Today, companies are still struggling to keep their Active Directory privileged accounts in check. In most cases, a large number of privileged accounts are present, growing larger year after year. Often, these accounts are kept enabled permanently, sometimes with the same password indefinitely, to enable administrators to perform some key tasks.
It speaks for itself that these privileged accounts are an important entry point for malicious activities. A widely seen use case is that administrators use their overpowered accounts to access servers where their password hashes get stored. Through lateral movement, an attacker can quite easily get access to this hash, rendering the entire environment extremely vulnerable.
Reducing the amount of these overpowered accounts is the first step to redemption. Making sure that privileged accounts are only valid for a restricted period is the next. This is where Self Service PIM (SSPIM) comes into play.
SSPIM is an affordable and lightweight SaaS solution that lets companies in all shapes and sizes implement one of the most important key concepts of Privileged Identity Management: Just In Time access to resources, in a time-constrained manner, with hardly any involvement of internal IT personnel.
SSPIM consists of 3 main components: