PIM vs. PAM: What’s the Difference and Does It Matter?


Any organization seeking to improve the security of its privileged accounts will soon run into a pair of acronyms: PIM (privileged identity management) and PAM (privileged access management). The two terms are closely related and often used interchangeably, but there are distinct differences.

Let’s start by defining what “privileged” means. A privileged account allows a user to take administrator-level action, such as changing systems settings and permissions, adding users, and downloading software. Because of the power afforded to privileged accounts, they demand greater security than regular accounts. Many of the most notorious cyberattacks in recent years were executed through the successful exploitation of privileged accounts

Identity management is the process of defining and managing roles and access privileges and associating them with individual users or groups. PIM is a subset of identity management focused on privileged accounts. It is smaller in scope and involves much greater risk to an organization. Administrative accounts exist on systems even if no particular individual is associated with them.

With PIM, you start with a given set of privileges and determine who gets to use them and under what circumstances. To do so, you need to define a policy that specifies how administrative accounts will be managed and what privileged users will be allowed to do. The next step is to take inventory of the privileged accounts throughout the environment and implement processes and tools for managing those accounts according to the established policy.

Once you’ve identified your privileged accounts and established policies and procedures governing them, you need to establish processes for securing those credentials and ensuring they’re used appropriately. That’s where PAM comes into play. PAM puts stricter controls on privileged credentials and monitors activities that use those credentials.

Traditionally, organizations have done little to manage and control administrative accounts. Often, privileged credentials were given out to anybody who needed that level of access and shared among multiple users. That makes a hacker’s job easy. And if privileged credentials were to fall into the wrong hands or be misused by a malicious insider, it would be virtually impossible to spot those activities.

According to Gartner, PAM requires some way of securing passwords, including passwords used by systems and software as well as human administrators, and some form of privileged session management. Privileged credentials should be stored in a vault with the highest levels of security, rotated regularly and, ideally, never revealed. PAM solutions should also provide some means of monitoring active administrator sessions and allowing security teams to suspend or terminate those sessions if they spot suspicious activities.

CyberArk’s Core Privileged Access Security solution provides these features, along with other capabilities that enable a more effective PAM strategy. In the 2018 Gartner Magic Quadrant for Privileged Access Management, CyberArk was named a leader and positioned highest in execution and furthest in vision.

Clango offers a suite of professional and managed services surrounding PIM, PAM, and the CyberArk platform. We help organizations develop a PIM strategy, implement and manage CyberArk, and take advantage of our unique tools that extend the value of CyberArk and increase operational efficiency.

PIM and PAM are the two essential components of securing privileged credentials. Clango can help you leverage these techniques to enhance your security posture.


For more information about Clango’s professional managed services surrounding PIM, PAM, and CyberArk’s Core Privileged Access Security Platform, please send us an email at (

Comments Closed.