Abstract
A considerable portion of today’s cybercrime involves misusage of privileged accounts. It
has been estimated that on average in company environments there is double the number
of privileged accounts compared to the number of employees. Often these accounts are
left behind in different systems without being actively managed, sometimes leading to
eventually being completely forgotten. Considering the access level of such credentials to
confidential and critical company resources, they pose a severe risk to the company’s cybersecurity. In different organizations awareness has been increasing about the need to
bring these privileged accounts under active management and protection.
A growing need for privileged access management in the customerfield has also been noticed in the assigner company of this work. Based on the theory part, the goal was to write
an introduction guide for the assigner company, which could be used in introducing new
employees to PAM (Privileged Access Management).
Privileged accounts can be managed by taking benefit from PAM tools and processes. The
theory part concentrated on PAM backgrounds, necessity, features, and implementation.
Locating PAM in a wider IAM (Identity and Access Management) framework was also one
of the addressed topics.
The introduction guide was divided into three main categories: PAM backgrounds, components, and lifecycle process. The guide can be used to gain necessary base-level understanding about PAM, which provides the possibility to further deepen knowledge about
technical implementations and PAM products from different vendors. Goal of the guide is
not to give detailed description about technical configurations or features, but instead give
introduction to the subject for someone who gets involved in the subject for the first time.