Privilege, in an Information Technology context, can be defined as the authority a given account or process has within a computing system or network. It provides the authorisation to override, or bypass, certain security restraints, and may include permissions to perform such actions as shutting down systems, loading device drivers, configuring networks or systems, provisioning and configuring accounts and cloud instances, etc.
Management of these privileges through the use of Cybersecurity strategies and technologies to exert control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment can be called as Privileged Access Management (PAM). Enforcing certain level of privileged access controls can help an enterprise to condense their organisation’s attack surface, and prevent, or at least mitigate, the damage arising from external attacks as well as from insider malfeasance or negligence.
The domain of privilege management is generally accepted as falling within the larger scope of Identity and Access Management (IAM). Together, PAM and IAM help to provide fined-grained control, visibility, and auditability over all the credentials and privileges.
Additionally, many compliance regulations (including HIPAA, PCI DSS, FDDC, SAMA, SIA (NESA), FISMA, and SOX) necessitate that organisations apply least privilege access policies to ensure responsible data stewardship and systems security.
