Securing PAM Admins : protecting the new keys to the kingdom

Abstract

Privileged Access Management (PAM) protects organizations against cyber threats targeting privileged accounts. Administrative access to these solutions is a significant security risk. To address this risk, an entry point approach was developed to secure PAM administrator access using Privileged Access Workstations (PAWs) and hardware security keys. The objective of this thesis was to design and implement a secure and practical workflow that enforces strict authentication and authorization controls without compromising operational efficiency. A qualitative research method was employed to assess implementation requirements, identify security controls, and evaluate deployment models. The work-flow was implemented using PAWs for isolated administrative access, security keys for phishing resistant authentication, and Group Policy Objects (GPOs) to enforce security settings. Additionally, IP restrictions and IPsec enforcement was implemented to secure access to the PAWs and to the PAM solution. The implementation demonstrated improved security for PAM administrators by mitigating credential-based attacks. The measures significantly enhanced the resilience of privileged access ad-ministration against phishing and insider threats while maintaining usability for administrative tasks. It was concluded that securing PAM administrator access is a critical step in strengthening an organization’s cybersecurity posture. The proposed workflow provides a foundational framework that can be adapted and enhanced to meet the organization’s needs, ensuring secure and efficient administrative access management.