Episode 097: 03‐20‐2025 Patterns and Anti‐patterns in Privileged Access Management (PAM) - GluuFederation/identerati-office-hours GitHub Wiki
Title: Patterns and Anti-patterns in Privileged Access Management (PAM)
-
Host: Mike Schwartz, Founder/CEO Gluu
-
Guest: Rainer Hörbe, Sr. Manager, KPMG
-
Guest Martin Sandren, Product leader IAM IKEA
Description
Managing privileged access is one of the most critical aspects of cybersecurity, yet organizations often struggle with implementing it effectively. In this episode of Identerati Office Hours, we’re joined by Rainer Hörbe, Senior Manager at KPMG, to explore the key patterns and anti-patterns in Privileged Access Management (PAM).
We’ll discuss:
- 🔹 Common PAM pitfalls and how to avoid them
- 🔹 Best practices for securing privileged accounts
- 🔹 Strategies for balancing security, usability, and compliance
- 🔹 Real-world insights on what works—and what doesn’t—in PAM
Join us for a deep dive into the do’s and don’ts of PAM with one of the industry’s leading experts. Whether you're designing a PAM strategy or optimizing an existing one, this session will provide actionable takeaways to strengthen your security posture.
Homework
Takeaways
-
⚡ Understand your business objectives for PAM, and then engage security architects to design a solution. This will give your enterprise a much better chance of having a successful initial implemenation which you can build on.
-
⚡ PAM is not a project that ends, it's an ongoing opertional effort.
-
⚡ By definition, PAM systems cover a limited spectrum of applications. On-prem PAM systems are strong at making Active Directory more secure, but bad at cloud. Cloud PAM systems are missing features for on-prem. PAM products exist to make Linux server ssh access more secure--including features like session recording. So PAM systems offer marginal operational leverage, but are never a total solution.
-
⚡ PAM aligns with TBAC: many PAM systems now issue tokens in the form of X.509 certificates that convey authorization. What would be even better is if PAM systems relied on externalized policies, managed like code in a normal CI/CD process.