Basic PAM Versus Advanced PAM
Basic PAM is built around the idea of controlling access to shared privileged accounts which are standing by and ready to be checked out and used either by revealing the username and password for the duration of the check-out period or by initiating a recorded Privileged Session using the checked-out credential. Basic PAM is often referred to as either Privileged Account and Session Management (PASM) or broken down into Shared Account Password Management (SAPM) and Privileged Session Management (PSM). The security challenge created by Basic PAM violates Zero Trust principles. The pre-created shared privileged accounts used in Basic PAM are a security risk and a target for hackers. They should be treated as always armed and dangerous weapons lying around even when not needed on evenings and weekends.
EmpowerID has embraced Advanced PAM, which adheres to the principles of Least Privilege and Zero Trust to attempt to reach the state of Zero Standing Privilege (ZSP). In a ZSP model, shared admin accounts are eliminated, and admin access is granted Just in Time (JIT) for short periods, limited to specific functions and activities, and then removed as soon as the tasks are completed. In addition, all admin access must enforce multi-factor authentication, and the access should be proxied and recorded if possible.
How EmpowerID Delivers Advanced PAM
EmpowerID's focus on ZSP is not what makes it unique in the market, as multiple vendors are beginning to pursue this approach. EmpowerID is unique among PAM vendors by offering a converged IGA, AM, and PAM SaaS solution built on a modern microservices and Kubernetes architecture with the deepest Advanced PAM and related functionality. Gartner predicted that "By 2024, at least one access management (AM) vendor will introduce a converged offering that will provide market-competitive functionality in AM, identity governance and administration (IGA), and privileged access management (PAM)." EmpowerID offers a complete yet modular converged solution today covering all these areas with deep synergy between functionality, such as leveraging fine-grained IGA connectors for PAM or integrating using open standards with major AM and IGA vendors such as Microsoft Azure. EmpowerID PAM also extends beyond just PAM to new areas such as Controlled Privilege Escalation and Delegation Management (CPEDM), Privileged IT Task-Based Automation, and Cloud Infrastructure Entitlements Management (CIEM). EmpowerID PAM can become the cornerstone of your PAM, Identity Governance and Administration, and Access Management portions of your organization's Identity Fabric.
Based on a zero-trust architecture and leveraging the depth of functionality provided by its modern converged platform, EmpowerID is uniquely positioned to ensure privileged access is precisely allocated and continuously inventoried across your multi-Cloud and on-premise landscape while granting privileged access on a just-in-time, just-enough proxied and recorded basis, and enforcing adaptive multi-factor authentication.