Security and risk management (SRM) leaders need to balance expedient operational privileged access to authorized users with security, operational, and business risks created by the inherent power of administrative privileges. The distributed and heterogeneous nature of privileged accounts makes them difficult to be managed, often leading to an unrestricted, widespread, and poorly monitored use of privileged access across an organization’s IT infrastructure. This research report outlines best-practice approaches to enable an agile operational environment for secure and accountable privileged access in order to achieve regulatory compliance, mitigate insider threats and prevent breaches.