Selecting a Privileged Access Management Tool in 2021
What are the best Privileged Access Management (PAM) solutions in 2021?
The answer depends on your specific needs. Human users or users dealing with services and applications? On premise or in the cloud? Technology from the US, Israel, Russia or only from Europe? Lots of bells and whistles or tailored to everyday use? A super admin required? Decentralised or only central authorisation? There are many choices to be made that determine which PAM solution would fit your specific use case.
What helps is an index. For example, Capterra has an index of over 60 (and counting) privileged access management solutions, tools and platforms. Good idea to get a quick inventory there!
Privileged Access Management products share a number of features with typical Access Management products, but have a number of distinguishing features.
Typical features of a PAM solution in 2021
Privileged Access Management has – typically – the following features:
Application Access Control. Access control (or authorization) is the application of constraints on who (or what) can perform attempted actions or access resources that they have requested. Often used in conjunction with ‘Just-In-Time’ (JIT) – to only provide access for the time needed for a specific action.
Least Privilege. The principle of the least privilege states that only those privileges are given to carry out a specific task. So, the function or task (as opposed to identity) controls the assignment of rights.
Multi-factor Authentication (MFA). Multi-factor authentication is when you use two or more authentication factors to verify your identity. Like a password (something you know) with a hardware key (something you have).
Password Management. Password management is a set of principles and best practices to be followed by users while storing and managing passwords in an efficient manner to secure passwords as much as they can to prevent unauthorized access. As an average user has over 70 passwords (as indicated by KeyHub’s Team Password Vault), a tool is needed. Password management in a business environment includes functions such as password sharing, audit trails and a comprehensive API for integration in a DevOps stack.
Policy Management. Security policy management is the process of creating, communicating, and maintaining policies and procedures within an organization. PAM tools often focus on implementing and supporting security policies, thus enforcing these.
User Activity Monitoring. Monitoring the access of users and applications to critical IT assets. This may take the form of an audit log with security events, recording user sessions and real time monitoring.