Privileged access management checklist: 20 questions to ask

November 13, 2021

Thinking about implementing a privileged access management solution? With security threats on the rise and more people working remotely, it’s critical that companies lock down and monitor privileged accounts. This makes it harder for hackers to access your most sensitive data and systems.

You might think PAM software is complicated and costly. But today’s next-generation PAM solutions have changed all that. PAM software is now easier to install, implement, maintain and it’s affordable.

Before you get started with a PAM implementation, take into consideration ease of implementation, product features, pricing, and support. Here are 20 questions to consider when evaluating PAM solutions.

PAM checklist – Top 20 questions

Implementation

  1. How is the privileged account management solution deployed and does it require any changes to your environment?
  2. Can it work on-premises or in the cloud in physical or virtual environments, hosted on Windows or Linux OS?
  3. How long does it take to implement? What is the client install, server footprint, and is it agentless?
  4. Can the software easily integrate with other IT management, security, and IAM software such as MFA?
  5. Can you implement it gradually starting with basic PAM functionality and build towards advanced just-in-time access strategies?

Features / Functionality

  1. Is it easy to use? Is the user interface and application interface intuitive?
  2. Are you able to discover, detect, and onboard existing privileges accounts?
  3. Does it include vaulting and strong password management for protecting credentials and secrets (including SSH keys)?
  4. Can you log and record privileged sessions with playback indexed by keystrokes, file, and clipboard transfer events?
  5. Can you automate tasks such as password resets, discovery for servers, and network devices?
  6. Does it offer a full audit trail for all privileged access and permissions? Extensive logging and reports, as well as integration into other systems.
  7. Can you create automated alerts in case of abnormal use of the credentials?
  8. Does it support just-in-time access strategies where accounts are granted privileges on a time-bound basis?
  9. Does the software offer advanced proxy support for RDP, SSH, and web proxies for secure, high trust remote sessions?
  10. Does the solution provide out-of-the-box controls to meet GDPR, HIPAA, NIST 800-171 or ISO 27001?

Pricing / Support

  1. What is the solution’s pricing model? Is it a unified pricing model? And are all features included or do you have to buy separate modules?
  2. Can it be maintained using existing IT resources or will you need additional consulting services?
  3. Is the software scalable?
  4. How responsive is the customer support team?
  5. What is the product’s road map and how often is the product updated?

See Imprivata Privileged Access Management in action

Imprivata Privileged Access Management provides comprehensive, easy-to-use privileged access management that helps you improve security by protecting privileged accounts from unauthorized access. Download a free 7-day trial today, or request a demo.