August, 2019 - Reading time: 8 minutes
Organizations increasingly operate in hybrid IT environments, blending on-prem infrastructure with cloud services. With this architectural shift, managing privileged access becomes a critical concern. In August 2019, this topic remains highly relevant as more enterprises explore zero trust architectures and adopt modern PAM (Privileged Access Management) approaches that span legacy and cloud-native resources.
Understanding Privileged Access
Privileged access refers to the ability to perform administrative actions, bypass standard security restrictions, or manipulate system-level resources. Examples include domain administrators, root users on Linux systems, and subscription owners in cloud platforms.
In hybrid environments, privileged identities extend across:
- On-prem Windows Active Directory accounts
- Cloud admin roles (e.g., Azure Global Admin, AWS root)
- SaaS platform admins (e.g., M365, Salesforce)
- Application-level superusers and DBAs
Challenges of PAM in a Hybrid World
Managing these identities consistently across silos is not trivial. Challenges include:
- Shadow Admins: Accidental over-permissioning through group memberships or legacy policies
- Credential Sprawl: Untracked use of local admin accounts or embedded credentials in scripts
- Audit Gaps: Limited visibility into who accessed what, when, and why
- Cloud Drift: New IAM roles and policies created in cloud platforms without oversight
Modern PAM Approaches
Leading PAM solutions in 2019 (e.g., CyberArk, BeyondTrust, Thycotic) begin supporting hybrid environments with:
- Session recording and keystroke logging for both cloud and on-prem access
- Just-in-time (JIT) elevation tied to approval workflows
- Integration with cloud-native identity providers (e.g., Azure AD)
- Credential vaulting for apps and scripts
- Federated access controls across IaaS, PaaS, and SaaS platforms
Zero Trust and PAM
In 2019, zero trust principles start shaping PAM strategies:
- Never trust—always verify privileged users even inside the network
- Enforce MFA for all admin access attempts
- Limit admin privileges to specific tasks and time windows
- Audit all actions at the session level
Best Practices
- Conduct regular privilege audits across all environments
- Apply role-based access control (RBAC) and least privilege principles
- Rotate credentials frequently, especially for shared service accounts
- Use jump servers with strong authentication for high-value systems
- Eliminate local admin rights on workstations unless explicitly approved
Looking Forward
The hybrid nature of IT is not going away. PAM strategies must adapt to span containers, serverless functions, and identity federation across partners and clouds. Expect more vendor consolidation, native cloud PAM capabilities, and AI-enhanced anomaly detection in privilege sessions.