This third installment of our “PAM for Dummies” series addresses one of the most important security issues you’ve never heard of: the connection between privileged access management (PAM) and identity access management (IAM).
We all take it for granted that when we need them, the Police will help "protect and serve" its citizens. But sometimes, only sometimes, they protect and serve themselves with unauthorised insider information about the citizens they are paid to help.
Being head of IT Operations in a mid-sized or big enterprise is becoming a more and more demanding challenge.
What is Privileged Access Management?
The key is to understand the significance of the word “Privileged.”
A privileged user is someone who has administrative access to critical systems. For instance, the individual who can set up and delete email accounts on a Microsoft Exchange Server is a privileged user. The word is not accidental. Like any privilege, it should only be extended to trusted people. Only those seen as responsible can be trusted with “root” privileges like the ability to change system configurations, install software, change user accounts or access secure data. Of course, from a security perspective, it never makes sense to unconditionally trust anyone. That’s why even trusted access needs to be controlled and monitored. And, of course, privileges can be revoked at any time.
Getting smarter about information security
Cyber attacks are fast becoming one of the greatest risks of doing business and your chances of being exposed to one are ever growing.
