5 privileged access management (PAM) best practices

Gartner reports that by 2018, 25% of organisations will review privileged activity and reduce data leakage incidents by 33%. Those businesses that aren’t planning to review their privileged activity on a regular basis and follow best practices are at risk from internal attacks.

5 steps to effective privileged access management

PAM is a technology that is used to resolve issues relating to privileged accounts. These are the type of accounts that manage all business IT infrastructures, providing users with access to administration accounts, system accounts, and/or operation accounts. However, if such access privileges are placed in the wrong hands, organisations risk being the target of malicious attacks from internal users.

Here, we identify five steps that can be taken towards effective PAM.

1. PAM and identity access management (IAM) integration

The integration of PAM and IAM systems gives IT departments better visibility, knowledge, access, and control.

An IAM solution on its own gives an organisation control over user access rights, while a PAM solution gives control over privileged users and accounts, providing detailed information on how identities are being used.

Microsoft’s Azure Active Directory (AAD) Privileged Identity Management solution provides you with the tools to control, manage and monitor your privileged identities, as well as their access to resources in Azure AD and other Microsoft platforms. This can help companies manage their admin rights and reduce security risks.

2. Review all privileged accounts

When handling security, it’s best practice to audit privileged access accounts on a regular basis. This should include a thorough evaluation of all accounts currently being used, and a review of the access level they require.

Any accounts which are no longer being used should then be removed.

3. Oversee privileged user activity

Implementing a PAM solution will provide you with the ability to log privileged user activities. This means you can keep an eye on which systems users are accessing and at what level of privilege. You’ll also be able to add, modify or delete existing user accounts on the Access Manager.

4. Password best practice

In order to mitigate leaks and risks to your company’s data, there are password best practices you should be following (if you aren’t already).

Passwords should be changed on a regular basis and should never be shared. This keeps out users other than those that have been given the privileged access.

To prevent password leaks, passwords should be individual to privileged users and not shared among peers or colleagues.

5. Ensure physical security

As well as managing your online security access, it’s also important to maximise the physical security of your IT systems. Where possible, sensitive information systems should be stored separately to your main data centre – locked away in a separate room if needed. Only privileged, authorised personnel should then have access to this area.

Key takeaways