Enhanced System Access Management (eSAM)

The Enhanced System Access Management (eSAM) aka Privileged Access Management (PAM) solution is comprised of a suite of cybersecurity strategies and technologies used to exert control over the privileged access and permissions for users, accounts, processes, and systems across the IT environment at UBC.

​Why we need it

Privileged accounts, and the access they provide, represent the largest security vulnerability at UBC.

• Privileged Access is everywhere
  • Privileged accounts can be found in every networked device, database, application, and server on-premises, in cloud and Industrial Control Systems (ICS) environments, and through the development (Dev) and operations (Ops) pipeline.
  • Privileged users have the “keys to the kingdom” and, in the case of a cyberattack or data breach, privileged credentials can be used to cause catastrophic damage to UBC.

• Privileged Accounts are powerful
  • Privileged accounts – human and machine – have all-powerful access to confidential data and systems.
  • Privileged accounts can grant overly broad access rights, far beyond what is needed for the user to perform their job function, which makes them dangerous if they’re not managed effectively.

• Privilege is anonymous, unmonitored and unreported
  • Privileged accounts have shared administrative access, making their users anonymous.
  • Privileged accounts go unmonitored and unreported and, therefore, unsecured.

• Privileged accounts are challenging to manage
  • Privileged access is pervasive throughout the organization and can be difficult to discover, secure and manage without the right tools.
  • Our eSAM solution allows us to locate privileged accounts, eliminate credential theft and collect audit information.

By dialing in the appropriate level of privileged access controls, eSAM will help UBC condense its attack surface and mitigate the damage arising from external attacks as well as from insider malfeasance and human error. ​

Who can use it

The target audience for this solution is any IT Service Owner or IT Administrator at UBC. A point to note is that eSAM is not to be confused with personal password solutions like LastPass or 1Password, and is not available to those who are not in technical roles.

How to onboard to eSAM

• Contact the Identity & Access Management (IAM) team to set up an initial discussion and ​demonstration.
• Review prerequisite documentation to understand the steps you and/or your team members may need to take before using the tool.
• Gather the information required as stated in the prerequisite documentation and fill out the eSAM intake form with support from IAM​.
  • Access to the Privileged community can be requested using this application form. All applicants must have an established IT, security, privacy, or risk management relationship within UBC. Applicants are reviewed and approved by the CISO with the advice of the UBC Cybersecurity leadership team.
• Once the IAM team has received your completed information, they will begin building out the platform for your team.
• Upon completion of platform creation, IAM will provide you with a client integration guide that details step-by-step instructions for how to begin your integrations.
• IAM will contact you to provide support and self-integration instructions.