How to Choose the Right Privileged Access Management Solution


Researchers who study large-scale data breaches have concluded that nearly all successful attacks involve privileged account compromise. In the 2017 Yahoo! breach, attackers began by stealing a user’s credentials, then harvested privileged credentials from the local PC in order to gain access to higher-level assets. The 2015 attacks on the U.S. Office of Personnel Management (OPM) followed a similar course, and the full effects of that breach are only beginning to be felt.

In light of this risk, many organizations are planning to implement a privileged access management (PAM) solution. It’s simply too difficult to manually manage growing numbers of privileged accounts. The right PAM solution provides the centralized control and automation needed to protect thousands of credentials and “secrets” across the extended enterprise.

But how do you choose a PAM solution that will meet your needs now and in the future? The first step is to conduct a comprehensive inventory of your privileged accounts and assess any security risks they might pose to your organization. CyberArk’s Discovery and Audit (DNA) scan automatically identifies privileged accounts and systems that may be vulnerable to credential theft attacks. You receive executive and technical reports that provide visibility and insight into your PAM security posture.

Next, analyze your privileged account inventory to determine where the credentials are located. Are they primarily in on-premises systems or do you also need to consider cloud services? What about credentials stored in application and DevOps tools? It’s important to select a PAM platform that can protect your entire environment in a unified way.

You should also consider the challenges your IT and cybersecurity teams are facing. Are they overwhelmed by security alerts? Do they lack the resources to monitor and proactively manage a PAM platform? You’ll want a solution that automates manual processes and secures privileged accounts without impacting operational processes. Features to look for include:

  • A password vault that secures credentials and prevents unauthorized access but makes it easy for administrators to “check out” the passwords they need.
  • The ability to rotate passwords, SSH keys and other “secrets” and automatically propagate the changes throughout the environment.
  • Recording and risk-based assessment of privileged sessions, enabling security teams to prioritize review
  • APIs for automating PAM workflows and integrating the solution with other security and operational tools.
  • A flexible and scalable architecture that can support growing numbers of users, devices and applications and changing business requirements.

CyberArk checks all the boxes when it comes to enterprise-class PAM features. It protects privileged credentials across on-premises, cloud and DevOps environments, and enables you to locate and eliminate hard-coded credentials in applications and scripts. Privileged sessions are monitored and recorded so you can detect and shut down suspicious activity. CyberArk also provides privileged threat analytics with granular detail and accelerates incident response with automated tools and actionable alerting.

Privileged access management should be on every organization’s priority list, but it’s important to choose a platform that provides end-to-end visibility and comprehensive protection. Let Clango help you determine if CyberArk’s solution is the right fit for your IT environment, operational processes and risk profile.


For more information choosing the right PAM solution, please send us an email at (

Comments Closed.