+1-202-802-9399 U.S. Headquarters

IAM, PIM and PAM:

Here’s what those cyber security acronyms mean.

Understand the meaning of IAM, PIM, PAM and other cyber security acronyms.

Looking for a definition? Try our interactive dictionary.

  • PAM

    Privileged Access Management and for Privileged Account Management.

  • PASM

    Privileged Account and Session Management.

  • SAPM

    Shared Account Password Management.

  • AAPM

    Application to Application Password Management.

  • SUPM

    SuperUser Privilege Management.

  • PEDM

    Privilege Elevation and Delegation.

  • PSM

    Privileged Session Management.

  • PIM

    Privileged Identity Management.

  • PxM

    Privileged ________ Management. It refers to “all of the above” privileged terms.

  • IAM

    Identity and Access Management.

Cyber security acronyms are popping up all over, but what do they mean?

  • PAM

    Privileged Access Management and for Privileged Account Management.

  • PASM

    Privileged Account and Session Management.

  • SAPM

    Shared Account Password Management.

  • AAPM

    Application to Application Password Management.

  • SUPM

    SuperUser Privilege Management.

  • PEDM

    Privilege Elevation and Delegation.

  • PSM

    Privileged Session Management.

  • PIM

    Privileged Identity Management.

  • PxM

    Privileged ________ Management. It refers to “all of the above” privileged terms.

  • IAM

    Identity and Access Management.

Let’s Explain these terms

Some terminology being used in the world of cyber security is just plain confusing. Like “identity and access management” and “privileged identity management.”  Are they the same thing, or just similar? So, we created an online cyber security dictionary to get to the bottom of it right here, right now.

What makes IAM, PIM, PAM and the other cyber security acronyms so confusing?

IAM, PIM, PAM and all the other acronyms we’re going to talk about are all related to the same thing: the software systems an organization uses to manage and secure sensitive digital data. These terms are about safeguarding data by protecting who has access to the systems; and what they are allowed to do once they are on sensitive systems. All these areas overlap a little, which results in confusing grey areas. The phrases are relative newcomers to mainstream cyber security jargon and users are inclined to drop them into conversations, blog posts, and company documents as if they were fully interchangeable—probably because they too are confused—and this only adds to the turmoil.
Additionally, there are several other phrases within this group like “identity management” and “privilege management” which sound like shorter versions of PIM and PAM but are not. Don’t worry—we’ll explain.

Most of these acronyms include the words “privilege” and “privileged.” What’s the difference?

Privilege:

This is the authority to make administrative changes to a network or computer. Both people and accounts can have privileges, and both can have different levels of privilege. For example, your senior IT administrator may be able to configure servers, firewalls, and cloud storage, and thus has a high level of network privilege. But your sales team shouldn’t have any privilege. They should be able to use the systems—by logging into their laptops and accessing their sales data, for instance—but they should not be able to change network settings, permissions, or download software. Although your senior IT administrator has been given a certain level of privilege he still needs a privileged account in order to perform his or her privileged network tasks.

Picture all the people who have different levels of access on the network of a single organization: the Unix administrator can access Unix systems; the Windows admins manage Windows systems; Help Desk staff can configure printers, etc. Then, add to that all the accounts required to actually log into those systems and you can quickly imagine the thousands upon thousands of privileges within any given organization.

Privileged:

Where “privilege” is a noun that refers to the concept of having an increased level of access and permissions on a network, “privileged” is an adjective that describes things with privilege (e.g. privileged account, privileged user, privileged identity).

When someone says “That account has privilege,” they mean it has a higher level of access than a standard user account. One could also say “That is a privileged account.”

You’ll often hear the words “privilege” and “privileged” used in context with “management.” Privilege management refers to the process of managing who or what has privileges on the network. This is entirely different from privileged account management, which refers to the task of managing the actual accounts that have already been given privileges.

Interested in PAM? Check out these FREE RESOURCES

Where does all this privileged stuff fit into my organization’s security strategy?

An organization’s security strategy must account for many aspects of security in both real and digital environments: cyber security, network security, operational security, personnel security and physical security. Many people and systems are involved in making corporate security successful:

Cyber
Security 

  • Privileged Account / Access / Identity Management
  • Privilege Management
  • Identity Access Management
  • User Behavioral Analytics

Personnel
Security 

  • Information Systems Security Officer (ISSO)
  • Chief Information Security Officer (CISO)
  • IT Admins
  • Network Admins
  • IT Security Administrators
  • End-users

Network
Security 

  • Firewalls
  • Anti-virus
  • SIEM

Operational
Security 

  • Risk Management
  • User Security Policies
  • Offboarding Policies and Procedures

Physical
Security 

  • Fences
  • Guards
  • Alarms Systems
  • Closed Circuit TV
  • Keys, Locks, Cipher Locks

What is an unknown account?

A privileged account that is unknown, and also unmanaged, is an account that has been forgotten and lost in the system. Most organizations have unknown accounts in their systems, while some have hundreds, even thousands. Accounts become unknown for many reasons—these are just a few:

  • An employee leaves and the account is simply abandoned.
  • The account is utilized less and less until it becomes obsolete and forgotten.
  • Default accounts for new devices are not utilized and are forgotten.

What are the top risks of having unknown or unmanaged accounts in my network system?

The risks of having unknown accounts, even just a few of them, can be compared to the risks of having doors to your office that you’re not aware of. Every unknown door increases your vulnerability and presents an opportunity for an intrusion.
Here are a few things that could happen:

  • An employee finds the account and uses it to perform unauthorized tasks.
  • An ex-employee continues to access the account.
  • A hacker finds the account and penetrates your organization, steals information, and wreaks untold havoc.

What is the cost of a cyber attack vs. the cost of Privileged Access Management?

These are the differences between the cost of an attack and the cost of quality privileged account management software:

Cost of a Cyber Attack

  • The financial cost is unlimited and unpredictable.
  • Usually not in the budget.
  • It can also cost you: access to your system, potential business, critical data and sometimes your reputation.
  • Most organizations simply cannot afford a cyber attack.

Cost of Quality PAM Software

  • The financial cost can be contained.
  • Included in the IT budget.
  • Setup, implementation and training needn’t take much time; critical data is protected and so is your reputation.
  • Affordable enterprise-level PAM software is available, and for smaller organizations it’s free.

How does PAM software thwart hackers and other external threats?

Effective PAM tools employ numerous features to lock down privileged accounts and information outsider threats. PAM tools can discover the accounts across your organization’s network and import them into a secure, encrypted repository. Once all privileged accounts are inside of the tool it can manage sessions, passwords, and access automatically for your organization. Combine all of this with features like hiding passwords from certain users, recording sessions, auditing, and two-factor authentication to access the tool and you have a robust defense against external threats.

How does Privileged Access Management software protect organizations from internal threats?

PAM tools should contain multiple features to safeguard against internal threats. Like audits and email alerts to keep administrators informed of what’s going on in the environment. And session recording for visibility over what happens when users use the privileged accounts to access systems. There are also permissions as well as role based access to give users access and visibility over exactly what they need to have. Last, but not least, there should be a feature to sever the access any user had the moment they leave the organization.

Is a password-protected Excel spreadsheet a secure way to manage and share passwords?

No, definitely not. Excel was never intended to be a password management solution and lacks crucial security features. The same applies to other popular methods companies use to store and share passwords, like Word documents and text files. Aside from the information being stored in clear text, how do you know who is accessing your passwords?

See why storing passwords in Excel spreadsheet is risky business >

Is my small business ready for enterprise-level Privileged Account Management software?

You cannot place any value on the importance of safeguarding your privileged accounts and information; any business, big or small, will have these. Privileged account misuse is often the major cause of any security breach and has the potential to permanently damage or even dismantle your organization. So, if you have a business, you owe it to yourself to protect your privileged accounts and information. Fortunately, there are free or cheap solutions to solve this problem:

If your company has fewer than 25 users and under 250 passwords, you can manage them securely and professionally for free >
If your company has over 25 users or 250 passwords, you can securely manage them on-premise or in the cloud >

Finally, is there a checklist of things I should know before I purchase Privileged Account Management software?

Choosing the right PAM software for your organization is a task to be taken seriously. Research can be hard to do because even once you have your final contenders on a shortlist you’re still not comparing apples with apples.

Here’s a checklist of some important items to consider. We recommend calling vendors and asking questions before purchasing PAM software. Also, request a free trial to be sure your IT team will use it. Once you have a checkmark next to every item, you’re looking at software you’ll be happy with.

Item Things to Consider Check
It’s fully scalable Will the software scale up to meet your needs as your organization grows?
It’s a complete solution Does the price include everything you need to truly lock down your privileged accounts in the manner most suitable for your organization? You should not have to navigate numerous add-ons for every little feature or pay later for additional functionality. Everything you need in a solution should start from day 1.
It’s easy to install and fast to deploy Your IT admins will thank you for this.
It’s simple to manage Good PAM software makes your IT admin’s job easier not more complex.
It’s well accepted by users A high adoption rate among users results in better security across your organization.
The time to value is excellent The solution should be swift, effective, and assist you with the kind of protection promised without having to establish any extended timelines.
It’s affordable Prices vary—a lot. View our charts to see how popular vendors compare price-wise.
It has all the features you need, and a few you hadn’t even thought of Are new features added regularly to keep the software up to standard? Ask to view the features list.
The support is top notch Support must be guaranteed from trial to purchase. The best vendors offer phone, email, knowledge base and forum support.
The solution should be constantly evolving Attack vectors keeping increasing in number and complexity. The solution should be able to keep up.
Customers have a voice You should have a say in the direction the solution is developed.

In the end, it’s all about cyber security

The important point of all these terms is that controlling accounts and identities that wield power over a network or give high levels of network access is critical for cyber security. Someone with a privileged account can move across your network accessing all kinds of data. This is especially concerning if a hacker or malicious employee acquires a privileged account or if a malicious employee is part of the privileged identity group.

If you’re concerned that your organization does not have a super-secure privileged account management system in place, please encourage your IT admin to try the free version of our PAM software. It’s fast to download and easy to use. And if you love it you’ll be happy to hear that it’s also affordable.