Privileged Identity Management (PIM) is a capability within identity management focused on the special requirements of managing highly privileged access. PIM is an information security and governance tool to help companies meet compliance regulations and to prevent system and data breaches through the improper use of privileged accounts. The management of privileged identities is automated with various customized policies and workflows.
The typical strategy for securing privileged identities is to periodically change the privileged account password, securely storing the current password and managing the disclosure of the password. Another strategy is to add and remove privileges to users’ accounts on an as-needed basis. Some products support both methods.
In addition to simply providing access to privileged accounts, most PAM solutions also implement auditing. Some of the critical aspects of auditing include:
- Tracking who was given access to which account or privilege and the time periods the access was granted.
- Tracking the details of any approvals related to granting of access
- Activities performed by the user – including systems accessed and commands executed
Additionally, some PAM solutions provide session isolation, ensuring that privileged operations are executed in a safe environment to prevent issues such as ‘pass-the-hash’ attacks and malware propagation.
Different vendors refer to products in this category using similar but distinct names. Some analysts use the name “PxM” with multiple possible values for “x” such as:
- Privileged access management
- Privileged user management
- Privileged account management
- Privileged identity management
First published April 2017