Privileged Access Management (PAM) is the discipline for managing human or machine accounts which have elevated levels of entitlement to platform, system or application resources. It allows organizations to secure their infrastructure and applications, run the business efficiently and maintain the confidentiality of sensitive data and critical infrastructure.
Users and non-users with privileged or elevated access have the keys to a company’s crown jewels or most valued assets. Examples include:
► Have highly privileged access to IT resources and privileges (e.g., system or database administrators, who can modify security settings, create users and grant access)
► Have access to intellectual property and sensitive information (e.g., formulas, models, customer data, PII)
► Could significantly impact financial statements, perpetrate fraud
► Access to systems and resources beyond standard levels
► Can bypass or circumvent controls
► Business privileges (e.g., business users who can update the vendor master/pricing, reverse transactions)
Privileged accounts typically include:
Users with near or complete control of a system, who are authorized to set up and administer user accounts, identifiers, and authentication information, or are authorized to assign or change other users' access to system resources.
Users that are authorized to change control parameters (e.g., network addresses, routing tables, processing priorities) on routers, multiplexers, and other important equipment.
Users that are authorized to monitor or perform troubleshooting for a system's security functions, typically using special tools and features that are not available to ordinary users.
