Introduction

PAM (Privileged Access Management) projects are challenging. For most SRM (Supplier Relationship Management) managers, the biggest challenge is gaining a comprehensive understanding of which privileged accounts exist across the various environments that drive a modern business. Furthermore, migrating administrative use cases from conventional direct access models—which administrators have used for decades—to more modern PAM practices and Just-In-Time (JIT) approaches is complicated and risky.

SRM managers often encounter significant resistance when attempting to implement PAM practices, which frequently delays or even prevents the full implementation of a PAM practice, thereby leaving the organization vulnerable.

Yet PAM is a fundamental security control, and cybersecurity insurers are urging organizations to adopt PAM in addition to more conventional drivers such as compliance, auditing, and legal requirements. In this context, how can SRM leaders develop a game plan (i.e., a roadmap) that takes into account the challenges and obstacles others have faced before them—challenges that, in many cases, have hindered PAM implementation or, at the very least, reduced it to a shadow of what it should be? How can organizations effectively mitigate risks associated with privileged accounts?

SRM leaders responsible for identity and access management (IAM) can use the five interrelated PAM strategies (see Figure 1) to move the organization beyond the initial analysis paralysis, overcome the fear of change in the middle phase, and progress toward realizing value through the implementation of a mature PAM practice.