Talking Identity: A Simpler Way to Control Privileged Access (Part III)

Added: 2026-05-14

[00:00:04]Hello everyone. I'm Hector from Assertive and welcome to the third installment of our video series privileged access without the pain. In our last video, we look at how traditional PAMP tools work. We also had a look at the complexity in of rolling out these type of tools. So, let's take a step back and ask a different question. What if you didn't start with a credential at all? What if you control how identities are used instead?

[00:00:37]Interested? Join me for the conversation.

[00:00:42]So, most modern attacks today don't break into a vault. They don't really need to. Attackers really use compromised user accounts, token theft, lateral movement, privilege escalations.

[00:00:56]In other words, they abuse identity and authentication. So if that's where the attacks happens, doesn't it make sense that that's where the controls need to happen? Instead of focusing on stoing and rotating credentials, this model focuses on three things. One, govern privilege identities. Who can get admin access? How is requested? How long does it last? No more standing privileges sitting around. Number two, control authentication. This is the critical piece here. You enforce MFA conditional access where login can happen and what devices can be used. So even if an account exist, it can be used it cannot be used freely. And number three, restricting the operating environment.

[00:01:48]Administrative actions only happen from approved devices, hardened controls, hardened workstations, control environments. So you're not just controlling who, you are controlling how and when privilege access is used.

[00:02:06]Now if you put those three things together, what do you get? Understanding privilege, control elevation when needed, restricted authentication paths, reduce credential exposure, visibility of privilege activity. If this all sounds familiar, it's because it's exactly what essential aid is trying to achieve.

[00:02:29]So this is the shift. Traditional PAM says protect credentials then control the session. This model says control the identity and the authentication and you reduce the risk before the session even starts. You are not waiting until access happens. You're controlling it at the entry point.

[00:02:50]Now we are not saying never use spam.

[00:02:54]We're not saying that. There is a still still cases where you know credential vaulting makes sense. Session recording is required. Share accounts need type controls. But instead of starting there, you start with identity and authentication as your control plane and add those capabilities where they are actually needed.

[00:03:16]So you've got two models, one that controls credentials and sessions and one that controls identity and authentication. In the final video, we are going to put these models side by side and look at how to choose the right approach for your environment. If you're trying to meet essential aid without over complicating things, without overengineering, this model is worth understanding. Thank you so much for your time and we look forward to seeing you in our next installment.