Skip to content Skip to navigation Skip to footer

What Is Privileged Identity Management (PIM)?

연락처

Privileged identity management (PIM) gives users the ability to control, manage, and monitor the access privileges that people have to crucial resources within an organization. These may include important files, user accounts, documentation, and even application code and infrastructural elements such as databases and security systems. 

With PIM, you can manage all your privileged identities (PIs), as well as identify privileged accounts.

PIM vs. PAM vs. IAM

Although PIM, privileged access management (PAM), and identity and access management (IAM) all involve privileges, they are three different things.

PIM involves managing which resources those with the rights to alter critical files can access. PAM refers to systems that manage the accounts of those with elevated permissions. With IAM, on the other hand, you can assign roles to entire user groups according to departments within your organization.

How Important Is Privileged Identity Management for an Organization?

As much as 90% of records can be stolen by hackers through breaches via vulnerabilities in web applications. Therefore, securing privileged credentials is critical to safeguarding them. If a hacker or thief gets ahold of the wrong set of credentials, they can damage critical systems, steal sensitive information, or vandalize your infrastructure. This is particularly important when dealing with multiple users at the same time, such as what happens with sparse mode routing (SM routing), which simultaneously casts information to multiple users at once. 

The same is the case when an organization uses a virtual private network (VPN). Without adequate access procedures, there is no way to limit who can sign in to your network’s VPN.

Risks of Unmanaged Privileged Identities

If someone within your organization is motivated—either for personal reasons or for financial gain—to steal highly confidential information, they can get away with it easily if their access is not properly managed. Some of the most concerning areas include the following:

Different PIs That Exist on a Network at a Given Point of Time Are Unknown

Without a management system in place, there is no way of knowing who has access privileges. They can be granted by a number of people, and tracking down who gave access, who received it, and why can be very challenging.

No One Knows Which Privileged Credentials Are Known to Whom

Access privileges are an abstraction with no guaranteed connection to the recipient. Therefore, credentials may or may not have information that is intrinsically and accurately linked to the identity of the privileged individual.

No One Can Confirm How Strong the Passwords Are

Weak passwords are a common vulnerability of organizations. Employees are often quick to use a password that is simultaneously easy for them to remember and for others to guess. PIM can be used to strengthen passwords and close this vulnerability.

Roles of Privileged Identity Management (PIM)

Provides "Just-in-Time" Access

You can give temporary access to an employee who would normally not need access so they can get into the system just to perform a single task.

Grants Access for Longer Periods of Time

If you need to hire an employee for 60 days, for instance, you can give them access for that period of time. The access will then automatically terminate when the time period is up, thus protecting your system from incursion.

Deploy Multi-factor Authentication (MFA)

With MFA, you have three or more layers in the identification process, forcing those who have access to prove their eligibility in triplicate—at least. This makes it far more difficult for a hacker to impersonate someone with legitimate access.

View Access Privilege History

You can always go back and see who had which privileges when. This can be a valuable tool in ascertaining the source of a breach and investigating how to prevent further incidents.

Create Reports

You can create reports if there is going to be an internal or external audit of your security systems. This is particularly helpful if you have to comply with regulations such as the California Consumer Privacy Act (CCPA) or General Data Protection Regulation (GDPR).

Benefits of Privileged Identity Management

Improves Security

With PIM, you can vet who has access now and who has had it in the past, as well as when their access began and ended. You can also use it to strategically plan who should be granted access in the future.

Maintains Regulatory Compliance

According to standards such as those maintained by GDPR and other regulatory legislation, only certain categories of individuals are allowed access to sensitive data of various types. Using PIM, you can be sure to follow these guidelines, as well as produce reports proving your compliance.

Reduces IT and Auditing Costs

With a predefined set of access policies and structure, you do not have to manually engineer each person’s set of access rights. You also can produce reports for auditors in a few moments.

Eliminates Threats from Active But Nonoperative Accounts

Without PIM, it is relatively easy for a bad actor to take advantage of an account that had been granted access but has since been laying dormant. PIM ensures these accounts have their access blocked.

Provides Ease of Accessibility

PIM streamlines how access privileges are granted and used. It also makes it simpler for legitimately privileged users to regain access if they forgot their credentials.

How to Implement a Privileged Account Policy Within an Enterprise

Documenting Critical IT Assets

The first step in implementing a privileged account policy is to identify your attack surface. This is done by documenting which assets are most in need of protection.

Implementing Password Complexity and Diversity

Diverse and complex passwords are often enough to prevent a crucial data breach.

Deploy Multi-factor Authentication (MFA)

With MFA, you have three or more layers in the identification process, forcing those who have access to prove their eligibility in triplicate—at least. This makes it far more difficult for a hacker to impersonate someone with legitimate access.

Frequent Changes in Password

With frequent password changes, attackers with older passwords will be less likely to have a way into the system.

Continuous Auditing and Provision of the Documentation of the Requestor

Within a PIM system, all requests can be documented. In this way, it is easier to backtrack and figure out the source of a breach.

Building the Capabilities To Play Back Privileged Sessions Either Historically or in Real Time

With PIM, you can watch who has been gained access and monitor their behavior. This can be done as a way to investigate an incident or in real time to observe how privileges are used.

How Fortinet Can Help

The Fortinet IAM solution empowers administrators to confirm who accesses the network, which devices they use, and when they gain entry. Fortinet IAM makes use of a stack of technologies, including FortiAuthenticator, which centralizes the authentication process, FortiToken, which uses a token-based second factor to tighten security, and FortiToken Cloud, which provides MFA.

FAQs

What is privileged identity management (PIM)?

PIM gives users the ability to control, manage, and monitor the access privileges that people have to crucial resources within an organization.

What is the difference between PIM vs. PAM vs. IAM?

PIM involves managing which resources those who have the rights to alter critical files can access. Privileged access management (PAM) refers to systems that manage the accounts of those who have elevated permissions. With identity access management (IAM), on the other hand, you can assign roles to entire user groups according to departments within your organization.

What are the risks of unmanaged privileged identities (PIs)?

The risks of unmanaged privilege identities include:

  1. Different PIs that exist on a network at a given point of time are unknown
  2. No one knows which privileged credentials are known to whom
  3. No one can confirm how strong the passwords are