+1-202-802-9399 (US)

IAM, PIM and PAM:

Here’s what those cyber security acronyms mean.

Understand the meaning of IAM, PIM, PAM and other cyber security acronyms.

Looking for a definition? Try our interactive dictionary.

  • AAPM

    Application to Application Password Management.

  • EDR

    Endpoint Detection and Response.

  • EPM

    Endpoint Privilege Management.

  • EPP

    Endpoint Protection Platform.

  • IAM

    Identity and Access Management.

  • PAM

    Privileged Access Management and Privileged Account Management.

  • PASM

    Privileged Account and Session Management.

  • PEDM

    Privilege Elevation and Delegation.

  • PIM

    Privileged Identity Management.

  • PSM

    Privileged Session Management.

  • PUM

    Privileged User Management.

  • PxM

    Privileged ________ Management. It refers to “all of the above” privileged terms.

  • SAPM

    Shared Account Password Management.

  • SCCM

    Software Change and Configuration Management.

  • SIEM

    Security Information and Event Management.

  • SUPM

    SuperUser Privilege Management.

  • UAC

    User Account Control.

  • UEBA

    User and Entity Behavioral Analytics.

Cyber security acronyms are popping up all over, but what do they mean?

  • AAPM

    Application to Application Password Management.

  • EDR

    Endpoint Detection and Response.

  • EPM

    Endpoint Privilege Management.

  • EPP

    Endpoint Protection Platform.

  • IAM

    Identity and Access Management.

  • PAM

    Privileged Access Management and Privileged Account Management.

  • PASM

    Privileged Account and Session Management.

  • PEDM

    Privilege Elevation and Delegation.

  • PIM

    Privileged Identity Management.

  • PSM

    Privileged Session Management.

  • PUM

    Privileged User Management.

  • PxM

    Privileged ________ Management. It refers to “all of the above” privileged terms.

  • SAPM

    Shared Account Password Management.

  • SCCM

    Software Change and Configuration Management.

  • SIEM

    Security Information and Event Management.

  • SUPM

    SuperUser Privilege Management.

  • UAC

    User Account Control.

  • UEBA

    User and Entity Behavioral Analytics.

Let’s Explain these terms

Some terminology for cyber security is plain confusing. Like identity and access management (IAM), privileged identity management (PIM) and privileged access management (PAM).  Are they the same, or just similar? We created an online dictionary to get to the bottom of it right here, right now.

What makes IAM, PIM, PAM and the other cyber security acronyms so confusing?

IAM, PIM, PAM and other acronyms we’re going to talk about are related to the same thing: solutions to secure sensitive assets. These terms are about safeguarding data and systems by managing who has access and what they’re allowed to see and do. These terms overlap a little, which can be confusing. Some phrases are relative newcomers to the cyber security lexicon and people are often inclined to drop them into conversation as if they were fully interchangeable.

Many of these acronyms include the words “privilege” and “privileged.” What’s the difference?

Privilege VS Privileged - Computers, Users, Behavior

Privilege:

“Privilege” is the authority to make changes to a network or computer. Both people and accounts can have privileges, and both can have different levels of privilege.

For example, a senior IT administrator or “super user” may be able to configure servers, firewalls, and cloud storage, and has a high level of privilege. A sales rep, however, should be able to use some systems—by logging into laptops and accessing sales data, for instance—but they shouldn’t be able to change network settings, permissions, or download software unless it’s on an approved list.

Picture all the people who have different levels of access on the network of a single organization: the Unix administrator can access Unix systems; the Windows admins manage Windows systems; Help Desk staff can configure printers, etc. Add to that all the accounts required to log into those systems and you can quickly imagine the thousands upon thousands of privileges within an organization.


What is “privileged access?”

Briefly, it’s definitive, authorized access of a user, process, or computer to a protected resource.

Privileged Access Management, therefore, encompasses a broader realm than Privileged Account Management, focused on the special requirements for managing those powerful accounts within the IT infrastructure of an organization. It also consists of the cyber security strategies and technologies for exerting control over the elevated access and permissions for users, accounts, processes, and systems across an IT environment.

Also incorporated under Privileged Access Management is how the account is being protected. For example, access workflows, two-factor/multi-factor authentication, session recording, and launching are critical elements of a comprehensive Privileged Access Management strategy.

Privileged:

“Privileged” is an adjective that describes things with privilege (e.g. privileged account, privileged identity).

When someone says, “That account has privilege,” they mean it has a higher level of access and permissions than a standard account. One could also say, “That is a privileged account.”

In the example of the administrator role, although the admin has a certain level of privilege he or she still needs a privileged account in order to perform privileged tasks.


What is Privilege Management vs. Privileged Access Management vs. Privileged Account Management

You’ll often hear the words “privilege” and “privileged” used in context with “management.” Privilege Management refers to the process of managing who or what has privileges on the network.

This is different from privileged account management, which refers to the task of managing the actual accounts that have already been given privileges.

We always say privileged accounts are the keys to the kingdom. They provide access to a company’s most critical information.

A privileged account can be human or non-human. These accounts exist to allow IT professionals to manage applications, software and server hardware. They also provide administrative or specialized levels of access based on higher levels of permissions that are shared. The typical user of a privileged account is a system administrator responsible for managing an environment or an IT administrator of specific software or hardware.

Related Reading:  The Evolution from Password Managers to Privileged Access Management. Which is right for you?

Identity Management vs. Privilege Management

The domain of Privilege Management is generally accepted as part of the broader scope of Identity and Access Management (IAM). However, identity and privilege are inextricably linked and, as tools and solutions become more sophisticated, the lines continue to blur.

Identity refers to attributes. You, your boss, the IT admin, and the HR person are only a handful of examples of who can be responsible for creating, updating, or even deleting attributes. The core objective of IAM is one digital identity per individual. Once that digital identity has been established, it must be maintained, modified and monitored.

Privilege Management is part of IAM, helping manage entitlements, not only of individual users but also shared accounts such as  super users, administrative or service accounts. A PAM tool, unlike IAM tools or password managers, protects and manages all privileged accounts. Mature PAM solutions go even further than simple password generation and access control to individual systems, but also provide a unified, robust, and – importantly – transparent platform integrated into an organization’s overall Identity and Access Management (IAM) strategy.

Interested in PAM? Check out these FREE RESOURCES

How does all this privileged stuff fit into my organization’s security strategy?

Your security strategy must account for many aspects of security in both real and digital environments: cyber security, network security, operational security, personnel security and physical security. Many people and systems are involved in making corporate security successful:

Cyber
Security 

  • Privileged Account / Access / Identity Management
  • Privilege Management
  • Identity Access Management
  • User Behavioral Analytics

Personnel
Security 

  • Information Systems Security Officer (ISSO)
  • Chief Information Security Officer (CISO)
  • IT Admins
  • Network Admins
  • IT Security Administrators
  • End-users

Network
Security 

  • Firewalls
  • Anti-virus
  • SIEM

Operational
Security 

  • Risk Management
  • User Security Policies
  • Offboarding Policies and Procedures

Physical
Security 

  • Fences
  • Guards
  • Alarms Systems
  • Closed Circuit TV
  • Keys, Locks, Cipher Locks

What are the top risks of having unknown or unmanaged privileged accounts?

A privileged account that is unknown is an account that has been forgotten and lost in the system. Virtually all organizations have some unknown accounts and some have thousands. Accounts become unknown for many reasons:

  • An employee leaves and the account is simply abandoned.
  • The account is utilized less and less until it becomes obsolete and forgotten.
  • Default accounts for new devices are not utilized.

Every unknown account increases your vulnerability and presents an opportunity for an intrusion.
Here are a few things that could happen:

  • An employee finds the account and uses it to perform unauthorized tasks.
  • An ex-employee continues to access the account.
  • A hacker finds the account and penetrates your organization, steals information, and wreaks untold havoc.

How does PAM software thwart hackers and other external threats?

Effective PAM solutions employ numerous features to lock down privileged access and thwart cyber attacks. They can discover privileged accounts across your organization and import them into a secure, encrypted repository—a password vault. Once all privileged credentials are inside, the solution can manage sessions, passwords, and access automatically. Combine all this with features like hiding passwords from certain users, auto-rotating valuable passwords, recording sessions, auditing, and multi-factor authentication and you have a robust defense against external threats.

How does Privileged Access Management software protect organizations from internal threats?

PAM solutions contain multiple features to safeguard against internal threats. Audit trails and email alerts keep administrators informed of what’s going on in the environment. Session monitoring and recording increases visibility of privileged account activity. There are also permissions as well as role-based access controls to give users the access they need to do their jobs. Last but not least, there should be a feature to sever the access users had the moment they leave the organization.

Is a password-protected Excel spreadsheet a secure way to manage and share passwords?

No, definitely not. Though very common, Excel was never intended to be a password management solution and lacks crucial security features. A spreadsheet doesn’t know the difference between the CIO and a summer intern. The same applies to other popular methods companies use to store and share passwords, like Word documents, text files, even Post-it notes.

See why storing passwords in Excel spreadsheet is risky business >

Is my small business ready for enterprise-level Privileged Account Management software?

PAM is critical regardless the size of your business. Every organization needs privileged account management. Fortunately, there are free or inexpensive solutions that make it easy and affordable:

If your company has fewer than 25 users and under 250 passwords, you can manage them securely and professionally for free >
If your company has over 25 users or 250 passwords, you can securely manage them on-premise or in the cloud >

Finally, is there a checklist of things I should know before I purchase Privileged Access Management software?

Choosing the right PAM software for your organization is a task to be taken seriously. Research can be hard to do because even once you have your final contenders on a shortlist you’re still not comparing apples with apples.

Here’s a checklist of some important items to consider. We recommend calling vendors and asking questions before purchasing PAM software. Also, request a free trial to be sure your IT team will use it. Once you have a checkmark next to every item, you’re looking at software you’ll be happy with.

Item Things to Consider Check
Fully scalable Will the software scale up to meet your needs as your organization grows?
Complete solution Does the price include everything you need to truly lock down your privileged accounts in the manner most suitable for your organization? You should not have to navigate numerous add-ons for every little feature or pay later for additional functionality. Everything you need in a solution should start from Day One.
Easy to install
Fast to deploy
Your IT admins will thank you for this.
Simple to manage Good PAM software makes your IT admin’s job easier not more complex.
Well accepted by users A high adoption rate among users results in better security across your organization.
Excellent time to value The solution should be swift, effective, and assist you with the kind of protection promised without having to establish any extended timelines.
Affordable Prices vary—a lot. View our charts to see how popular vendors compare price-wise.
Feature Rich Are new features added regularly to keep the software up to standard? Ask to view the features list.
Top notch support Support must be guaranteed from trial to purchase. The best vendors offer phone, email, knowledge base and forum support.
Innovation and frequent updates Attack vectors keeping increasing in number and complexity. The solution should be able to keep up.
Customer responsiveness You should have a say in the direction the solution is developed.

If you’re concerned that your organization does not have a super-secure privileged access management system in place, please encourage your IT admin to try the free version of our PAM software.

Check out other cyber security terms, tools and topics here!