The Privileged Path Framework
Real-world Zero Trust for privileged access
This is not just about Privileged Access Workstations. This is about privileged access as a whole — controlled, isolated, and continuously validated. PAWs are a critical isolation control within a broader framework that most organisations are missing.
Why This Matters
Most organisations think they've secured admin access. They haven't.
Controls without isolation
Many organisations rely on PIM, MFA, and Conditional Access without a cohesive strategy. These are essential controls — but they don't prevent an admin from accessing Tier 0 systems from a compromised device.
Paper compliance, real risk
Admin access is often controlled on paper but not isolated in practice. Policies exist, but admins still work from shared devices, unmanaged endpoints, and flat networks.
Operational shortcuts
Privileged access failures often come from real-world shortcuts — break glass accounts that are never tested, admin exclusions in Conditional Access, and missing operational processes.
The missing layer
Controls are not enough. Isolation matters. Without dedicated admin environments, network segmentation, and boundary enforcement, even strong identity controls leave gaps.
The Privileged Path Framework
Five pillars for securing privileged access — from foundations to continuous validation.
Foundation
Identity, governance, and baseline hygiene
Control
Just-in-time access, approval workflows, and policy
Isolation
PAWs, tiering, network segmentation, and boundary enforcement
Operations
Secure admin processes, break glass, and operational discipline
Validation
Continuous monitoring, audit, and evidence-based assurance
Guides
Practical, opinionated guidance based on real implementation experience. Free to read.
Privileged Access Foundations
Before deploying PAWs or PIM, get the foundations right. This guide covers the baseline hygiene that underpins any privileged access strategy.
Read moreWhy PIM Is Not Enough
Privileged Identity Management is essential — but it is not a complete privileged access strategy. Here's what's missing.
Read moreZero Trust for Privileged Access
Zero Trust is widely discussed but rarely applied specifically to privileged access. This guide explains what it actually looks like in practice.
Read moreWhat Is a PAW
A practical introduction to Privileged Access Workstations — what they are, why they matter, and how they fit into a broader privileged access strategy.
Read moreBreak Glass Done Properly
Break glass accounts are your last line of defence. Most organisations get them wrong. Here's how to design, secure, and test them properly.
Read moreRegulatory Mapping
Privileged access guidance mapped to the frameworks and regulations that matter in your region.
United Kingdom
NCSC, ICO, FCA, and PRA expectations for privileged access controls.
Read moreEuropean Union
NIS2, GDPR, DORA, and ENISA recommendations mapped to the framework.
Read moreUnited States
NIST, CISA, CMMC, HIPAA, and SOX privileged access requirements.
Read moreGlobal Guidance
ISO 27001, CIS Controls, and international standards for privileged access.
Read moreDownloads
Checklists, templates, and practical resources to support your privileged access programme.
Privileged Access Checklist
A comprehensive checklist for assessing your organisation's privileged access posture across identity, access, isolation, operations, and validation.
Read more30-Day Privileged Access Reset
A structured 30-day plan to significantly improve your privileged access posture — practical steps, prioritised by impact.
Read morePAW Deployment Checklist
A step-by-step deployment checklist for Privileged Access Workstations — covering physical, virtual, Windows 365, and AVD approaches.
Read moreBreak Glass Review Template
A template for reviewing and validating your break glass account design, storage, monitoring, and testing procedures.
Read moreThe Privileged Path
The framework also feeds into a comprehensive book on securing privileged access in Microsoft environments.
Written by Andy Kemp, The Privileged Path provides the full depth of the framework — with step-by-step implementation guidance, configuration examples, decision frameworks, and regulatory mapping.
Free chapter previews are available now as guides on this site.
Work With Andy Kemp Consulting
Need help assessing, designing, or implementing a privileged access strategy? Andy Kemp Consulting provides hands-on advisory and implementation support for organisations serious about securing their most critical access.