Thoughts on Privileged Identity Management (PIM)

Publish date:

As a security professional, I am often frustrated by the fact that the most important and powerful users (the system administrators, or privileged users) are the most difficult to control securely.  Due to the poor security design of many IT products and systems, administrators often share accounts, leading to a lack of personal accountability for […]

As a security professional, I am often frustrated by the fact that the most important and powerful users (the system administrators, or privileged users) are the most difficult to control securely.  Due to the poor security design of many IT products and systems, administrators often share accounts, leading to a lack of personal accountability for their actions; password quality rules are difficult to enforce, and passwords are not changed regularly; and monitoring of privileged users is difficult, further eroding personal accountability.

This has driven the evolution of a set of security tools that specialise in Privileged Identity Management (PIM).  Such tools operate by taking control over privileged account passwords, changing them regularly and ensuring they are hard to guess.  Rather than remembering a privileged password, a privileged user will request it from a portal.  PIM tools can also be set up to record administrator sessions in detail.

Capgemini has deployed PIM tools in a number of successful engagements.  Bear in mind, when deploying a PIM tool, what the ultimate deliverable is, namely, a simple, strictly enforced set of processes around the management of privileged users.  These processes must be usable by the privileged users themselves.  Like all IT changes, PIM is at heart a business change.

Related Posts

Cybersecurity

Empowering our employees to become cyber savvy in the new normal

Date icon October 14, 2021

Celebrating Cybersecurity Awareness Month at Capgemini

Cybersecurity

Capgemini Named a MSSP Leader in Everest Group Report

Geert van der Linden
Date icon September 6, 2021

Capgemini has continued to make significant investments to ensure its customers are able to...

Cybersecurity

Cybersecurity: the linchpin of sustainable infrastructure

Geert van der Linden
Date icon July 7, 2021

It’s critical that infrastructure organizations mitigate these risks by placing cybersecurity...