Which Solution Is Best to Control Access?

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

Recently a customer asked us to compare Privileged Access Management (PAM) and Password Manager (PM) products, thinking they were the same thing. Single Sign-On (SSO) is also often confused for these other two types of products. Let’s look at each and their differences.

Privileged Access Management is great for monitoring and controlling use of privileged accounts. It allows you isolate the use of these accounts, gives you more control of your environment, and proactively warns managers of changes to critical accounts. Many also allow for robust auditing and monitoring. While it does those things well, what it doesn’t do is manage passwords for your whole organization. PAM is highly technical to deploy and manage and could be outside the budget of many organization.  However, if you want to control a high-risk attack vector and meet many compliance requirements, PAM is necessary.

Password Managers allow you to keep all your businesses passwords in a vault. Many solutions allow you to roll out clients to all users and they are simple for users to manage.  Features may include being able to discern  weak passwords and apply stricter standards to all passwords, as well as scanning the web to see if the password used with the user account is any known data breach databases.  These do not provide much monitoring and while PMs could be used for privileged account, PMs are not specifically designed for this use.

Single Sign-On uses Security Assertion Markup Language (SAML) to provide authentication that is synced between on-premise and cloud systems. We included it in this post as it does provide some monitoring (including privileged accounts), like PAM and helps improve password complexity through out the organization like PM. However, it is not suitable for all environments and does not cover all cloud applications.

So, which one is right for you? That depends on what risk you are trying to mitigate.  Some organizations can meet their risk with just one solution, others need all three. The best approach is to determine what risks you have and how much tolerance the organization has for the risks.

Tracy Fox
+ posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform

Search