PIM products are designed to rein in the shared-privileged-account sprawl, automate manual processes and provide an audit trail and monitoring of privileged account and user activity. Several vendors have established themselves in the PIM market, most notably BeyondTrust, Cyber-Ark, e-DMZ Security and Lieberman Software. The suites vary somewhat, but they have four primary capabilities:
Privileged password and account management: This is the core capability of any PIM suite, which addresses the primary pain points around privilege management. The PIM product is a secure repository that internally and automatically generates new passwords and controls user access and authorization for all systems according to corporate policies. So the privileged user logs in and is granted access and authorization for that session based on company-defined roles. The idea is to eliminate account and password sprawl and grant the user only those rights that are required to perform his job. (You should also consider how you handle password resets while you're cleaning things up.) The tool also provides detailed audit trails and should integrate seamlessly with corporate directories, ticketing systems, and so on.
Also read Role management software dos and don'ts
Managing services, scripts and applications: The PIM will manage non-human accounts, such as those required by services and accounts in legacy applications. This ensures that system password changes will be extended to all dependent services. Passwords for embedded applications, which enterprises are reluctant to touch lest they break the app, will no longer be compromised.
Session control and monitoring: This capability allows enterprises to authorize privileged-user connections on a per-session basis and monitor and record activity during the session. This may include a DVR-like recording function that allows investigators to watch exactly what was done.
Command control: This allows granular control and monitoring of commands a user can run based on her role and required tasks.
Audit: The Big Stick
Vendors say regulatory compliance and audits are still the primary drivers in the PIM market. "Seventy percent of our customers or prospects come in as a result of some open audit issue," says Martin Ryan, e-DMZ Security's vice president of worldwide sales.