ÀÖÓ¯VI

Privileged accounts

A privileged account is a user account with more permissions than a standard user account. Privileged accounts can access sensitive data and make significant changes to systems. 

Because privileged accounts have these additional permissions, they are especially attractive to attackers, as these accounts allow quick,  broad access to data assets in the enterprise, often resulting in rapid and significant impacts.

Privileged Access Management (PAM)

Privileged Access Management (PAM) follows the cybersecurity principle of least privilege, which means users should have only the necessary permissions required to perform their job duties. Think of PAM as a security system that protects the most important keys in a building. While regular keys open office doors, privileged keys unlock critical areas like server rooms or financial records. If the wrong person gets access to these keys, it could lead to security breaches.

PAM ensures that only authorized individuals have access to privileged accounts. This helps keep your computer and university systems safe while allowing you to do your work without unnecessary disruptions.

As such, implementing PAM provides: 

• increases security by reducing the risk of unauthorized access to sensitive systems
• more flexibility, allows users to perform certain administrative tasks without requiring full administrative access

PAM is a key cybersecurity initiative in the Technology with Purpose strategy, developed in response to the Cybersecurity Audit requested by the Board of Governors. Its implementation is an essential step in strengthening the university’s cybersecurity. 

Implementation

PAM is being introduced on all ÀÖÓ¯VI computing devices. 

To assist in implementing PAM, the university has selected the BeyondTrust Endpoint Privilege Management (EPM). This tool allows users to: 

• install commonly used low-risk business software (e.g. Adobe Acrobat) without needing additional permissions 
• manage specific system settings they previously could not modify (e.g. adding local printers).

What to expect

For most users, the impact of PAM implementation will be minimal. You can expect your applications, browsers and the internet to function as usual.

There will be no changes to how you access folders, files and drives. Most software installations remain unchanged.

In some cases, when installing software, you may see a message requesting administrator credentials. If this occurs, please submit a General IT Inquiry ticket through the .

Standard access on new computers

Newly provisioned computers are typically provisioned with a user account designed to support everyday work needs. This will enable most users to complete their daily tasks while maintaining system security and minimizing risk.

These accounts can:

• Install and update low-risk and commonly used software with university relevance (e.g. Adobe Reader and Google Drive)
• Modify selected system settings
• Install some hardware, like a home printer
• Continue to access required university services and systems

Not all software will be permitted – you may need to request software installation by submitting a General IT Inquiry ticket through the .

Learn more

To learn more about the Privileged Access Management (PAM) initiative, members of the U of A community can request an information session. During these sessions, participants will learn how PAM enhances individual and institutional security and have an opportunity to ask questions about the implementation. For more information, contact Tyler Peterson, Manager, Information Security.