Privileged access management (PAM) consists of the cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment. By right-sizing privileged access controls, PAM helps organizations condense their organization’s attack surface, and prevent, or at least mitigate, the damage arising from external attacks, as well as from insider malfeasance or negligence.
While privilege management encompasses many strategies, a central goal is the enforcement of least privilege, defined as the restriction of access rights and permissions for users, accounts, applications, systems, devices (such as IoT) and computing processes to the absolute minimum necessary to perform routine, authorized activities.
While IAM controls provide authentication of identities to ensure that the right user has the right access as the right time, PAM layers on more granular visibility, control, and auditing over privileged identities and session activities. PAM is at the heart of identity security, which analysts and IT leaders consider central to protecting enterprise assets and users in an increasingly perimeterless, work-from-anywhere (WFA) world. The identity infrastructure itself (including IAM and IGA toolsets) is increasingly under attack, and dependent on robust PAM controls to protect it all.