We changed our name from IT Central Station: Here's why

What is the difference between PAM and PAS?


Can someone explain the difference between PAM and PAS?


ITCS user
33 Answers

author avatar
Top 5Real User

Hi Victoria,

Please find the difference between PAM and PAS (PIM)

We have two different directory environments:  Active Directory (AD) and Azure Active Directory (AAD). One being on-premises (AD) and one in the Cloud (AAD). 

PAM deals with elevated privileges on-premises with any system that uses Active Directory to control the access. PIM does the same sort of thing for access to roles in Azure AD.

Easy to remember if you think that ‘pAm’ is Active Directory and ‘pIm’ is the Internet.

PIM and PAM can be used to help address the following problems:

  • Pass the hash attacks.

  • Pass the ticket attacks.

  • Spear phishing.

  • Lateral movement attacks.

  • Privilege escalation.

So, PIM and PAM are related but live in two different realms. One provides access to AD resources and one to the Internet. Providing access to elevated privileges for the right users, when they need them. Both have their place, but they work independently to control privileged access to services.

I hope this gives a basic idea.


author avatar
Top 5LeaderboardReseller

PAM, PIM and PAS and acronyms are related to the same thing:

(PAM) solutions control and monitor access “privileged access” by these special users.

In an enterprise environment, “privileged access” is a term used to designate special access or abilities above and beyond that of a standard user. Privileged access allows organizations to secure their infrastructure and applications, run the business efficiently and maintain the confidentiality of sensitive data and critical infrastructure.

Privileged access can be associated with human users as well as non-human users such as applications and machine identities.

Organizations implement privileged access management (PAM) to protect against the threats posed by credential theft and privilege misuse. PAM refers to a comprehensive cybersecurity strategy – comprising people, processes and technology – to control, monitor, secure and audit all human and non-human privileged identities and activities across an enterprise IT environment.

PAM is grounded in the principle of least privilege, wherein users only receive the minimum levels of access required to perform their job functions. The principle of least privilege is widely considered to be a cybersecurity best practice and is a fundamental step in protecting privileged access to high-value data and assets.

(PAS) Privileged Access Security is a full life-cycle solution for managing the most privileged accounts and SSH Keys in the enterprise. It enables organizations to secure, provision, manage, control and monitor all activities associated with all types of privileged identities, such as:

-Administrator on a Windows server

-Root on a UNIX server

-Cisco Enable on a Cisco device

-Embedded passwords found in applications and scripts

(Privileged Threat Analytics ) is an important feature of PAS. Since privileged accounts are most often compromised as part of an attack, Privileged Threat Analytics (PTA) continuously monitors the use of privileged accounts that are managed in the PAS platform, as well as accounts that are not yet managed by PAM, and looks for indications of abuse or misuse of the platform. PTA also looks for attackers who compromise privileged accounts by running sophisticated attacks, such as Golden Ticket. This functionality enables the platform to provide proactive security

To mitigate the risk of a serious breach, enterprises need to adopt a security solution that specifically addresses their privileged access exposure. Privileged Access Security Solution provides the comprehensive protection, monitoring, detection, alerting, and reporting required to stay one step ahead of the attackers and safeguard organizations' most critical assets.

author avatar

Hi Victoria,

In short, PAM (Privileged Access Management) is but one of the technologies defined within PAS (Privileged Access Security). 

While a PAM solution protects your administrative and other sensitive accounts used by both humans and processes, PAS is the superset wrapping endpoint management, provisioning, monitoring, automation, workflow, auditing/reporting and governance into the mix.

-- Bruce

Find out what your peers are saying about CyberArk, One Identity, Thycotic and others in Privileged Access Management (PAM). Updated: January 2022.
563,780 professionals have used our research since 2012.