IT Glossary

Privileged Access Management (PAM)

Privileged Access Management (PAM) secures and monitors high-level access to critical systems. Learn how PAM works, PAM vs IGA, and why it matters.

July 3, 2026

What is Privileged Access Management (PAM)?

Privileged Access Management (PAM) is a set of cybersecurity strategies and technologies for controlling, monitoring, and securing elevated access to an organization's critical systems and data. It protects "privileged" accounts (administrators, root, and service accounts) that carry powerful permissions, using controls such as credential vaulting, session monitoring, and just-in-time elevation to limit how and when that power is used.

How PAM works

  • Identifies and inventories all privileged accounts across the estate.
  • Stores privileged credentials in a secure vault rather than with individuals.
  • Grants elevated access just in time and for a limited window.
  • Monitors and records privileged sessions for accountability.
  • Enforces the principle of least privilege on high-risk access.

PAM vs IGA

PAM and IGA target different problems. PAM targets privileged and admin accounts, using vaulting, session recording, and JIT elevation to reduce the misuse of powerful credentials. IGA targets all user access, using reviews, certification, and SoD to reduce inappropriate or excessive access.

Examples and use cases

A cloud infrastructure team holds admin rights to production AWS. With PAM, those credentials live in a vault, engineers request time-boxed elevation when needed, and every session is logged. If credentials leak, there is nothing static to steal. For mid-market teams without a heavy enterprise PAM suite, applying PAM principles (least standing privilege, JIT elevation, monitoring) to the SaaS layer is the practical first step.

Related concepts

FAQ

What counts as a privileged account?

Any account with elevated permissions: system administrators, root, database admins, and service or machine accounts that can change critical configurations.

What is the difference between PAM and IAM?

IAM governs access for all identities. PAM is a focused discipline that secures and monitors the small set of high-privilege accounts that carry the most risk.

Does a mid-market company need full PAM?

Often the principles matter more than the suite. Least standing privilege, just-in-time elevation, and session visibility deliver most of the value at the SaaS layer.

Corma helps security teams limit standing privilege and govern access across SaaS. Explore Corma for security teams or request a demo.