Privileged Access Management or PAM is defined as a class of solutions that protects, controls, manages and looks after the privileged accounts or admin accounts and then puts them inside a secure vault that isolates the use of such accounts to reduce the risk of being misused. Once inside the vault, admins need to go through the PAM system when they want use the credential next time. By emphasizing on the privileged credentials in a single place, PAM systems make sure that there is a high level security who has the access, log all accesses and keep an eye out on any suspicious activity.
Types of PAM accounts
- Emergency accounts
Offers access to secure systems when there is an emergency. The access needs IT management approval for security reasons.
- Local Administrative Accounts
Offers admin access to the local host or session only. These are used routinely by IT staff for maintenance, servers, mainframes, network devices, and other internal systems.
- Application Accounts
Used by apps to access databases, run jobs or scripts or access to other apps. These accounts have access to sensitive critical info that is in the apps and databases. Passwords are embedded and stored in plain text files.
- Active Directory or Windows domain service account
Challenging to secure, even the password changes as they need syncing across various ecosystems and apps. This leads to rarely changing the passwords to prevent directory sprawls that build a single point of failure in the system like Active Directory.
- Service Accounts
Local or domain accounts being used by an app or service for interacting with the OD. Sometimes, these service accounts have admin privileges on domains on the basis of needs of the apps they are being used for.
- Domain Administrative Accounts
Super admins who have access to all workstations and servers in the company and domain and have the most extensive across the network. They have all control over the domain controllers and can change the membership of every account in the domain that are a threat to companies and are widely targeted by hackers.
- Privileged User Accounts
Users granted admin privileges to systems. These are most common forms of accounts access granted on the domain letting users to have admin rights on. Usually these accounts have unique and complex passwords.