Introduction

PAM (privileged access management) projects are difficult. For most SRM (Supplier Relationship Management) managers, the biggest challenge is to comprehensively understand which privileged accounts exist in the various environments that drive modern business. What's more, migrating administrative use cases from conventional direct access models that administrators have been using for decades to more modern PAM practices and JIT (Just In Time) approaches is complicated and risky.

SRM managers often face significant resistance when attempting to implement PAM practices, which often delays or even prevents the full implementation of a PAM practice, leaving the organization exposed.

Yet PAM is a fundamental security control, and cybersecurity insurers are pushing organizations to adopt PAM in addition to more conventional drivers such as compliance, audit and legal. Against this backdrop, how can SRM leaders develop a game plan (i.e., a roadmap) that takes into account the challenges and obstacles that others have encountered before them, and which have, in many cases, hindered PAM practice, or at least made it a shadow of what it should be? How can organizations effectively mitigate the risks associated with privileged accounts?

SRM managers responsible for identity and access management (IAM) can use PAM's five interdependent strategies (see Figure 1) to move the organization beyond analysis paralysis in the early stages, overcome fear of change in the middle and progress towards realizing value through the implementation of a mature PAM practice.