DEV Community

🦄N B🛡 for DigitalOnUs

Posted on • Edited on

IAM vs PIM vs PAM vs HashiCorp Vault vs Skub in 20 seconds

This image has nothing to do with PIM vs PAM, but it's funny, I guess. And dammit my blog post needs an image!

Here's the answer in 10 seconds of video (2:03 to 2:13): https://youtu.be/cVYSc2d6Gco?t=123

But, because that's not long enough for a "real" blog post, I'll ramble on a bit more.

The big difference is machine identity vs human identity. And Dynamic Secrets Management vs Password/Privileged Access Management.

In a couple of sales conversations I've come across this question:

"What's the difference between Vault Enterprise and Traditional Privilege Access Management?"

Those of us who call ourselves Vault Nerds should all have a quick answer to this, because it's a high level question involving addressable markets for Services companies, and HashiCorp's product placement.

And here's a 5 minute talk by the HashiCorp founders about the difference between Identity and Access Management (IAM) and Privileged Access Management (PAM): https://youtu.be/x4Wf2W3Wl4w?t=117

Again, that link will jump you to the most important 10 seconds of video.

Anyway, now that I've told you where they're different, where's the overlap?

Why isn't there one tool or platform capable of handling both?

Well, perhaps changing direction from the clear distinctions set by Armon, HashiCorp Vault has feature-creeped further into the PIM game: https://www.vaultproject.io/use-cases/identity-based-access/

HashiCorp Vault's still not directly competing with the likes of Thycotic, CyberArk, or CA PAM.

And I wrote up an example of where a platform for "brokering" machine identities can also cover one PAM use case, namely SSH access to a sensitive machine: https://dev.to/digitalonus/vault-pim-2bp6

Top comments (0)