PAMaturity

PAM maturity level

Level 0 – It is the lowest level of maturity in PAM, where the risk in Security is maximum and the control over privileged credentials is null. In organizations that are at this level, the Information Security teams do not have visibility of the privileged credentials in the environment, and when there is some management, it is done manually. There is no segregation between ordinary and privileged users, and everyone normally has more privileges than necessary to perform their daily activities. Also, there is no removal of privileges when users leave the organization.

Level 1 – At this level, maturity is still low, but there is already some limitation of privileges, with the segregation between ordinary and privileged users. The level of control is minimal, with Information Security managers still using spreadsheets to manage passwords, and standard or low-complexity passwords are still used on some devices. The traceability of privileged actions remains low, with a high risk in Information Security.

Level 2 – Organizations that achieve this level of maturity already use a solution for storing credentials, or even a PAM solution, but without advanced monitoring features and greater control of privileged actions. Device passwords are already managed and rotated, even considering the high complexity of passwords. The level of risk for organizations is still average, as well as the maturity.

Level 3 – This is the highest level of maturity in PAM. Organizations at this level use a Privileged Access Management solution and all its features. Information Security leaders use frameworks to manage the entire life cycle of privileged credentials in the environment: from credential provisioning, access management, to the registration of privileged actions performed in the environment.