Privileged Identity Management (PIM) is a domain within Identity Management focused on the special requirements of powerful accounts within the IT infrastructure of an enterprise.
It is frequently used as an Information Security and governance tool to help companies in meeting compliance regulations and to prevent internal data breaches through the use of privileged accounts.
The management of privileged identities can be automated to follow pre-determined or customized policies and requirements for an organization or industry.
Please also see Privileged password management — since the usual strategy for securing privileged identities is to periodically scramble their passwords; securely store current password values and control disclosure of those passwords.
Different market participants refer to products in this category using similar but distinct terminology. As a result, some analyst firms refer to this market as “PxM” indicating multiple possible words for “x”:
The commonality is that a shared framework controls the access of authorized users and other identities to elevated privileges across multiple systems deployed in an organization.
A Privileged Identity Management technology needs to accommodate for the special needs of privileged accounts, including their provisioning and life cycle management, authentication, authorization, password management, auditing, and access controls.
Provisioning and life cycle management – handles the access permissions of a personal user to shared/generic privileged accounts based on roles and policies.
Note: built-in privileged accounts are not normally managed using an identity management system (privileged or otherwise), as these accounts are automatically created when an OS, database, etc. is first installed and decommissioned along with the system or device.
Unmanaged privileged identities can be exploited by both insiders and external attackers. If they are not monitored, held accountable, and actively controlled, malicious insiders, including system administrators, can steal sensitive information or cause significant damage to systems.
A 2009 report prepared for a US congressional committee by Northrop Grumman Corporation details how US corporate and government networks are compromised by overseas attackers who exploit unsecured privileged identities. According to the report, “US government and private sector information, once unreachable or requiring years of expensive technological or human asset preparation to obtain, can now be accessed, inventoried, and stolen with comparative ease using computer network operations tools.”
The intruders profiled in the report combine zero-day vulnerabilities developed in-house with clever social exploits to gain access to individual computers inside targeted networks. Once a single computer is compromised, the attackers exploit “highly privileged administrative accounts” throughout the organization until the infrastructure is mapped and sensitive information can be extracted quickly enough to circumvent conventional safeguards.
Privileged account passwords that are secured by a privileged identity management framework so as to be cryptographically complex, frequently changed, and not shared among independent systems and applications offer a means to mitigate the threat to other computers that arises when a single system on a network is compromised.
Sennovate delivers custom identity and access management solutions to businesses around the world. With global partners and a library of 1000+ integrations, we implement world-class cybersecurity solutions that save your company time and money. We offer a seamless experience with integration across all cloud applications, and a single price for product, implementation, and support. Have questions? The consultation is always free. Email [email protected] or call us at: +1 (925) 918-6618.