PAM is more important than any other aspect of Identity Management, because these are the accounts that perform the most critical operations in your services and applications.
Digging into recent breaches, you wonder how whole businesses are shut down by something as simple as accessing a legacy VPN, unless it was a privileged account with far more access entering via that VPN into critical service and application servers.
When you lack good PAM, one leaked password is all it takes to cripple a whole business.
PAM for Service and Admin Accounts
The way we secure those accounts that run our business and could cripple them at the same time are the literal strength or weakness of the entire system. Bulletproof firewall and network security mean nothing in the face of compromised credentials. Service and Administrative Accounts should be secured with PAM solutions that support password hashing and rotation at regular/irregular intervals. Wherever possible, Privileged Accounts and passwords should be secured with MFA and strictly audited when used for and apart from their intended purpose.
Think White Hat Spy software for your most important accounts. A strong PAM solution incorporates full integration with session monitoring upon a user retrieving details for and utilizing a Privileged account. PAM is an active control in prevent illegitimate use of Service and Administrative Accounts with high damage potential.
Password Vaulting and Rotation
No one, including sys admins, should know a privileged account password. When someone needs to use a privileged account, they should have to retrieve that password from a vault, that upon usage of that password for a defined period of time, resets automatically to a new random value, and updates services that use that account with the new credential pair due to a manual recovery of that account.
This prevents insider threat and compromised privileged accounts that do things like stop oil pipelines, power grids, and other critical industries and services that sustain our daily lives.