (PAM) is the combination of tools and technology used to secure, control and monitor access to an organization’s critical information and resources. Subcategories of PAM include shared access password management, privileged session management, Vendor Privileged Access Management (VPAM) and application access management.
(Source: www.techtarget.com/searchsecurity/definition/privileged-access-management-PAM)
So as you can see from the definition, PAM is all about securing the login credentials of individuals. But it is not just used for anybody. Rather, the concepts of PAM are specifically designed to help protect those accounts that are deemed to have access to the crown jewels of a business. This could include a wide range of titles, including the members of the Board of Directors and the C-Suite, all those titles such as Network Administrator, Database Administrator, and members of the IT Security team.
The reason why these PAM-based accounts get so much attention is that these are the kinds of credentials that the Cyberattacker goes after the most. After all, if they can hijack these kinds of credentials, they will be able to get to the most prized possessions very easily and quickly, without having to further penetrate the IT and Network Infrastructure for an extended period of time.
