PAM as a Service: Privileged Access Management for everyone?

PAM as a Service

The protection of information systems requires the deployment of a PAM (Privileged Access Management) solution for the surveillance of privileged users, which if deployed on-premise, may be too restrictive to implement for some organizations. In this context, PAM as a Service, or Privileged Access Management as a public cloud service, will be a guarantee of simplicity for the IT teams involved. From a deployment in a few clicks to the guarantee of regular and automatic updates, PAM as a Service is suitable for all organizations, but above all it provides the opportunity to monitor privileged users in small and medium sized companies who might see PAM on-premise as a too large investment.

PAM as a Service: what advantages compared to PAM on-premise?

The first advantage of PAM as a Service is its simplicity and speed of deployment as well as the time savings it provides over the long term. Most of the service is hosted at the edge of the information system (the “edge” of the SASE approach), as a cloud service, particularly for the user access portal, in order to be able to guarantee access in complete security, including in the case of external access. Then, a relay is deployed closer to resources, more deeply, to secure the end-to-end connection. The relay is automatically referenced on the centralized server. Once the relay or relays are implemented, no additional installation is required. Updates are then automatic and totally transparent for the IT department, which means that no human resources are required for tasks related to the management of the solution.

PAM as a Service also has a financial benefit: costs are staggered over time according to the actual usage, whereas PAM on-premise requires a significant initial investment, sometimes incompatible with the budget allocated for IT. The maintenance and management of updates of the solution will also be a cost vector in the on-premise model. PAM as a Service ultimately allows a better predictability of costs and spreads them over time. However, PAM on-premise may sometimes be better suited to certain organizations, particularly those with large IT resources, both financial and human, if they prefer to have full control of their data, for example for regulatory compliance reasons.

PAM as a Service also provides organizations with some resilience for all external access of privileged users. Indeed, the entire targeted information system is hidden and protected behind the centralized service platform. This means that actors who need to connect from the outside can do it in complete security, whether they are internal administrators on call or teleworking, or service providers mandated to intervene on the information system. Malicious users have no information to try to penetrate the system and attempt to steal or destroy data or parts of the information system vital to the operation of the organization.

Can we go further to democratize the PAM?

PAM as a Service opens the door to many organizations, but some of them may not have the human resources necessary to use the PAM. In this case, it is possible to outsource the administration of its IS and thus delegate the administration of its information system to a service provider. PAM is an essential link in cybersecurity for companies and administrations, which must be able to monitor but also to trace a posteriori any action made by privileged users whose impact is preponderant for the security of the information system. In order to democratize its use and open it up to a larger number of organizations, Systancia is launching Systancia Cleanroom Service, the PAM as a Service solution that secures organizations’ information systems with minimal impact on human resource allocation.