The Privileged Account Management Landscape
Privileged Accounts Management (PAM) is an area that concerns itself with operations related to non-individual user accounts often used by machines for intercommunication or by admins to perform maintenance activities. Examples of such accounts include:
- Accounts used by machines to communicate between each other;
- Accounts shared by groups of people (external billing, corporate representatives);
- Accounts for Database Administrators, database schema, application pool owners, global administrators;
- Local computer accounts (root, administrator, tomcat, jenkins, jira);
- Built-in IoT accounts (sensors, printers, routers, coffee machines, cameras, beacons).
The supplemental and distinctively different area of account management in a broader sense is Individual Accounts Management (IAM) function that focuses on managing accounts that belong to specific users. IAM functions include users and groups management, password policies definition and its enforcement, authentication and authorization to access certain resources like folders or network devices. User directories (such as Microsoft Active Directory) with related tool sets are the primary players on the IAM market. IAM is a good illustration of PAM boundaries in a sense that it operates in the area where PAM does not. Typical IAM use case involves multiple users and relatively few devices and services per user (likely a personal laptop with AD login that opens access to other necessary services) while a typical PAM use case involves relatively few users (likely administrators) accessing large number of disconnected services.
Typical PAM activities include the following
- Remember, share and access privileged account passwords, keys or certificates based on permissions given to users or scripts;
- Generate and automatically reset passwords based on policies (periodically or event-based after disclosing the password or after activities involving the account);
- Provide access to devices without disclosing passwords by establishing interactive sessions to a remote computer;
- Establish, record and share sessions while accessing remote console;
- Discover unmanaged privileged accounts (one time or periodically scanning the network);
- Execute scripts on managed devices and collect, analyze and manage the script execution results;
- Save event logs about access and activities related to the managed privileged accounts.
The need in privileged accounts management program first appears in the organizations with high level of automation and many software services offered internally by the enterprise of consumed from the external entities. Born to address the early needs of a large company, typical privileged account management software tends to be bulky, niche, based on outdated technology often involving agents installed on hundreds of devices, expensive, significantly involving services during POC, implementation, and maintenance and typically out of reach of anyone but huge corporations.
Where Privileged Account Management Intersects with the Modern Software Landscape
However, modern software landscape with its proliferation of automation, B2B communication, distributed workforce, IoT, mobile access and cloud computing sets ambitious account security and access management requirements for every participant on the market. Whether a department administrator emailing a certificate to an offshore contractor, a developer commiting a script with a hard coded password to a source repository, or an accountant taking home a notebook with a list of shared billing portals accounts operate on a scale visible only to large corporate entities just several years ago.
This modern business environment creates a need for a simple to install and easy to maintain, agentless, fast in development to quickly address new situations, modern, affordable privileged account management system. Our mission is to make the world better connected and more secure.
Xton Access Manager is an unlimited, agentless, cross-platform privileged access management solution built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort.
Xton Access Manager is now available for download. Please fill out this form to receive a download link to get started today, even on your current desktop or laptop. Documentation is available to help or you can email or call us to request a trial extension, discuss questions and share your feedback. We would love to talk to you.