What is privileged access management?
Privileged access management, or PAM, is a set of cybersecurity policies, principles, and tools that allow you to manage the access rights of privileged users. By applying a privileged access management solution, you can configure which users can access which resources, protect sensitive data from unauthorized access, and detect and prevent security incidents.
Why is privileged access management important?
Managing privileged access can help you prevent cybersecurity risks like data theft, leaks and abuse, corporate espionage, and credential theft. Deploying a PAM toolset is also important for organizations that need to comply with cybersecurity laws, standards, and regulations like HIPAA, PCI DSS, and NIST SP 800-53. Protecting user access is an essential part of compliance.
What is the difference between privileged access management and identity and access management (IAM)?
While both PAM and IAM help to manage user access, they have a lot of differences:
1. PAM controls only privileged accounts, while IAM can be applied to all accounts.
2. PAM guarantees users will access only the resources to which they have access rights. IAM ensures that only the right people log in to an organization’s systems.
3. IAM verifies users’ identities before providing access to an organization’s resources. PAM checks users’ credentials before providing access.
Achieving regulatory compliance often requires organizations to deploy both PAM and IAM tools to ensure the best possible protection. Ekran System provides you with PAM and IAM tools in one solution.
Why use privileged access management software?
The main goal of using a PAM system is to protect an organization’s sensitive data from unauthorized access. PAM helps you make sure privileged users access only the resources they need for work purposes. Also, it alerts security officers if users do something suspicious with sensitive data.
PAM is useful for protecting both from insider threats like data theft and corporate espionage and from outside attacks like hacking, credential theft, and social engineering.
What are the benefits of privileged access management?
By deploying a PAM solution, an organization:
1. Protects sensitive data it stores
2. Mitigates possible insider and outsider threats
3. Prevents privileged users from violating security policies without affecting their productivity
4. Enhances compliance with cybersecurity requirements
Is Ekran System’s PAM solution a standalone tool?
Can I use the Ekran System PAM solution to manage access privileges of remote employees?
With Ekran System’s PAM solution, you can manage remote access privileges as easily as you can manage access privileges of in-house employees. You can configure access rights for remote users, manage their credentials and secrets, audit their activity, monitor access requests and interactions with sensitive data, etc.
How can I configure access rights for each privileged user in my system?
Ekran System is highly flexible in terms of configuring access rights. For example, it allows you to:
1. Create unique access configuration for a user
2. Configure user roles and assign those roles to groups of users
3. Allow access to sensitive resources for a certain period of time
4. And do even more
Our PAM solution is easy to customize. Also, our support team is always ready to help with customizations and any other questions.
How does Ekran System help to implement the principle of least privilege and the just-in-time (JIT) approach?
You can implement the principle of least privilege using the following capabilities of Ekran System:
1. Granularly configure access rights for privileged users to allow them to interact only with the resources they need
2. Reconfigure users’ access rights at any moment in a couple of clicks
3. Provide access to the most sensitive resources for a set period of time
To implement JIT, you can also use these privileged access management features:
1. One-time passwords that provide users with access only when they need it and for a limited period of time
2. Manual access approval, which is useful for controlling access to the most secured resources
Which fail-safe mechanisms does Ekran System use?
Ekran System supports a high availability mode based on a Microsoft failover cluster. It’s designed in such a way that if the Ekran System server stops working, another server instance can replace it without data loss or reinstallation. To enhance availability, you can create a load balancer cluster for the AppServer or deploy an MS SQL cluster.
How do you protect the Ekran System password vault?
Ekran System encrypts privileged user credentials and other secrets with the Advanced Encryption Standard (AES) 256. These secrets are stored in an SQL database, which can be located on a separate machine.
We also use encryption to protect initial vectors for time-based one-time passwords, monitoring records, exported forensic data, and passwords of internal Ekran System users. You can learn more about Ekran System encryption mechanisms in our documentation.
Can I get help with deploying, configuring, and maintaining Ekran System?
We’ve prepared step-by-step guides for deploying Ekran System in the form of agents or jump server instances. The documentation also contains instructions on how to configure Ekran System components.
If you have any additional questions about our privileged access management tools, feel free to contact our support team.