2019 SailPoint Identity Insider Magazine - Magazine - Page 29
MOREY HABER
CTO & CISO, BeyondTrust
Identity & Access Management:
The Cornerstone
of Enterprise Security
Privileged Access Management (PAM)
is a sub-discipline within the identity
governance framework. PAM can be
implemented and operate on its own
or be integrated into an organization’s
Identity & Access Management (IAM)
policy and processes.
Organizations may choose to start with either
an IAM or PAM implementation in order to meet
their objectives, however unifying both should be
their ultimate goal as they mature through the IAM
lifecycle. In fairness, many organizations will never
mature to this point, but the goal should always
remain to streamline the identity and security
process.
To that end, IAM plays a critical role in an
organization’s IT security strategy. As organizations
grow, so do the number of applications, servers,
and databases used. Access to the organization’s
resources is typically managed through IAM
solutions, which offer capabilities like single
sign-on, provisioning, user management, access
control, and governance.
But securing an organization’s sensitive data and
applications requires a deeper understanding
of privileges. Privileged users (administrator
and root accounts) can leave an organization
exposed if activity of their usage is not monitored
and documented properly. Identity and access
management solutions help IT teams answer:
“Who has access to what?” But, to achieve
complete user visibility, PAM solutions address the
remaining questions: “Is that access appropriate?”
and “Is that access being used appropriately?”
That is, PAM solutions provide greater visibility and
deeper auditing of actual behavior based on the
monitoring of privileged account sessions.
The resources under PAM management can
include anything from an operating system
to applications, databases, network devices,
scripts, DevOps, IoT, cloud resources, and so on.
The implementation of PAM is performed using
dedicated solutions, policies, and procedures that
focus on managing privileges and all the locations
where they may be present. IAM solutions
interface with PAM by managing and certifying the
identities associated with privileged accounts and
credentials.
PAM solutions provide organizations the secure
privileged access tools needed to protect all
assets regardless, but typically focus on the
critical resources containing the most sensitive
information and infrastructure and the removal
of privileges from all endpoints regardless of
server or workstation. This allows an end to end
management strategy from joiner, mover, and
leaver to the individual privileges assigned and
what the account did with those privileges based
on actual usage.
IDENTIT Y INSIDER SAILPOINT
|
29