What is Privileged Access Management?

By Zach DeMeyer Posted April 13, 2019

What is privileged access management? It’s a great question and one that is highly relevant in the modern era of Infrastructure-as-a-Service (IaaS). Traditionally, PAM solutions, as they are known, have worked well with on-prem data centers and collocation facilities. But in the modern era of cloud infrastructure, is privileged access management needed?

Identity Management as a Whole

These are all great questions as the identity and access management (IAM) market shifts and morphs with the changes in the underlying IT landscape. Identity management solutions are a function of the users and the IT resources they are accessing.

Historically, that meant that an identity management solution, usually Microsoft® Active Directory®, would need to connect users to their Windows-based IT resources including their system (laptop/desktop), servers, applications, and even the network. It made sense that AD was the identity provider of choice because of the IT landscape at the time.

Server Authentication

As IT organizations and ops teams expanded their critical infrastructure—namely servers in their on-prem or collocated data centers—Active Directory began to struggle. The criticality of these IT resources meant that an elevated level of authentication and authorization was required. Instead of relying on Active Directory, many organizations extended AD to their server infrastructure with an add-on tool called privileged access management.

PAM solutions, which are now sometimes called Advanced Server Access platforms, would extend AD identities to an organization’s data center. Like other AD add-ons, such as single sign-on (SSO) tools or identity bridges, PAM solutions helped IT organizations graft their AD-based environments into a changing modern IT era. Privileged access managers were largely on-prem and enterprise grade, just as AD was. This approach to identity management worked well for a period of time.

The Effects of Modern IT

As AWS® and Google Cloud Platform™ emerged, the cracks in this approach started to appear. AWS relied on SSH keys to access Linux® servers, so many DevOps organizations skipped the privileged access management solution for free configuration automation tools such as Chef, Puppet, Ansible, and Salt. But, these too had their drawbacks and broke down at scale. In fact, the identity management infrastructure within organizations was changing. No longer was the on-prem network Windows-based, but rather a mixture of platforms and cloud solutions.

All of these changes put tremendous pressure on the Active Directory and privileged access management approach that many took. While some have now turned to vendors like BeyondTrust or now Okta to continue on the PAM + AD path, others are looking towards a more holistic approach to identity management.

Centralized Identity Management for Servers and More

In light of this search for holistic identity management, a new generation of solution, an identity provider with privileged access management combined into one broader solution, has appeared. Called cloud identity management, this new directory service integrated the concepts of cross-platform user management, cloud and on-prem server access control, web application single sign-on, cloud LDAP, virtual RADIUS, system management, 2FA, and much more into one SaaS-based identity management platform.

All of this and more are available from JumpCloud® Directory-as-a-Service®. Admins using JumpCloud can tightly control user access to virtually all IT resources, regardless of end user choice of platform, protocol, provider, or location. That control includes servers, both cloud and on-prem, using LDAP and SSH key pairs.

Learn More

If you are interested in privileged access management, consider your options. All-in-one identity management might better suit your environment. If so, then give JumpCloud a try. Your first ten users in the platform are free forever. If you have any questions, feel free to give us a call or leave a message.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts