Last updated date:

May 16, 2023

Subscribe to Our Newsletter

Keep up to date with Privileged Access Management (PAM) and other Cloud Identity topics.

Re-Imagining PAM: From Privileged Access Management to Privileged Action Management

“CIO Perspectives” is a whitepaper series by Mark Settle that explores the top-of-mind technical issues confronting today’s CIOs and IT leaders. Mark is a seven-time CIO, a three-time CIO 100 award winner, and a two-time book author. His most recent book is Truth from the Valley, A Practical Primer on IT Management for the Next Decade.

Conventional PAM solutions are based on the flawed premise that the management controls used to create, configure and administer IT resources can be neatly packaged in a limited number of privileged accounts and that access to these accounts can be restricted to a limited number of privileged users. In a modern enterprise employing hundreds of cloud-based applications, dozens of cloud-based data repositories and potentially thousands of ephemeral cloud computing instances almost everyone has access to some form of control over selected IT resources. In other words, almost everyone is a privileged user!

Privilege sprawl is rampant in most corporations. Attempts to limit the number of privileged actions available to end users or the number of privileged users themselves are futile. The two most effective means of battling privilege sprawl are stringent enforcement of end user authentication procedures and equally stringent enforcement of zero standing privilege principles.

Enterprises have been reluctant to employ step-up or continuous authentication procedures in the past due to concerns about disrupting or inconveniencing end users. A host of current technologies – including such things as biometric factors, TPM-hosted cryptographic keys and digital wallets – have created the ability to increase the diversity, frequency and unpredictability of identity verification events during an end user work session, frustrating the ability of even the most sophisticated hacker to impersonate an authorized user. 

Tools are also emerging that can be used to monitor privilege sprawl at multiple levels, from individual users to individual IT systems to individual functional departments to the entire enterprise. Sprawl management is a war that may be fought on an employee-by-employee basis but will never be won that way. Guidelines established on multiple technical and organizational levels can serve as early warning systems notifying management that privileges are being awarded too easily or revoked too slowly. 

This paper is a call to action for IT practitioners to stop thinking about curbing privilege sprawl by limiting access to IT resources and to start thinking about controlling the actions that users can perform after access has been obtained.

Read the full article.

Latest Articles

Feb 10, 2023

Procyon is the first solution on the market to offer infrastructure access without static credentials. TPM and biometrics remove the need for vulnerable static credentials to making your information...

Feb 10, 2023

Akash Agarwal, head of GTM at Procyon, discusses challenges with cloud infra access. The explosion of cloud services has driven the proliferation of privileged accounts and credentials to a state...


Privileged Access Management

Out of the box Multi-Cloud Privilege Access Management (PAM) solution for AWS, GCP and Azure.

Identity Analyzer

Visualize, detect, prioritize, and remediate identity risks.


Connect Procyon with the tools you already use and love.

Self-Service Portal

Minimize your organization’s attack surface and secure your sensitive data by limiting who gets access and when.

Passwordless Access

Scale faster and stop credential sprawl by eliminating shared accounts and static credentials that are challenging to track.


Visibility into every resource, every user, and the policies that define and govern access in today’s dynamic multi-cloud landscape.

Cloud Identity Governance

Protect your cloud infrastructure by automating risk analysis for all permissions granted to all resources across multi-cloud.

Kill Switch
Kill Switch

Terminate sessions immediately if suspicious activity is detected to stop any user, anywhere, anytime.

How it works

Secure, cloud-centric privilege acces management platform provisioning acces to user through a self service portal.



All Resources
Press Realeases
News & Articles