Effective Privileged Account Management Requires Identity Governance


The typical enterprise has an ever-increasing number of privileged accounts to manage across on-premises and cloud environments. These privileged accounts extend outside the organization to contractors, business partners, and other third parties. Holders of privileged credentials access systems and data from a wide range of devices and diverse locations. Many systems and applications also use privileged credentials to access the resources they need.

Securing these privileged credentials in CyberArk’s Enterprise Password Vault helps to prevent them from being compromised and enables granular control over who and what can access them. The vault also provides automated rotation of passwords and SSH keys to support security best practices without impacting the production environment.

However, privileged credential security is just one piece of the puzzle. Organizations need to ensure that privileged entitlements are granted to the right individuals and roles and manage privileged credentials across their lifecycle.

These processes fall within the domain of identity governance. Identity governance is the centralized oversight of identities and access controls based on established policies. It can also be described as “the establishment and management of policies, processes, and accountabilities” to create roles and entitlements related to information access and to efficiently handle access requests and approvals.

Identity governance helps to standardize identity information in order to streamline processes, reduce risk, and ensure compliance in a consistent and effective manner. It works in concert with identity and access management (IAM) to enforce rules and policies to protect systems and data from unauthorized access.

However, identify governance tends to be overlooked when organizations implement IAM programs, leading to poor access controls, difficulty enforcing policies, and regulatory compliance violations. These risks are even greater with privileged credentials. Without consistent policy enforcement and separation of duties, privileged access may be granted to individuals who do not need it. In addition, Ill-defined processes for privileged account management can impact productivity if users must wait for access to systems. This also can increase the number of orphaned and dormant accounts that aren’t properly deprovisioned when no longer used.

CyberArk is addressing these gaps through the integration of its Privileged Access Security platform with the SailPoint IdentityIQ Privileged Account Management Module. This integration enables organizations to more effectively limit access to privileged credentials stored within the CyberArk vault, while streamlining delivery of privileged account access. Full-lifecycle management of privileged accounts reduces the attack surface and minimizes entitlement creep.

CyberArk has developed an application that leverages the System for Cross-domain Identity Management (SCIM) to integrate with third-party solutions. SCIM is an open standard for exchanging identity data between systems and domains. CyberArk’s SCIM application uses the PACLI command-line interface to retrieve and modify data in the CyberArk vault. The SailPoint solution uses an API to interact with the SCIM application.

Clango’s team of certified CyberArk specialists can help you take full advantage of these and other integrations available through the CyberArk Marketplace. Clango also develops custom integration through our Clango Innovation Labs. We are here to help you maximize your security investments and eliminate the silos that can limit visibility and control.

While the CyberArk vault protects privileged credentials from compromise, it does not ensure that the right people have access. Privileged access to systems, applications, and data requires a combination of identity governance and IAM policies and procedures.


For more information about PAM and Identity Governance, please send us an email at (

Comments Closed.