How to choose a Privileged Access Management solution?

A PAM solution is deployed to secure privileged access for internal administrators and external service providers. Each solution on the market provides certain features. Which ones should we prioritize?

Here’s a list of what to look for in a PAM solution:

• Keep it simple, easy to deploy and to manage:

A PAM solution doesn’t have to be time consuming, complex to deploy and maintain, or restrictive. When choosing a PAM solution, it is important to look for simplicity, speed of deployment as well as the ease of maintenance. For instance, a solution that is deployable in a few clicks and that doesn’t require redesigning current infrastructure. A key point is to find a solution that provide automatic updates regularly without the need to be managed by your IT team.

• Choose a cost-effective solution:

Licensing mode is also an important point to consider. For instance, costs can be staggered over time according to the actual usage and including maintenance and updates management.

• Resilience, adaptable to different use cases:

Administrators profile have changed over the years, and it keeps on evolving. The administrator who is physically present in the office and on the same network as resources is no longer the only use case. There are other profiles that can be called upon to administer these resources. Such as service providers, who by definition work remotely, or a company administrator who work from home.

A PAM solution should provide a certain level of resilience for all privileged users in any context possible. An ultimate case is when the IT System is hidden and protected behind a service platform.

• Password Vaulting and Management:

Other than the administrators’ profiles mentioned above, we have former administrators who may had knowledge of access accounts, IP addresses, etc. A password vault allows you to securely store all corporate credentials & keys. Along with password rotation and automatic injection it prevents you from disclosing passwords to administrators.

• Session recording and monitoring:

A PAM solution should go beyond just session recording. Indeed, recording privileged sessions allows you to watch in real time all actions made by administrators and interact with them. However, it should also include automation features like automatically detecting and blocking suspicious activities and quickly searching and finding suspicious actions in a ton of video recordings.

• Identity-based access policies:

To elevate the security level, advanced access control is required based on both identity/profile and the context of connection. Administrators should have access to the resources needed based on their profiles through pre-set policies. Depending on the organization structure, user groups can be defined. Therefore, policies can be easily assigned to determine to which application an administrator can have access and in which context (location, IP, etc).

• Multi-Factor Authentication (MFA):

Let’s say all the points stated above are provided, we still need to ensure that we have the right person behind the PC. Many organizations use their Multi-Factor Authentication solutions like Yubico, Google Authenticator, Office-365 and so on. For that, we need to make sure that the PAM solution can be connected to current authenticators in place.