The Privileged Access Management space can be divided in to two areas – Privileged Account and Session Management (PASM) and Privileged Elevation and Delegation Management (PEDM).
In this paper we’ll run through differences between the two and explain why the time to realise benefits is quicker with PEDM and outline how it makes it possible to completely remove admin rights, even in the data center. However, many businesses, financial institutions and regulated authorities have implemented a PASM solution to address security requirements for the monitoring of privileged user activity. Such solutions are traditionally designed to grant secure access to specific destinations via a password vault. When a sysadmin requests access to a specific server, the vault will grant access by providing a temporary administrative account and then begins recording the session. Access rights will be granted for the duration of the session until the task is completed, and the session is closed.
The key benefit of such solutions come from the tight control of login credentials, ensuring that the sysadmin never has visibility of the password. This increases the organization’s security defenses against unauthorized configuration changes, data compromise and other insider threats.
Additionally, session recording is used to ensure that regulated companies have the tools to meet their audit requirements for the monitoring of privileged activity.
But, session recording alone is inadequate when adhering to many audit requirements or security policies, or indeed, the more advanced internal and external threats that are facing organizations every day.
These solutions, when used in isolation, simply do not provide enough protection. Assuming that sysadmins do not attempt to hide their unauthorized activity, any damage captured in recording has already been done. The challenge for IT teams is to find a solution that enhances and complements their existing vaulting and session recording technology.
By building upon their original investment, organizations can increase their security defenses and take a more proactive stance to combat today’s advanced threats. PEDM solutions’ ability to completely remove admin rights, rather than just managing them, also offers the advantage of meeting a number compliance requirements.