Privileged Access Management (PAM)

(OBJ 4.6)

Privileged Access Management (PAM)

• Solution that restricts and monitors privileged access within an IT environment
• The policies, procedures, and technical controls that are used to prevent malicious abuse of privileged accounts
• Crucial for preventing data breaches and ensuring the least privileged access is granted for specific tasks or roles

Components of Privileged Access Management

• Just-In-Time Permissions (JIT Permissions)
  • Security model that grants administrative access only when needed for a specific task
  • Reduces the risk of unauthorized access or misuse of privileges
  • Access rights are given when the task begins and revoked once the task is completed
  • Example:
    • Administrator performing a maintenance task and requesting a JIT permission
• Password Vaulting
  • Technique that stores and manages passwords securely, often in a digital vault.
  • Requires multi-factor authentication for accessing stored passwords
  • Tracks access to privileged credentials, providing an audit trail
• Temporal Accounts
  • Temporary accounts used for time-limited access to resources
  • Created for specific purposes and automatically disabled or deleted after a predefined period
  • Example:
    • A contract that provides an admin account just for the duration of the installation, after that it is turned down.