Badges

55 Points
5 Years

User Activity

Almost 4 years ago
First, terminology - there really is no such thing as privileged identity management. PAM systems broker access to existing accounts and other entitlements - they do not normally create or manage the lifecycles of identities (login accounts, etc.) which is what identity…

Answers

Almost 4 years ago
Privileged Access Management (PAM)

About me

One of the founders of M-Tech Information Technology, Inc., which is now Hitachi ID Systems, Inc. Long-time CTO of the company, responsible for product direction, architecture as well as customer-facing services and internal infrastructure.

Our products are designed to manage identities, entitlements and credentials across all systems and applications, on-premise and SaaS, in the context of medium to large organizations.

That's pretty abstract. Here are a few practical use cases:

* Auto-provisioning, deactivation.
* Self-service requests for access.
* Delegated administration of identities and access rights.
* Access certification, both periodic and event triggered.
* Synchronizing identity attributes and passwords across systems.
* Detecting and remediating unauthorized access changes.
* Self-service credential management -- password and PIN reset, security question enrollment, etc.
* Randomizing and securely storing passwords to shared, privileged accounts.
* Temporary privilege elevation, via password injection, group membership or SSH trust.
* Privilege login session recording and playback.
* Replacing embedded, static and/or plaintext passwords with secure API calls.
* Periodically changing and injecting Windows service account passwords.