Review current state and define a PAM strategy¶
The primary objective of PAM is to protect ‘superhero’ accounts – these are accounts with higher capabilities than a normal user account.
In your infrastructure, these could be - local admin accounts, domain admin accounts, user accounts of a high-level IT personnel, etc. Having an idea of the accounts that exist can help plan your implementation.
Conduct a thorough assessment of current privileged access management practices, including identifying critical assets and privileged accounts.
In your assessment you may consider the following:
- Existing control policies for access to sensitive assets, governance of ‘superhero’ (privileged) accounts and management of IT assets.
- Practices and protocols in place for provisioning, automation, gating, etc.
- Protective controls to detect, secure, and monitor access.
In an average, the number of identified accounts that are shared among people could be thrice as much as the number of employees in the organization. Therefore, a planned and steady phase-wise implementation would be the best way to set achievable goals.
Go over the architecture, requirements and pre-requisites to plan the deployment of Unified PAM.