Skip to main content

Hitachi ID certification

Product Sites

Privileged Access Management

There are three main types of privileged accounts -- administrator, service and application-to-application accounts. All of them have higher security rights than the login IDs of regular users, however.

In an organization with thousands of IT assets, it can be difficult to securely manage access to privileged accounts:

  • There can be thousands of privileged passwords.
  • Administrator passwords exist on each device and application.
  • It is difficult to coordinate changes to shared passwords.
  • When there are many shared, static passwords, former IT staff can retain sensitive access after leaving an organization.
  • It can be difficult to trace changes back to individuals who made them.

A privileged access management system controls access to login accounts that have elevated security rights. It typically controls access to administrator IDs, service accounts and accounts used by one system to sign into another.

Privileged access management systems typically randomize passwords to sensitive IDs, store current passwords in an encrypted vault, connect authorized people and programs to privileged accounts and audit this activity.

A privileged access management system usually does not create privileged accounts, since that is almost always a side effect of installing the system on which they exist. Similarly, these IDs are normally removed when a system is uninstalled.

Hitachi ID Privileged Access Manager secures privileged accounts across the IT landscape and at large scale:

  • It periodically randomizes passwords to privileged accounts.
  • Users must sign into Privileged Access Manager before they can access privileged accounts. This is an excellent opportunity to require strong, multi-factor authentication. This also allows organizations to apply a central authorization policy -- who is allowed access to which account, when and from where?
  • Privileged Access Manager launches login sessions on behalf of users, without displaying passwords -- single sign-on.
  • Privileged login sessions can be recorded, including screen capture and keyboard capture. This creates strong accountability and forensic audit trails.

Return to Identity Management Concepts

page top page top