Overview of Privileged Access Management
Privileged Access Management (PAM) involves controlling, monitoring, and securing access to privileged accounts within an organization's IT infrastructure. These accounts have elevated permissions and access rights, enabling them to perform tasks such as configuring systems, managing users, and accessing sensitive data. Protecting these accounts is essential to prevent unauthorized access and potential security breaches.
EmpowerID’s Approach to PAM
EmpowerID offers a PAM solution designed for multi-cloud and hybrid environments. The solution emphasizes the Zero Standing Privilege (ZSP) principle, ensuring that privileged access is granted only when necessary to authorized identities and for a specified duration. EmpowerID provides two deployment models for PAM: Advanced PAM and Basic PAM.
Advanced PAM
The Advanced PAM model features an agentless and vaultless architecture, simplifying deployment and management while providing protection across cloud and on-premises environments. This model leverages EmpowerID's microservices and Kubernetes-based architecture for scalability and flexibility.
Advanced PAM integrates with Identity Governance and Administration (IGA) and Access Management (AM) systems to enable controlled privilege escalation, delegation management, and task-based automation. It extends PAM capabilities to include Cloud Infrastructure Entitlements Management (CIEM), focusing on managing and securing access entitlements in cloud environments.
Features of Advanced PAM:
Zero Standing Privilege (ZSP): Grants privileged access only when required, reducing the risk associated with permanent privileged accounts.
Agentless and Vaultless Architecture: Eliminates the need for installing agents or maintaining credential vaults, streamlining deployment.
Microservices and Kubernetes: Utilizes containerization for scalability and adaptability to changing workloads.
Integration with IGA and AM Systems: Supports interoperability with major vendors and platforms, including Microsoft Azure.
Controlled Privilege Escalation and Delegation Management (CPEDM): Allows temporary elevation of privileges and delegation of tasks based on defined policies.
Basic PAM
The Basic PAM model provides a traditional, vault-based solution for managing privileged credentials. This model includes a centralized vault where credentials are securely stored. Access to these credentials is governed by granular policies that define who can request access, the conditions for access, and the duration. Password rotation can be automated upon check-in or according to a schedule.
Features of Basic PAM:
Secure Credential Vault: Central repository for storing privileged credentials with security controls.
Granular Access Policies: Define access permissions, specifying which users can access certain credentials and under what conditions.
Automated Password Management: Enhances security by automating password rotation to reduce the risk of compromised credentials.
EmpowerID’s Converged Solution
EmpowerID's PAM solution is part of its Identity Fabric platform, which integrates Privileged Access Management (PAM), Identity Governance and Administration (IGA), and Access Management (AM) functionalities. This integration provides a unified platform for managing identities and access across the organization's IT environment.
By utilizing fine-grained IGA connectors and supporting integration with major vendors, EmpowerID offers a modular solution that addresses various identity and access management requirements. Combining PAM, IGA, and AM into a single platform aims to reduce complexity, improve security, and enhance operational efficiency.