The market for controlling administrative accounts is alternately called "Privileged Identity Management" (PIM) and "Privileged User Management" (PUM). While many in the security field use these terms interchangeably, the choice of term can color how we perceive the problem we're trying to address. I strongly advocate the use of the first term (PIM) for three primary reasons:

1. When you use the term "privileged user," you tend to think of people. There is not - or should not be - such a thing as a person who is a generically privileged user, which "PUM" seems to imply. There are individuals who need very specific access in order to perform a particular task on a specific system or application. "All-powerful" administrators should only exist in exceptional cases.

2. Using the term "privileged identity" makes it easier to think about identities as tools. They are the means by which certain users can gain the ability to perform certain tasks. This also enables us to think about these identities as a potential avenue for abuse by external "hackers," and defenses as not solely aimed at insider threats.

3. By positioning privileged identities as depersonalized tools, it becomes much easier to navigate a political environment to implement security controls. It's much easier to explain to administrators that you're securing a tool that they use, rather than implementing controls that target them personally. It may be a fine distinction, but often the message is seen as the reality. And, in fact, user activity reporting PIM tools can protect administrators in the event of a breach by being able to prove "who did what."

With all the benefits of administrative controls, from accountability to being able to enforce the principles of least privilege and segregation of duties, it's worth spending the time to craft your message. Talking about "privileged identities" is a good start.