PAM — Glossary

Privileged Access Management

A security discipline and set of tools that control, monitor, and audit access to critical systems by privileged users such as system administrators, database admins, and service accounts.

Last updated

What Is PAM?

Privileged Access Management (PAM) secures the accounts and credentials that have elevated access to an organization's most sensitive systems. These "privileged accounts" — admin accounts, root accounts, service accounts, API keys — are prime targets for attackers because compromising one can give access to entire systems.

PAM solutions enforce the principle of least privilege by ensuring users only get the elevated access they need, only when they need it, and that every privileged session is monitored and recorded.

Core PAM Capabilities

  • Privileged credential vaulting: Securely store and rotate passwords, SSH keys, and API keys
  • Just-in-time (JIT) access: Grant temporary elevated privileges with automatic revocation
  • Session monitoring and recording: Record privileged sessions for audit and forensic review
  • Least privilege enforcement: Remove standing admin rights, require approval workflows
  • Service account management: Discover, vault, and rotate non-human credentials
  • Remote access: Secure vendor and contractor access without VPN

Why PAM Matters

According to industry research, over 80% of security breaches involve compromised privileged credentials. PAM addresses this by:

  1. Reducing the attack surface — Eliminating shared passwords and standing privileges
  2. Detecting abuse — Monitoring what privileged users actually do during sessions
  3. Meeting compliance — Satisfying audit requirements for SOX, PCI DSS, HIPAA, and ISO 27001
  4. Containing breaches — Limiting lateral movement even if one credential is compromised

Traditional PAM vs. Modern PAM

| Aspect | Traditional PAM | Modern PAM | |---|---|---| | Deployment | On-premises, agent-heavy | Cloud-native, agentless options | | Scope | Windows/Linux servers | Multi-cloud, Kubernetes, SaaS | | Access model | Vault + checkout | Just-in-time, zero standing privileges | | Architecture | Centralized gateway | Distributed, identity-aware proxy |

Leading PAM Vendors

Major PAM vendors include CyberArk, BeyondTrust, Delinea, One Identity, ManageEngine PAM360, HashiCorp Boundary, StrongDM, and Teleport.

Related Resources

Categories

Enterprise PAM Platforms

Compare enterprise PAM alternatives to CyberArk including BeyondTrust, Delinea, and ManageEngine PAM360. Full-featured privileged access management platforms.

Modern PAM Solutions

Compare modern PAM alternatives to CyberArk including Teleport, StrongDM, and HashiCorp Boundary. Zero-trust, identity-based infrastructure access for cloud-native teams.

Products

CyberArk

Enterprise privileged access management and identity security platform

BeyondTrust

Unified privilege management and secure remote access platform

Delinea

Cloud-ready PAM platform built on Secret Server and privilege management

One Identity

Unified identity security platform with PAM and governance

ManageEngine PAM360

Affordable full-featured privileged access management solution

HashiCorp Boundary

Open-source identity-based access management for dynamic infrastructure

StrongDM

People-first infrastructure access platform with full audit logging

Teleport

Open-source identity-based infrastructure access platform

Sources & References

  1. NIST Cybersecurity Framework (CSF) 2.0[Government Standard]
  2. NIST Computer Security Resource Center[Government Standard]
  3. MITRE ATT&CK Framework[Industry Framework]
  4. OWASP Foundation[Industry Framework]
  5. CISA Cybersecurity Best Practices[Government Standard]
  6. SANS Institute Reading Room[Industry Research]
  7. Cloud Security Alliance (CSA)[Industry Framework]
  8. CIS Critical Security Controls[Industry Framework]
  9. Gartner Magic Quadrant for Privileged Access Management 2024[Analyst Report]
  10. Forrester Wave: Privileged Identity Management, Q4 2023[Analyst Report]
  11. KuppingerCole Leadership Compass: Privileged Access Management 2024[Analyst Report]
  12. NIST SP 800-53: Access Control (AC) Family[Government Standard]
  13. Gartner Peer Insights: Privileged Access Management[Peer Reviews]