Privilege Account Management: a logical evolution of Provisioning
Martin Kuppinger of the analyst firm KUPPINGERCOLE wrote an interesting article on how the Siemens DirX Identity provisioning product added Privilege Account Management as a core component. See Is PAM (or PIM or PUM) moving into Provisioning?
To me this makes sense from both an infrastructure and resource perspective. It is pretty clear to most people that the infrastructure architecture required for provisioning is virtually identical to the architecture needed for Privilege Account Management. There are of course some minor differences, but for the most part you have the same moving parts.
My personal opinion is that in addition to Provisioning, Privilege Account Management should not be done separatly from delegation using IT Roles as doing so would fracture the delegation model into separate pieces. Sometimes, admin A would have permissions through a Privilege Account Managment solution and sometimes admin A would have permissions from the IT roles system; not a good situation. This would not only make auditing and compliance more difficult, operationally it would hamper the IT staff since two sets of connectors, workflows and interfaces would have to be maintained.
