Overview of Privileged Access Management

Owned by Phillip Hanegan
Last updated: Aug 01, 2024
2 min read

Privileged Access Management (PAM) is a crucial aspect of cybersecurity that focuses on controlling, monitoring, and securing the access of privileged accounts within an organization's IT infrastructure. These accounts have elevated permissions and access rights, making them critical to protect from unauthorized access and malicious activity.

EmpowerID’s Approach to PAM

EmpowerID offers a comprehensive and modern PAM solution tailored for the multi-cloud era. The platform emphasizes achieving zero-standing privilege by ensuring the right access is granted to the right identities at the right time, across any workload. EmpowerID provides two distinct deployment models for PAM: Advanced PAM and Basic PAM.

Advanced PAM

The Advanced PAM model in EmpowerID is characterized by its agentless and vaultless architecture. This approach simplifies deployment and management, providing robust protection across cloud and on-premise environments. Advanced PAM leverages EmpowerID's modern microservices and Kubernetes architecture, enabling seamless integration with Identity Governance and Administration (IGA) and Access Management (AM) systems. This integration facilitates controlled privilege escalation, delegation management, and task-based automation, extending PAM's capabilities to include Cloud Infrastructure Entitlements Management (CIEM).

Key features of Advanced PAM include:

  • Zero Standing Privilege (ZSP): Ensures no permanent privileged access, minimizing attack surfaces.

  • Microservices and Kubernetes: Provides scalability and flexibility in deploying PAM across diverse environments.

  • Integration with Major AM and IGA Vendors: Supports open standards for seamless interoperability with platforms like Microsoft Azure.

  • Controlled Privilege Escalation and Delegation Management (CPEDM): Manages temporary elevation of privileges and delegation of tasks.

Basic PAM

For traditional Basic PAM use cases, EmpowerID offers a secure vault-based solution. This model includes a vault where credentials are stored and managed. Access to these credentials is governed by granular policies, which define who can request access, the duration of access, and whether the credential's password should be rotated upon check-in or on a schedule.

Key features of Basic PAM include:

  • Secure Credential Vault: Centralized storage of privileged credentials with strong security controls.

  • Granular Access Policies: Fine-tuned control over who can access which credentials and under what conditions.

  • Password Management: Automated password rotation to enhance security and reduce the risk of compromised credentials.

EmpowerID’s Converged Solution

EmpowerID's PAM solution is part of a broader, converged Identity Fabric that integrates PAM, IGA, and AM functionalities. This comprehensive approach provides a unified and streamlined solution for managing identities and access across an organization's entire IT landscape. By leveraging fine-grained IGA connectors and supporting integration with major vendors, EmpowerID delivers a complete and modular solution that addresses the full spectrum of identity and access management needs.