Back to Blog

Move aside Nintendo, PAM is here.

Its proven that what may appear as complex can easily be simplified when looked at as a game. Don’t believe me? Ask that 7-year-old who learned multiplication table the fun way.

Can Privileged access management be looked at as a game? Let’s break a game down and see what its made of.

A game is nothing but a structured form of play. A game has various components like a goal, challenges, tools or enablers, skills required to ace it and of course competition. If we establish that PAM has these components, then we can conclude with certainty that it can be looked at as a game.


Goals can be on two types, long term and short term. A typical game would have both and so does PAM.

Long term goals

  • Secure your organization from cyber attacks by securing all the systems within the network
  • To be compliant to the norms of regulators and scaling up sustainably without additional costs.

Short term goals

  • Rotating password
  • Password encryption
  • Increase automation
  • Reducing human dependency


Challenges in any game, are very important components. It’s true that they do keep you from going to the next level, but once you figure out how to beat these challenges then nothing stops you from moving ahead. If it’s Roadrash that you’re playing, then the cops that start to tail you become the challenge that you have to deal with. Even PAM has some challenges that will require us to bring in our A game. User awareness becomes the key challenge. It is essential that the user knows about the devices that he/she has access to and also about the PAM solution. Poor hardware on devices also becomes a challenge at times. Attaining the level of customization expected and defining user groups correctly are some challenges that PAM companies are still struggling with. Although developing empathy towards the client and understanding the what and why of his business can effectively dodge these challenges.


Dangerous dave had a jet pack, NFS requires you to collect NOS so that your car can zoom past others and get ahead in the race. PAM has some tools as well that enable you to get ahead in the race. Reporting forms an essential part of the tool kit. Easy to understand dashboards let you have a birds-eye view of everything that goes on within your network. Risk analyzer pushes you to be ahead on the curve by warning you about anomalies on basis of risk scores allotted to every activity.

Automated asset and account discovery is also a tool that can exponentially ease PAM functioning. Remote access and activity trail being others.


In the case of PAM, defining competition can be tricky. It’s a long list if we go around looking. Competition can be classified as internal and external.

Internal competition

  • An employee gone rogue

External competition

  • A hacker sitting in a distant country.

Ignorance towards cyber risk and internal resistance to transform and adapt better methods become competition too because when they win, you lose.



Last but not least, developing the required skill because very important to win any game. In case of a computer game, it’s mostly hand and eye coordination. When it comes to PAM, Its majorly about taking users from the low level of awareness to high.

We could imagine the user awareness scale to range from 0 to 10 with three levels in it. 0-4 becomes level 1, 4-8 becomes level 2 and 8-10 becomes level 3.

Level 1

  • Understanding PAM superficially without getting into the technicalities.

Level 2

  • Understanding how PAM functions and the scope of it. It’s a stage where the user understands which business problem PAM solves.

Level 3

  • Building a strong feedback loop with the users and customizing the PAM solution by keeping the user at the center. This loop requires users to participate actively resulting in the PAM solution to mature well.


Just like a game that we play in teams, PAM requires high coordination among players/stakeholders.

Now that we’ve established PAM can be looked at as a game, we have strong reasons to not do so. Unlike a game, PAM does not run in a simulated environment. Threats in PAM are not fictitious like in a game. It can be argued that games are unproductive in nature but PAM solutions unlike that has a very high ROI if we consider what’s at stake and are highly recommended by experts.

You deserve this star if you think you understand PAM better now, just like the kid who now knows his multiplication. Thanks to games!


Rohit Soman

This author has not yet filled in any details.
So far Rohit Soman has created 27 blog entries.
Follow on