The basis to protect your own networks and information resources against unauthorized accesses is a stabile identity and access management (IAM). Whereas basic roles and their rights are defined and administrated in the identity management, the access management manages the granting and the administration of individual access rights and privileges to certain parts of the physical or IT-based infrastructure. In addition to the preferably automated or at least tool-based management and provision of rights, the transparency of all access in the sense of "who does what and may he do this" is an important element in regard to governance and compliance.
An increasingly important challenge in this context is the management of access rights of particularly authorized persons. Some users require extensive authorizations for their work. These "privileged users" pose a particular challenge to IT security, as they can inadvertently jeopardize their organization's IT resources and data, either from criminal energy or because their access data may end up in the wrong hands. This applies to the administrators in the technical area as well as the management, whose names are often even publicly available and thus represent a preferred target for sometimes existential threats.
Privileged User Management
In dealing with these "privileges", solutions for Privileged User Management (PUM) take care of the management of special access roles such as administrator or root access. Privileged Access Management (PAM), on the other hand, controls the general or timely allocation of special access rights to certain personal accounts, for example for members of the executive board. Finally, Privileged Session Management (PSM) monitors and documents operations on critical systems, helping to increase visibility and identify and block suspicious behavior.
An integrated identity, access and privileged user management's goal should always be to maintain the balance between high security standards, the highest comfort possible and therefore lead to a better user acceptance. As soon as the users find the offered secure access and usage ways too complex or too complicated, they will find themselves simplified ways and working methods which in turn will invalidate the existing security measures.
A simple and fitting example are passwords in this context: Naturally, a long password with enforced upper and lower case spelling and special characters are quite safe – but if the user cannot remember these, he will use easy to guess patterns or will write down the password on slips of paper or even in his smartphone or will cause enormous effort at the central IT service with his frequent requests to reset his password.
In order to alleviate this password dilemma and to achieve a higher security level simultaneously, extended authentication methods and authenticator tools are more often employed using generated codes from security tokens, smartcards or e. g. biometrical identification like fingerprints or retinal scans for access procedures instead of a password.