Privileged access management (PAM) software helps companies protect the “keys to their IT kingdom" by ensuring the credentials of their privileged accounts, such as admin accounts on critical company assets, are only accessed by those with proper permissions to do so. PAM software helps prevent external hacking or internal misuse of important company assets by employing “least privilege access" policies, wherein users receive the absolute minimum access needed to perform their duties.
PAM software allows companies to secure their privileged credentials in a centralized, secure vault (a password safe). Additionally, these solutions control who has access to, and therefore who can use, the privileged credentials based on access policies (including user permissions and specific timeframes), often recording or logging user activity while using the credentials. When a user checks out a credential, it stops other users from opening a concurrent session; this means only one person can access the privileged account at one time.
PAM solutions are used in conjunction with identity and access management (IAM) software, which provides authentication of general user identities; PAM software, however, provides more granular control and visibility of administrative or privileged user identities. While there is some similarity between the secure vaults within both password managers and PAM tools, the two software types are quite different. Password managers are designed to protect everyday users’ passwords, while PAM software protects a company’s super users, shared company accounts, and service accounts by offering centralized control, visability, and monitoring of the use of those privileged accounts.
To qualify for inclusion in the Privileged Access Management category, a product must:
Allow administrators to create and provision privileged access accounts
Offer a secure vault to store privileged credentials or provision users with just-in-time access
Monitor, record, and log user actions while using privileged accounts