PAM
Privileged Access Management - a set of practices and tools for controlling, monitoring and auditing elevated-privilege accounts within an organisation.
What is PAM?
PAM (Privileged Access Management) is a security discipline focused on protecting accounts and credentials with elevated privileges - system administrator accounts, database admin accounts, network device accounts, service accounts and API keys. Privileged accounts are the most valuable targets for attackers because they provide access to an organisation’s critical resources.
PAM solutions perform several key functions. A password vault stores privileged credentials in an encrypted repository and automatically rotates passwords. Session management records and monitors administrative sessions, enabling audit and replay. Privilege elevation allows granting privileges for the duration of a specific task rather than permanently assigning admin accounts.
A mature PAM deployment also covers privileged account discovery (many organisations do not know how many such accounts they have), SSH key management, service account protection and integration with change management processes.
Why does it matter?
Most serious security incidents involve the use of privileged accounts. An attacker who obtains domain administrator credentials can take control of the entire IT infrastructure. PAM limits this attack vector by minimising the number of privileged accounts, controlling their use and ensuring full auditability. Regulations such as NIS2 and DORA require appropriate privileged access controls.
Related topics
Related terms
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.