NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Taking PAM Back to the Basics: Privileged Password Management

June 28, 2021

  • Blog
  • Archive

With the recent Colonial Pipeline breach highlighting the risk of lost credentials, it’s time to get serious about multi-factor authentication (MFA) and privileged account management (PAM). In fact, the “The One-Two Punch risk” is an existential justification for PAM – as I highlighted in last week’s BeyondTrust webinar. But to successfully protect the business, PAM projects must start with the basics and align the solution well with IT stakeholders and their business processes.


In fact, the “The One-Two Punch risk” is an existential justification for PAM – as I highlighted in last week’s BeyondTrust webinar. But to successfully protect the business, PAM projects must start with the basics and align the solution well with IT stakeholders and their business processes.

PAM Architecture Must Now Cover Hybrid Cloud Environments

The universe of privileges required to maintain the new IT is expanding with cloud adoption and the ongoing requirement to support work-from-home (WFH) programs. Companies have more cloud console accounts, servers and services, device identities, and third-party vendor accounts or trust relationships than ever before. And this increased risk from the network edge pales in the face of elevated danger from advanced, well-equipped threat actors. Customers need a PAM solution to cover a broad set of environments and use cases.

Best Practices for Privileged Password Management

A “back to the basics” approach should start with best practices for privileged credential management and use by:

  • Using separate accounts for privileged administration and day to day access
  • Managing user credentials, Security Shell (SSH) keys, and application program interface (API) keys in an automated fashion
  • Requiring strong, two-factor authentication
  • Requiring “smart” (contextual) authentication that steps up the authentication challenges as privileged users attempt the most sensitive operations
  • Deploying Just-in-Time (JIT) authorization for access to critical production systems


Download The Guide to Multicloud Privilege Management

Think of – and Manage – PAM as a Program

PAM requirements, such as credential checkout from a vault and JIT access workflow approval, have the potential to disrupt busy system administrators or developers racing to meet business deadlines, keep production systems running, and troubleshoot an endless array of IT problems.

As necessary as PAM is in these days of ransomware and advanced persistent threats (APTs), it just won’t get deployed unless it adds on security in ways that still allow IT to meet business needs. But if done right, PAM can be a powerful business enabler. In fact, for IT and security respondents in a Forrester Consulting survey (sponsored by BeyondTrust), "Improved IT administrative efficiencies" was the most frequently cited benefit of privileged identity management. "Improved user experience" and Improved user productivity" also ranked highly.

To ensure your PAM program is a productivity enabler as well as a powerful risk-reduction force, ensure it does the following":

  • Engages target users, stakeholders from start
  • Integrates with enterprise identity management, IT service ticketing, and DevOps procedures
  • Supports ease of use & high availability for IT admins

In my recent webinar, Back to the Basics: A Best Practices Approach to Privileged Password Management, I recommend starting with privileged password management best practices and solutions, building up a basic PAM architecture, and adding on JIT access, service account management, and other DevSecOps features, and sophisticated security monitoring to the solution.

PAM architecture & integrations

You can now check out the webinar on-demand here, to learn more about counteracting the One-Two Punch, designing the phased PAM architecture, and managing PAM as a program to create a service that empowers your IT organization and secures your business.


Whitepapers

Privileged Password Management Explained

Infographics

8 Best Practices for Privileged Password Management

Datasheets

Password Safe

Photograph of Dan Blum

Dan Blum, Cybersecurity Strategist and Author

Dan Blum is an internationally recognized strategist in cybersecurity and risk management. He was a Golden Quill Award winning VP and Distinguished Analyst at Gartner, Inc., has served as the security leader for several startups and consulting companies, and has advised 100s of large corporations, universities and government organizations. He consults with clients on identity management, PAM, risk management, and other topics. He's made his new book Rational Cybersecurity for Business: The Security Leaders' Guide to Business Alignment freely available for Open Access via Apress, or on Amazon.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

From June 24, 2021:
2021 Gartner Buyers’ Guide for Privileged Access Management: A 5-Step Approach to Selecting the Right PAM Tool
From June 30, 2021:
Privileged Access Management for DevOps – BeyondTrust Stands out as a Leader in KuppingerCole Report

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.