Skip to content

    PAM vs. PIM vs. IAM

    What do all those acronyms mean?

    Want to learn more about Privileged Access Management and Cybersecurity terminology?

    If access management jargon leaves you perplexed, you’re not alone

    We know this because we are so often asked to explain the difference between PIM, PAM and IAMprivileged identity management, privileged access management and identity and access management. People also ask if privileged access management and privileged account management both PAM—are the same thing. Or are they just similar?

    So, we created a glossary of these cybersecurity acronyms, and more, and below we clarify how the meaning of these phrases differ and factor into an organization’s cybersecurity setup.

    So, what is PAM vs PIM vs IAM? And what makes these acronyms so confusing?

    PAM, PIM, IAM and other access management acronyms are related to the same thing: Solutions to secure your sensitive assets. These terms are about safeguarding data and systems by managing who has access and what they’re allowed to see and do. You’ll notice that several definitions overlap a little, so people are inclined to use them as if they were fully interchangeable—and this creates confusion.

    Many Of These Acronyms Include The Words “Privilege” And “Privileged.” What’s The Difference?

    Privilege vs Privileged - what's the difference?
    Privilege Icon

    Privilege:

    “Privilege” is the authority to make changes to a network or computer. Both people and accounts can have privileges, and both can have different levels of privilege.

    For example, a senior IT administrator or “super user” may be able to configure servers, firewalls, and cloud storage, and has a high level of privilege. A sales rep, however, should be able to use some systems—by logging into laptops and accessing sales data, for instance—but they shouldn’t be able to change network settings, permissions, or download software unless it’s on an approved list.

    Picture all the people who have different levels of access on the network of a single organization: the Unix administrator can access Unix systems; the Windows admins manage Windows systems; Help Desk staff can configure printers, etc. Add to that all the accounts required to log into those systems and you can quickly imagine the thousands upon thousands of privileges within an organization.

    Privileged Icon

    Privileged:

     

    “Privileged” is an adjective that describes things with privilege (e.g. privileged account, privileged identity).

    When someone says, “That account has privilege,” they mean it has a higher level of access and permissions than a standard account. One could also say, “That is a privileged account.”

    In the example of the administrator role, although the admin has a certain level of privilege he or she still needs a privileged account in order to perform privileged tasks.

    What is the meaning of “Privileged Access?”

    Briefly, it’s definitive, authorized access of a user, process, or computer to a protected resource.

    Privileged Access Management, therefore, encompasses a broader realm than Privileged Account Management, focused on the special requirements for managing those powerful accounts within the IT infrastructure of an organization. It also consists of the cybersecurity strategies and technologies for exerting control over the elevated access and permissions for users, accounts, processes, and systems across an IT environment.

    Also incorporated under Privileged Access Management is how the account is being protected. For example, access workflows, two-factor/multi-factor authentication, session recording, and launching are critical elements of a comprehensive Privileged Access Management strategy.

    What is Privilege Management vs. Privileged Access Management vs. Privileged Account Management

    You’ll often hear the words “privilege” and “privileged” used in context with “management.” Privilege Management refers to the process of managing who or what has privileges on the network.

    This is different from privileged account management, which refers to the task of managing the actual accounts that have already been given privileges.

    We always say privileged accounts are the keys to the kingdom. They provide access to a company’s most critical information.

    A privileged account can be human or non-human. These accounts exist to allow IT professionals to manage applications, software and server hardware. They also provide administrative or specialized levels of access based on higher levels of permissions that are shared. The typical user of a privileged account is a system administrator responsible for managing an environment or an IT administrator of specific software or hardware.

    Other frequently asked questions about access management

    Finally, is there a checklist of things I should know before I purchase Privileged Access Management software?

    Choosing the right PAM software for your organization is a task to be taken seriously. Research can be hard to do because even once you have your final contenders on a shortlist you’re still not comparing apples with apples.

    Here’s a checklist of some important items to consider. We recommend calling vendors and asking questions before purchasing PAM software. Also, request a free trial to be sure your IT team will use it. Once you have a checkmark next to every item, you’re looking at software you’ll be happy with.

    Item Things to Consider
    Fully scalable Will the software scale up to meet your needs as your organization grows?
    Complete solution Does the price include everything you need to truly lock down your privileged accounts in the manner most suitable for your organization? You should not have to navigate numerous add-ons for every little feature or pay later for additional functionality. Everything you need in a solution should start from Day One.
    Easy to install
    Fast to deploy
    Your IT admins will thank you for this.
    Simple to manage Good PAM software makes your IT admin’s job easier not more complex.
    Well accepted by users A high adoption rate among users results in better security across your organization.
    Excellent time to value The solution should be swift, effective, and assist you with the kind of protection promised without having to establish any extended timelines.
    Affordable Prices vary—a lot. View our charts to see how popular vendors compare price-wise.
    Feature Rich Are new features added regularly to keep the software up to standard? Ask to view the features list.
    Top-notch support Support must be guaranteed from trial to purchase. The best vendors offer phone, email, knowledge base and forum support.
    Innovation and frequent updates Attack vectors keep increasing in number and complexity. The solution should be able to keep up.
    Customer responsiveness You should have a say in the direction the solution is developed.

    Related Reading:
    How to find your best match among Privileged Access Management Vendors
    Privileged Access Management (an overview of PAM from the basics to becoming an expert)

    If you’re concerned that your organization does not have a super-secure privileged access management system in place, please encourage your IT admin to try the free version of our PAM software.

    Ever wondered how privileged access management fits into your organization’s overall security strategy?

    Your security strategy must account for many aspects of security in both real and digital environments: cybersecurity, network security, operational security, personnel security and physical security. Many people and systems are involved in making corporate security successful:

    histogram-dot

    Cybersecurity

    Privileged Account / Access / Identity Management

    Privilege Management

    Identity Access Management

    User Behavioral Analytics

    cyber-security-icon
    histogram-dot
    personal-security-icon

    Personnel Security

    Information Systems Security Officer (ISSO)

    Chief Information Security Officer (CISO)

    IT Admins

    Network Admins

    IT Security Administrators

    End-users

    histogram-dot

    Operational Security

    Risk Management

    User Security Policies

    Offboarding Policies and Procedures


     
    operational-security-icon
    histogram-dot
    physical-security-icon

    Physical Security

    Fences

    Guards

    Alarms Systems

    Closed Circuit TV

    Keys, Locks, Cipher Locks

    histogram-dot

    Network Security

    Firewalls

    Anti-virus

    SIEM

    network-security-icon

    At Every Stage Of Your PAM Journey, We’re Here To Help

    PAM for Dummies

    Ready to get started with Privileged Access Management?

    Free Ebook

    Get the basics in place with Wiley’s PAM for Dummies

    Download Now
    Expert's Guide to Privileged Access Management eBook

    Want to take Privileged Account Management to the next level?

    Free Ebook

    Get advanced tips in the Expert’s Guide to PAM

    Download Now