Privileged Access Management, PAM Privileged Access Management Solutions (Global Market)

2024: New PAM application scenarios and focus on user experience

Gartner Privilege management became mainstream in 2024, analysts say, and has evolved from a niche PAM product into a large class of privilege management tools that addresses a wide range of challenges and IT INFORMATION SECURITY and encompasses different types of privileged users, sensitive systems, privileged accounts. This year, Gartner analysts, based on the tasks being solved, distinguish five categories of PAM tools: Privileged Account and Session Management (PASM); Privilege Elevation and Delegation Management (PEDM) secret management; Cloud Infrastructure Rights Management (CIEM) and a new category, Remote Privileged Access Management (RPAM).

In addition, Gartner identified a new subclass of tools - Just in Time Privilege (JITP) - which, under certain conditions, can be considered an alternative to PAM systems.

A brief review of the analytical report Gartner Magic Quadrant for Privileged Access Management 2024 specifically for TAdviser was prepared by Web Control.

Market Definition/Description

As last year, Gartner defines PAM systems as tools that provide increased technological access by managing and protecting the accounts, credentials, and commands that are used to administer systems and applications. PAM tools manage privileged access for both people and machines. Privileged access poses a greater threat to companies by allowing users to manage and even disable existing access controls, change security settings, or make changes that affect multiple users or systems at once, and modify and delete company data. Thus, privileged access management is a critical security feature for each organization, which requires specialized tools - privileged access management systems (PAM).

PAM systems are able to detect interactive and non-interactive privileged accounts and ensure their security by storing them in secure storage and rotating secrets. They also help organize multifactor authentication and create trusted remote access for employees and providers. Such tools substitute credentials when establishing a session, which allows privileged records to be used without exposing them to users. Often, PAM systems provide command control and can temporarily elevate user privileges to execute commands in a privileged context. Another important function of PAM tools is the visibility and control of the use of privileged accounts and commands, as well as the fixation of actions of privileged users for subsequent audit. The controls provided by PAM tools can implement just in time privilege management to enforce the principle of least privilege.

As last year, Gartner analysts include the following as mandatory PAM capabilities:

• centralized management and organization of privileged access by controlling either access to privileged accounts and credentials, or execution of privileged commands (or both);
• Manage and grant privileged access to authorized users (e.g., system administrators, operators, and support personnel) on a temporary basis.

In addition to them, in the report of this year, among the mandatory functionality, the storage and management of credentials for privileged accounts appeared.

In addition to the above, traditional PAMs are able to detect privileged accounts in cloud infrastructures, elevate privileges to execute commands on various operating systems, and provide audits to determine who used privileged access when and where. Most vendors from the Gartner quadrant also provide application and service secret management and cloud infrastructure rights management.

Who entered the magic quadrant 2024

This year's magic quadrant is virtually the same as last year, suggesting that the PAM market has formed. Networrix moved from visionaries to niche players, and Saviynt and HashiCorp dropped out of the quadrant as not meeting the now economic and technical criteria, respectively.

Decisions that fall into the quadrant must meet strict requirements that are reviewed as the market changes. This year, all vendors must provide centralized management and privileged access, management and privileged access on a temporary basis, highly available secure credential storage, and credential management.

In addition to functional requirements, experts when selecting for the magic quadrant 2024 took into account the presence of a user interface for checking privileged credentials and requesting access. This is a sign of the maturity of the market, when, in addition to functionality, the convenience of its use becomes significant. This is especially important for IT personnel, who are the main user of PAM systems, hence the requirement for a user interface to request access.

In addition, as last year, tools must support role access, have complete documentation, and meet sales geography requirements.

In each report, experts list vendors who are not included in the current quadrant, but who should take a closer look at. This year they included Bravura Security, Fortinet, HashiCorp, Keeper Security, Microsoft, Okta, Saviynt, senhasegura, StrongDM, Teleport. HashiCorp, for example, is well known for its secret management and password storage solution. At Microsoft, StrongDM and Okta, experts praised the possibility of just in time privilege escalation during an access session. Analysts call the Teleport Access Platform an alternative to PAM for cloud and multi-cloud infrastructures. It provides strictly identity-based access by creating a virtual network of privileged access for accounts accessing SSH, Kubernetes, web applications, databases, Windows desktops, and cloud consoles.

Categories of PAM tools

In last year's report, Gartner added Cloud Infrastructure Rights Management (CIEM) to three categories - session management, privilege elevation management, and secret management. This year, another category appeared - Remote Privileged Access Management (RPAM).

Managing Privileged Accounts and Sessions (PASM)

Solutions in this category are aimed at protecting accounts. Accounts are stored in the repository, secrets change according to the specified rules. When establishing a privileged access session, passwords are substituted, user actions are recorded. PASM solutions can also manage machine-to-machine communication (AAPM) passwords and/or provide zero-install-privileged access that does not require a VPN.

Privilege Elevation and Delegation Management (PEDM)

These are agent solutions, typically that provide command control on the host, application control, and/or privilege elevation, allowing certain commands to run at higher privilege levels. This category does not include tools that control commands through protocol filtering. PEDM solutions can also provide file integrity monitoring functions.

Secret Management

Solutions of this category are aimed at managing passwords, OAuth tokens, SSH keys, machine-to-machine communication secrets, which are managed through the API and SDK. Trust is established to exchange secrets and manage authorization between machines, containers, applications, processes, scripts, processes and DevOps. Such solutions are often used in dynamic and agile environments such as IaaS, PaaS, and container management platforms.

Cloud Infrastructure Rights Management (CIEM)

CIEM solutions help reduce the risks associated with access rights to virtual infrastructure (IaaS). CIEM solutions typically use analytics, machine learning ( ML), and other methods to detect anomalies in account rights, such as privilege accumulation, and inactive and unnecessary rights. CIEM allows you to grant the smallest privileges in cloud infrastructures.

Remote Privileged Access Management (RPAM)

RPAM tools provide access for remote privileged users. They help organize access sessions, substitute credentials, and provide strict authentication, which reduces many of the risks associated with these users using unmanaged devices. These solutions provide session control, monitoring, and recording, eliminate the need for VPNs, and provide more secure access to critical systems. RPAMs are compatible with zero trust architectures because they lack trust in corporate networks and default endpoints. Most RPAM tools offer multifactor authentication (MFA) functions.

A new subclass of Just in Time Privilege (JITP) tools

In this year's report, Gartner notes the rise in popularity of a new subclass of PAM-class tools - Just in Time Privilege (JITP). According to analysts, the reason for the growth lies in the desire of companies to reduce the risks associated with privileged access. JITP tools are simpler and easier to use, while solving the problems of visibility and ordering privileged access.

These tools belong to a wide class of PAM solutions, but have a number of differences. First, they are agent, interaction with them occurs automatically. They do not require the launch of the PAM system interface, it is enough to start a privileged RDP, HTML or SSH session (along with MFA authentication), and the tool will take care of elevating privileges and fixing actions in accordance with company policy. Secondly, such tools are aimed at developers, engineers, internal IT specialists. Traditional PAM systems require integration with any device or software that requires controlled privileged access. JITP tools do not require integration with all devices due to a more limited number of users, which significantly reduces the time of implementation and development.

Tools in this class do not have a repository of credentials and their rotation, because they are based on the principle of zero permanent privileges, but they perform their tasks efficiently. Gartner experts do not recommend using only JITP tools to reduce the risk of PAM, since it is not always possible to get rid of permanent privileged accounts (local administrator or root), the management of which requires traditional PAM capabilities, such as storage and rotation of credentials. Gartner cites Apono, Okta, SSH.com, StrongDM and Teleport as an example of JITP solutions.

Enterprise Password Management (WPM) and PAM

Many PAM vendors, BeyondTrust and CyberArk, for example, have begun to offer their customers built-in modules of corporate password managers that allow you to securely store passwords of ordinary users. They differ from user managers in greater security and the presence of functionality that is focused on corporations (audit, reporting, etc.).

Gartner analysts in this year's report emphasize that such tools are designed to protect passwords, not privileges. They simplify the process of authorization in applications for all employees of the company by creating, storing and extracting passwords, and also provide control and visibility of the use of passwords in the organization.

However, they are not suitable for managing privileges because they do not cope with the following tasks:

• they do not provide the ability to detect, display and report privileged accounts in various systems, applications and devices;
• They cannot manage service account credentials, such as non-interactive accounts used to run services, applications, and scripts.
• they do not provide JIT privilege escalation capabilities and generally do not manage privileged rights;
• they do not automatically create a privileged session using protocols such as SSH, RDP or HTTPS without revealing credentials to the user;
• they do not capture user actions and cannot manage access sessions;
• they cannot transfer credentials to software, which means that their use does not allow to exclude access to credentials in clear text in configuration files or scripts;
• they lack analytics and reporting on privileged accounts and their use (for example, detection of unauthorized use of privileged accounts or reporting on unusual activities).

Trends and forecasts

Gartner estimates that the PAM market will generate $2.37 billion in revenue in 2024, a 10% increase from 2023 and will continue to grow. The growth of the market is stimulated by high-profile information leaks related to the compromise of privileged credentials, abuse of privileges, as well as the understanding of the information security leaders of the critical need for PAM. In addition, regulatory requirements, accelerated cloud migration, DevOps automation, enterprise security perimeter erosion, and an overall increase in cyber attacks are contributing to the growth of PAM adoption . In addition, 15 to 25% of Gartner customers who consider PAM tools for acquisition for the first time claim to do so because their cybersecurity insurers require such tools to be deployed.

The need to control the remote access of vendors and external IT staff also increases interest in PAM. Providing privileged remote access with PAM tools (rather than clean, uncontrolled remote access tools) is recommended best practice to meet regulatory requirements and mitigate security risks. There is a growing interest in secret management, which attracts additional buyers to PAM (for use in software development and with cloud services). Small and medium-sized enterprises (SMBs) face the same challenges as large and medium-sized enterprises, albeit on a smaller scale, and are becoming increasingly aware of the importance of implementing PAM, so suppliers are beginning to pay more attention to small and medium-sized companies. In this regard, Gartner notes the growth of cloud PAM solutions.

Many early adopters of PAM - large enterprises - go beyond basic use cases, such as controlling administrators' actions or managing privileged accounts. In response, providers develop functionality such as secret management, just in time access, privilege threat detection and audit of privileged actions, as well as privilege management in multi-cloud environments. Gartner emphasizes that more suppliers are offering the SaaS option. Many customers need privileged access protection in private and public cloud infrastructure, and all vendors represented in the quadrant offer secret management tools for developers to varying degrees.

Conclusions

The Gartner report shows that with the formation of the market, the competition of vendors has shifted from the functionality of the solution to the convenience of its use by IT personnel. The new subclass of JITP products creates an alternative in favor of an easier solution for a certain market segment where full-fledged PAM functionality is not required, but it cannot act as a full-fledged replacement for PAM systems.

The main point of the report is that privileged access management has become a recognized trend in the market with the advent of new use cases and today is implemented both in the form of traditional PAM and easier-to-use JITP solutions. There is a possibility that PAM skeptics who have not yet implemented PAM may approach the privilege management problem through JITP. In our opinion, in the coming years, the PAM market will undergo significant changes towards democratizing solutions and expanding its use in new areas of IT (DevOps, AI, big data, IoT).

2023: Key development trends for PAM class solutions. Gartner Magic Quadrant for Privileged Access Management Review

Privileged Access Management (PAM) is a major countermeasure tool to the attacks through a chain of providers that ranked in the top 4 penetration vectors in 2023 by. to data NCCCI An expert description of PAM solutions, functionality, forecasts and trends can be found in the Gartner Magic Quadrant report for Privileged Access Management 2023, published in September 2023. The report provides an understanding of the direction of development of privileged access management solutions required by all market participants - IT security. A summary of the 30-page report was prepared specifically for TAdviser Veb Control.

Gartner claims that PAM systems have become widespread information security tools, but when they are implemented, companies experience difficulties when they go beyond the basic functionality, the volume of these difficulties depends on the vendor. It depends on the vendor and how support for account discovery and machine identification management, as well as pricing and licensing conditions are implemented.

Among the new trends of this year are support for the principles of zero trust and zero standing privilege for almost all vendors included in the quadrant. The trend continues last year to support access control to cloud resources. For the past two years, cybersecurity risk insurers have increasingly required companies to implement PAM with multifactor authentication.

Market Definition and Description

By definition, Gartner Privileged Access Management Systems (PAMs) are tools for managing and protecting accounts, credentials, and commands that provide increased technical access, i.e. access to administer or configure systems and applications. Such systems can be supplied as a software service or a device. PAM tools control the privileged access of people (system administrators and others) and machines (systems or applications). As last year, Gartner identifies four categories of PAM tools: Privileged Account and Session Management (PASM), Privilege Elevation and Delegation Management (PEDM), Secret Management, and Cloud Infrastructure Rights Management (CIEM). The latter category first appeared in a report last year.

Privileged access exceeds the level of access granted to ordinary business users. Business users can have access to confidential information: know-how, financial documents, personal data, but their activities and their rights are controlled and limited by various instruments. Privileged access allows an administrator to bypass existing access controls, change security configurations, or make changes that affect multiple users or systems. Privileged access allows you to create, modify, and delete elements of your IT infrastructure, as well as the company data contained in that infrastructure, so it can carry a huge risk. Thus, privileged access control is one of the most important security features for any company. Conventional user access controls cannot effectively manage privileged access, so special procedures and tools are required.

Gartner identifies 2 large groups of PAM tools: tools specializing in working with privileged accounts, and tools for monitoring the execution of privileged commands.

Tools focused on working with privileged accounts help companies discover privileged accounts used by people and machines. These tools protect accounts by rotating and storing their credentials (for example, passwords, keys), as well as delegating access to them. Speaking of interactive accounts used by people, PAM tools are added to legacy systems that do not have multifactor authentication, strong authentication functionality and remote zero-trust access through session management mechanisms, which allows privileged accounts to be used without revealing their credentials.

Speaking of non-interactive accounts used by machines, PAM tools protect the interaction with privileged credentials in order to prevent their disclosure in an unused state. This often requires cooperation with applications and code (and changes to them). Typical examples of machine accounts are service and automation accounts used in DevOps and modern cloud development.

The second category of PAM tools provides control over the execution of commands, allowing only certain actions, and can temporarily elevate user privileges to execute commands in a privileged context. All PAM tools provide visibility and control over the use of privileged accounts and commands by tracking and registering privileged access for auditing. This can include a detailed recording of sessions to understand not only who used the privileged account and when, but also to perform what actions.

The combination of technical controls provided by PAM tools allows you to implement just in time privilege management to implement the principle of least privilege: users must have only the minimum level of privilege exclusively for the time required to complete a specific task. This is one of the significant differences between PAM and other access control systems.

Traditionally, in its reports, Gartner designates the functionality of the solution, this allows manufacturers "not to break away from the market," but buyers to navigate the market.

Gartner calls the following mandatory features:

• provision of centralized management and implementation of privileged access through control of access to privileged accounts and credentials or control of execution of privileged commands (or both);
• Manage and mediate privileged access to authorized users (e.g., system administrators, operators, support personnel, etc.) on a temporary basis.

All PAMs traditionally include: · credential store and privileged account management · managed privilege escalation using agents for commands executed in/or operating systems Windows; UNIXLinux macOS · discovery of privileged accounts across systems, applications, and cloud infrastructures; · management, monitoring, recording, and remote access to privileged sessions; · providing an audit capability to determine who used privileged access when and where.

Compared to last year's report, privilege elevation management and audit capabilities were added to the traditional functionality.

Gartner notes that currently a number of PAM vendors provide additional functionality, which, in our opinion, should be paid attention to when choosing: · secret management for applications and services; · privileged account lifecycle management and remote privileged access for providers, service providers, and other external users who require technical access; · just in time privilege management, which reduces the time and amount of privileges granted to the user to the minimum possible; · Cloud Infrastructure Rights Management (CIEM) and discovery.

Who entered the 2023 magic quadrant

To get into the magic quadrant, companies must meet certain criteria. The solution should support at least three of the following five features: credential storage, automatic start of a remote access session over SSH, RDP or HTTPS protocols without disclosing credentials to the user, secret management, agent-based managed privilege escalation for Windows, UNIX/Linux or macOS, and privilege management in the cloud infrastructure. In addition, the PAM product must implement a role-based access model, the functionality must be documented, the solution must be sold in several regions, used in various industries, positioned as PAM and meet Gartner sales and/or customer requirements. In the report, Gartner notes vendors who are not included in the quadrant, but who should take a closer look for various reasons. For example, in last year's report, HashiCorp, this year's niche player, was among these vendors. This year, experts recommend paying attention to Apono, Fudo Security, StrongDM and Teleport, among others.

Apono offers a service that provides just-in-time management of privileged access to cloud resources for developers and administrators. The StrongDM cloud solution is also focused on establishing privileged access sessions based on the just in time approach. Teleport has moved away from classic PAM and provides identity-based access when working with SSH, Kubernetes, web applications and databases. Fudo Security offers AI-based behavioral analytics that use mouse motion analysis, keyboard text, and commands to detect threats.

Trends and forecasts

Insurer Requirements: New PAM Implementation Driver

Traditional PAM drivers in foreign markets are access security, corporate and regulatory compliance. The last two years have been added to them: insurance cyber security insurers are increasingly demanding that companies implement PAM with multifactor authentication for administrative access in order to reduce the risk of leaks and. malware

Using PAM for Remote and Cloud Access

According to the NCCCA, 2023 in Russia is marked by numerous attacks through the supplier chain: "contractors and systems that are interfaced with the target infrastructure" are included in the TOP-4 of penetration vectors.

Companies often engage contractors to administer servers, databases, and other systems. Traditionally, VPN is used to organize remote access for external technicians, but this carries certain risks due to the lack of strict authentication, accounting and management of privileged accounts. Gartner speaks of growing interest in PAM tools for managing remote privileged access. Many PAM vendors already offer solutions for controlling remote access, and their functionality, according to Gartner, is similar to the means of controlling network access based on zero trust. Other manufacturers, according to analysts, are currently working on expanding their functionality in this direction. These solutions go beyond simple SSH and RDP access, allowing tools on a remote workstation to function in a client environment.

In addition, the market is growing in the number of tools focused on managing the remote privileged access of developers and engineers to the cloud infrastructure, in particular to support DevOps. Gartner includes HashiCorp, Apono, Teleport and StrongDM among such tools.

Endpoint PAM

Analysts expect a growing need for PAM for endpoints. We noticed that quadrant leaders have already included privilege control on endpoints in their portfolio of solutions. Sometimes this functionality is implemented by solutions of the adjacent market - EPP and UEM. They could potentially be a replacement (or alternative) to buying PEDM from PAM providers to manage privileges on endpoints.

Application of safety model based on risk assessment or minimal efficacy to PAM

PAM is a complex system, and not only because of the many disparate use cases and different types of privileges. PAM creates difficulties for users because it changes the way they access systems. The best way to mitigate this impact and balance costs, operational impact and safety is to apply a risk-based approach to PAM.

For example, if a significant part of intellectual property is stored on, and servers Linux costs and efforts are mainly directed at, servers Windows then this indicates an imbalance in the approach to PAM. If regulated data such as personal or health information are most at risk, and the highest costs and efforts are directed to technical support, it may also suggest an unbalanced approach to PAM.

In order to apply a risk-based approach to PAM, it is first necessary to conduct an in-depth study of accounts in all cases of PAM use, for all types of users (human and machine) and for all environments (local, IaaS and SaaS). After identifying and classifying PAM use cases, you need to determine the access risk - from the highest risk to the lowest. Then you should build a PAM practice aimed at solving those problems that pose the greatest risk to the business. It should be understood that sometimes a risk reduction of 80% -90% is normal, especially if to achieve the last 10% -20% it is necessary to spend twice as much money as has already been spent, but the result will not correspond to these costs.

Password managers vs PAM

According to Gartner, password managers are not suitable for managing the credentials of privileged accounts due to the lack of the necessary functionality:

• tracking privileged accounts across different systems, applications, and devices,
• Manage service account credentials
• establishing privileged access sessions over SSH, RDP or HTTPS protocols without revealing credentials to the user,
• recording and viewing privileged access sessions, managing and suspending live sessions,
• transfer of credentials to other software, which allows to eliminate credentials in clear text in configuration files or scripts,
• analytics and reporting on privileged accounts and their use (for example, detecting unauthorized use of privileged credentials or reporting unusual actions).

Reasons for the growth of the PAM market

According to Gartner, the growth of the PAM market in 2023 is 13.6% compared to 2022. Growth is driven by high-profile leaks related to compromise of privileged accounts and abuse of privilege, regulatory demands, security perimeter blurring, and migration to, cloud as is the overall increase in attacks. It is interesting to note that 10% to 20% of Gartner customers are beginning to study and evaluate PAM due to the requirements of cyber risk insurers.

Interest in remote access management also led to an increase in PAM sales: PAM is a recognized best practice for meeting regulatory requirements and reducing security risks associated with remote access, so sales of remote access-oriented products have increased. This, in turn, led to the fact that manufacturers began to pay great attention to the development of remote access capabilities.

Gartner also noted the emergence of a new target audience - software developers and cloud service operators, which was caused by the development of secret management capabilities in PAM solutions.

PAM Market in Russia

With rare exceptions, the solutions of vendors mentioned in Gartner are not available in Russia. Nevertheless, domestic products follow global trends in the development of privileged access management and offer a worthy alternative to foreign products that have left the Russian market. Solutions of the companies I&T BASTION, WEB Control DC, Indid, RTK-Solar, NGR Softlab are fully capable of minimizing threats associated with privileged access. Moreover, a number of vendors are already offering support for just-in-time access and providing controlled remote access for suppliers, which not all Western manufacturers have. This allows domestic products to occupy a decent place in the PAM class.

2022: Top trends in the development of privileged access management technologies. Gartner Report

According to analysts, in Gartner 2022, PAM solutions with the main functionality continue to be important security tools, while the change in market demand has brought a new emphasis on, cloud from - SaaS delivery of PAM tools to support cloud security, including secret management and CIEM (Cloud infrastructure entity management). Gartner's analysis documents keep you up-to-date with industry trends. And even despite the absence of most of the solutions investigated by Gartner on the domestic market, the identified trends are also relevant for. Russia IT is global and security requirements are also uniform. Knowledge of development trends enables users to select solutions that meet modern challenges, and domestic manufacturers to create and bring competitive Russian solutions to the world market. The company Web Control TAdviser specifically prepared an overview for Gartner Magic Quadrant Privileged Access Management 2022, which offers a description of the class of solutions, market situation and trends in its development.

What is PAM (Privileged Access Control)

The Privileged Access Management Tool (PAM) is used to reduce the risks of privileged user access. However, in recent years, the issue of ensuring security and non-interactive sessions of privileged access -, API components - has become acute. microservice architecture The PAM solution can be deployed as a local or software, SaaS hardware device.

The main features of PAM are considered to be:

• Discovery of privileged accounts across systems, infrastructure, and applications
• Manage data privileged account accounts
• Storing credentials and controlling access to privileged accounts
• Install, manage, monitor, and record interactive privileged access sessions.

In addition to the basic functionality, developers of such systems offer various optional features, such as, for example:

• Delegation of access to privileged accounts
• controlled enhancement of rights when executing system commands;
• Manage application, service, and device secrets
• Privileged Task Automation (PTA)
• Remote privileged access for employees and external users
• Cloud infrastructure entitlement management (CIEM).

Categories of PAM solutions

Depending on the vendor's choice of optional functionality, Gartner distinguishes four categories of PAM tools:

1. Managing Privileged Accounts and Privileged Access Sessions (PASM)

Privileged accounts are protected using a credential store. Access to these accounts is then differentiated for users, services, and applications using the PAM tool. The Privileged Access Session Management (PSM) tool establishes sessions, usually with credential substitution and a complete session record. Passwords and other credentials, such as certificates and tokens for privileged accounts, are actively managed (for example, replaced at regular intervals or when certain events occur). PASM solutions can also provide application password management (AAPM) and/or agenless remote privileged access that does not require a VPN for external IT staff and third parties.

2. Privilege Elevation and Delegation Management (PEDM)

Centralized agents in a managed system grant certain privileges to users authorized in the system. PEDM tools provide control (filtering) of commands on the host, control of permission/prohibition/isolation of applications and/or privilege elevation, which allows you to start certain processes with a higher level of privilege. PEDM tools must run on a real operating system (kernel or process level). PEDM tools can also provide application control and file integrity monitoring. The availability of functionality from this category is often a requirement for regulated industries and where compliance with PCI DSS, SOX and other regulatory and financial requirements is required. Defense and government agencies often require the removal of local administrator privileges.

3. Secret Management

Credentials (such as passwords, OAuth tokens, SSH keys), secrets ON , and devices are managed, stored, and retrieved by and API at SDK the software level. The main task of secret management solutions is to establish trust by exchanging secrets and managing authorization and related functions when devices, containers, applications, services, scripts, processes and pipelines interact. DevSecOps Secret management is often used in dynamic and - agile environments, such as, and IaaS PaaS management platforms. containers Secret management products can also provide AAPM functionality.

4. CIEM

CIEM offerings are dedicated identity-focused Solution SaaS that manage cloud access risks through administrative control of access rights in hybrid and multi-cloud IaaS. They typically use analytics, machine learning (ML), or other methods to detect anomalies in account rights, such as privilege accumulation or inactive and unnecessary rights. Ideally, CIEM provides for the elimination of excessive permissions and the implementation of least privilege approaches in cloud infrastructures.

Who entered the Magic Quadrant 2022

The 2022 magic quadrant included 11 players. Gartner analysts included ARCON, BeyondTrust, CyberArk, Delinea, One Identity and Wallix among the leaders. Niche players were Broadcom (Symantec), Hitachi ID, ManageEngine and Networrix. Experts attributed Saviynt to the visionaries.

In comparison with previous reports, Delinea was added to this year's magic quadrant, which arose from the merger of last year's two leaders Thycotic and Centrify, Hitachi ID, 2020 "challenger" and absent from last year's report, ManageEngine, a niche 2020 vendor, Networrix and Saviynt, absent from the previous 3 quadrants of 2018-2021. Krontech and senhasegura were not included in this year's report, as they did not pass the criterion for revenue.

Source: Gartner (July 2022)]]

To be included in the report, companies must comply with a number of strict conditions, which include technical requirements, and requirements for functionality, revenue, geography of presence, positioning, sales structure and IP availability. In addition, companies are also evaluated in terms of viability, which means mainly the possibility of investing in a product, responding to customer needs and supporting customers.

What Functionality Privileged Access Management Solutions Should Have

When comparing vendors, Gartner imposed strict requirements for the presence of certain functionality. This list of functional requirements and their description can also be useful when customers define a list of requirements for a privileged access management solution. It should be noted that it is inappropriate to focus exclusively on the functionality that exists at the moment. For dynamically developing companies, an important criterion is to support the manufacturer's solution and add new functionality in response to market requirements.

Privileged access governance. This feature provides opportunities and tools for managing privilege assignment based on company policies and regulations, periodic review and certification of privileged access, and separation of responsibilities based on a set of policies.

Account discovery and onboarding. This feature allows you to discover, identify, and add privileged accounts, including the ability to support periodic, on-demand, or continuous scanning. It also includes the ability to automatically discover target services and systems (including virtual machines) to further discover privileged accounts contained within them.

Privileged credential management. This feature provides basic functionality for managing and protecting system and enterprise-defined credentials of privileged accounts or secrets (including SSH keys). It includes generating, storing, rotating, and retrieving credentials for interactive access to specific users. It also assumes the rotation of credentials for service and software accounts (for example, built-in accounts) on target systems. These features require the ability to access the PAM tool through at least the web console or API.

Privileged session management. This capability provides session creation, management, recording and playback, real-world monitoring, time protocol-based command filtering, and privileged access session separation. It includes functionality for managing an interactive session using PAM, from obtaining credentials to authorization using them, although in normal cases these data are not disclosed to the user. This capability can also include restrictions such as allowing/disabling certain types of commands and functions when logging on to the target system.

Secret management. This feature provides access control to credentials (such as passwords, OAuth tokens, and SSH keys) for machine use cases such as devices, applications, services, scripts, processes, and DevSecOps pipelines. This functionality makes it possible to generate, store, rotate and provide credentials to machine entities (for example, through the API). It also involves mediation in establishing trust between different machine entities for the purpose of sharing secrets, as well as managing authorizations and related functions. Together, this capability supports secret management in dynamic environments and supports RPA platforms.

Logging and reporting. This feature records all single events, including changes and operations, as part of the PAM operation. A single event is based on the user, time, date, and location, and is processed with other events through correlation in logical order. This is necessary to monitor and determine the root cause of risky events and identify unauthorized access. This capability also provides the functionality required to audit and generate event database reporting, including ready-made and on-demand reports. Event data must also include privileged access session information. It also provides analytics (often using machine learning) of the actions of privileged accounts to detect and mark anomalies, including basic assessment, risk assessment and notification. The goal is to better identify both current and predicted metrics that identify privileged access anomalies to trigger in response to automated countermeasures.

Automation of privileged tasks. This feature provides functionality to automate multi-step, repetitive tasks associated with privileged operations that are orchestrated and/or performed on a number of systems. This uses extensible libraries of pre-configured operations requiring privileged access for common IT systems and devices. This automation allows you to perform various actions and request additional information as needed, while providing protection by checking the input for compliance with policies and settings.

Elevation and delegation of privileges for Unix/. LinuxThis feature provides host-based functionality that enforces policies on UNIX/Linux systems macOS and to allow authorized commands or applications to run under elevated privileges. Administrators log in to the system using an unprivileged account and elevate privileges as needed. Any team that requires additional privileges will have to go through these tools, which, in fact, will prevent administrators from performing unsafe actions. These functions must be performed in real (operating system kernel or process level).

Elevating and delegating privileges for Windows. This feature provides host-based functionality for implementing policies on Windows systems that implement application permission/deny/isolation control, as well as for allowing authorized commands or applications to run under elevated privileges. Administrators log in to the system with a simple account, and elevate privileges as needed. Any command that requires additional privileges will have to go through these tools, effectively preventing administrators from performing unsafe actions. These functions must be performed on the actual operating system (kernel or process level). Windows PEDM tools can also provide file integrity features.

Integration with related systems. This capability requires the ability to provide functionality for integration and interaction with related security and service management systems. This includes IGA, SSO, MFA, enterprise directories, support for flexible connectors and integration frameworks, sharing APIs,,, and integration with systems ITSM SIEM vulnerability management systems and systems.

Easy to deploy, performance. This feature provides functionality to simplify the deployment of the PAM solution while providing availability, recoverability, performance, and scalability. Implementation of the just in time approach. This feature provides on-demand privileged access without the need for shared accounts with persistent privileges. As a rule, for this, unprivileged accounts are granted appropriate privileges on a temporary basis. Common methods to achieve this goal may be the use of PEDM approaches, the use of temporary on-demand group memberships, or the use of ephemeral security accounts or tokens. This feature is focused on the observance of the principle of least privileges and the subsequent achievement of zero permanent privileges (ZSP) for accessing PAM. Implementation of the JIT approach involves:

• The ability to dynamically add and remove users from AD groups
• Dynamically provide time-limited access to privileged accounts
• PEDM functionality through on-demand privilege escalation
• The ability to create and delete privileged accounts on demand
• possibility of creating and using ephemeral tokens;
• On-demand access to SaaS control panels such as AWS.

Current situation

Speaking about the current situation, Gartner notes the trend towards convergence of IAM markets, formulates the best PAM implementation practices that can be taken as a basis when implementing a solution, and identifies the reasons that encourage companies to implement PAM solutions.

Convergence of IGA, IDM and PAM markets

Gartner in its report notes the borrowing by PAM solutions of the functionality of related markets, when access control tools, for example, offer some IGA functionality or access control capabilities are implemented in the PAM system. He calls this macro convergence, or rapprochement of various markets. CyberArk, in particular, offers IAM (Identity and Access Management) functionality, One Identity and Broadcom offer IGA and IAM capabilities. Experts warn that such functionality is implemented through separate solutions, often not integrated with each other in terms of policies, management and deployment.

Another example of convergence, this time microconvergence, when a manufacturer "penetrates" into a related category of tools, is the increased interest of PAM manufacturers in secret management and CIEM. The seven PAM providers featured in this report currently offer secret management products, three other providers plan to add them, and only one has no plans to do so. Five companies from the report offer CIEM functionality, six companies plan to implement this functionality, and four have included it in the roadmap. Only one company does not plan to use either CIEM or secret management tools as part of its PAM tools.

Users don't always see the difference between privileged access management and password management tools. Gartner experts explain that PAM systems are aimed at reducing risks associated with privileged access.

These solutions manage privileged accounts - accounts that can perform create, receive, update, delete (CRUD) operations in the IT infrastructure. Password management tools are designed to help ordinary users with normal rights (accountants, sellers or engineers, for example) cope with a wide range of passwords that they must remember for their daily work. They do not do credential rotation, session management, session recording, identity management, or privilege elevation. Many organizations consider them critical to helping users, but they should not be confused with PAM tools. They can store passwords in vaults, require a password to access the vault, and some can generate unique and complex passwords. However, none of these features make them PAM tools.

PAM Implementation Best Practices

Learning best practices allows you to optimize resources when implementing tools. Experts have found that the correct deployment of the PAM tool requires two main points:
1. A clear understanding of where privileged accounts are located (with an action plan to protect them).
2. Change organizational processes to maximize the effectiveness of privileged access control.

To do this, organizations should implement a comprehensive practice of detecting privileged accounts to understand what privileged access currently exists in their environment, and then determine how privileged access will occur in the future.

From the point of view of process and practice, when deploying the PAM tool, heads of information risk management should follow the four PAM principles proposed by Gartner:
1. Track and protect each privileged account.
2. Perform comprehensive access management and control.
3. Log and audit actions using privileged accounts.
4. Use the automation of tasks implemented using privileged access.

There is another principle, fundamental, without which the successful implementation of PAM tools and practices will be much more difficult - culture.

Privilege Management Culture

Inattention to culture or underestimation of its influence is one of the biggest causes of failure in PAM projects. Culturally insensitive, companies face resistance to the PAM implementation project from all sides, including individual employees, IAM executives, and business leaders. Since the implementation of PAM is a change in people's approach to administrative work, an insufficient explanation of why change is required will cause resistance to these changes.

Key Practices for Implementing a Privilege Management Culture

• Create a vision (vision) of PAM, with a one-page manifesto focused on all stakeholders. This page should set out the vision, state what their role is in the project and clearly state what is expected of them.
• Create a steering group and invite all stakeholders. The leadership team's job is to set expectations for responsibilities and create positive momentum and communication channel for all teams throughout the project.
• Get leadership support. Sometimes, when a project rests against a wall, a higher authority is required, which is entrusted with maintaining the project at the proper level. The presence of management support, possibly with its inclusion in the leadership team, allows the project to overcome difficult problems during a crisis.

What Reasons Drive Companies to Implement PAM

Gartner analysts have identified 3 main reasons for implementing the privileged access management tool.

Protecting the business. This is the main reason. Effective PAM reduces the surface of attack for privileged accounts and reduces risks to reduce or eliminate the impact on the business from the actions of attackers. Proper PAM management may not eliminate network and account compromise, but it can reduce the risk of significant business impact by preventing an escalation of the attack.

Support for business processes. In addition to security, having good and effective privileged access management processes helps optimize change and thereby contributes to business agility. The goal is to manage PAM risks so successfully that the business can move quickly to new capabilities without being burdened with legacy security issues such as PAM. Simply purchasing a PAM tool without changing the order of granting and using privileged access leaves organizations unprotected - there are many stories of company hacks despite the use of PAM systems. Usually such incidents can be avoided with the correct use of tools.

Compliance. Compliance with audit and regulatory requirements has always been a driving force for PAM. Gartner notes that due to the recent spread, attacks ransomware insurers cyber risks today require many of their customers to confirm the availability of PAM controls and effective PAM practices.

Market Overview

Market size and drivers

Gartner noted a 20% increase in sales of PAM solutions presented in the current report and forecast further growth. The reasons for the growth of analysts are the increase in awareness of the importance of managing privileged access, high-profile incidents related to the compromise of privileged accounts, erosion of security perimeters, migration to the cloud and an increase in cyber attacks. The increase in the share of remote employees also stimulated interest in privileged access management systems - the use of PAM to organize remote access for administrators to company resources is a recognized practice. This led to an increase in sales of solutions supporting this opportunity and an increase in its priority in the roadmaps of other suppliers.

It is believed that PAM solutions are exclusively for large companies, but small and medium-sized businesses face the same problems, albeit on a smaller scale. Full-featured systems for small companies can be difficult to maintain, and manufacturers respond by creating SaaS functionality. Large companies with mature privileged access processes are beginning to move beyond basic PAM use cases, so developers have redoubled their efforts to develop capabilities such as secret management, JIT PAM, privileged task automation, and privilege management in multi-cloud environments. By infiltrating a related market, they face competition from non-PAM core market vendors, such as those offering separate secret management products or CIEMs.

Market dynamics

The study found that vendors focus on either translating their solutions to SaaS or offering SaaS as an option. This year, of the 11 suppliers included in Gartner's report, only one does not have SaaS in their roadmap. The remaining 10 are currently offering or developing a SaaS-based PAM tool.

Another area of ​ ​ market development is secret management. Five vendors from this year's report offer secret management tools for developers, while the rest have developed some secret management features in their products. In addition, five suppliers offer CIEM tools, several companies have introduced the development of such capabilities into the roadmap.

From a vertical point of view, there is a need for special functions for organizations using IoT OT. As an example, we can cite companies of utilities power and sectors, as well as. hospitals These organizations need to protect privileged access to their supervisory and data collection devices () SCADA and OT, as well as pre-configured connectors for connecting to popular OT systems.

Competition in the PAM market remains intense due to the presence of a large number of players. Over the past few years, the market has been constantly moving towards consolidation. The 2021 merger of Thycotic and Centrify to form Delinea continues this trend.

Geographical and vertical trends

The main user industries of PAM are companies from the financial sector, media, services and public administration, which is associated with large regulatory requirements. Recently, there has been growing demand from healthcare, manufacturing and manufacturing.

North America and Europe are still major markets for PAM products globally. However, the broader Asia-Pacific region has also seen an increase in interest and sales. Major manufacturers such as Broadcom (Symantec), CyberArk, BeyondTrust and Delinea are increasingly trying to expand their geography. However, the regions have their strong suppliers: ARCON in the Middle East and Asia-Pacific, Senhasegura in Latin America, and WALLIX and Krontech in Europe. Despite their smaller size, these companies have knowledge of local features, connections, language and proximity to the consumer.

Most of the solutions from the Gartner report are absent from the domestic market, however, the needs for managing privileged access in Russian companies are to one extent or another satisfied by the decisions of domestic manufacturers: Indeed PAM (Indid), SafeInspect (NTB), sPACE (Veb Control), SCDPU NT (iT Bastion). The dynamics shown by domestic manufacturers this year give confidence that in the near future Russian consumers of PAM products will be able to receive an adequate replacement for products of foreign companies.

2020

By 2024, 50% of organizations will implement privileged access based on the justintime model

Analytical agency Gartner has released another comparative analysis of Magic Quadrant for Privileged Access Management 2020. This became known on September 28, 2020. Gartner reports formulate the main functionality of solutions of a specific class, give maximum market coverage and name the features and bottlenecks of the products of selected vendors, allowing you to correlate your key needs with offers in the market and approach the choice of a product from the position of reasonable sufficiency.

In the magic quadrant, the main market players are traditionally divided into 4 categories:

• The leaders are companies with good functionality and a good reserve for the future.
• Visionaries - companies that understand the direction of market development or have the potential to change market rules
• Niche players - companies that operate on a small segment
• Applicants produce a good product or can lead in a large segment, but do not always demonstrate an understanding of the direction of the market.

According to the forecast, by 2024, 50% of organizations will implement privileged access based on the "just in time" model, which involves granting privileges at the right time and in the right amount and eliminating redundant privileges. Such a move, according to experts, will reduce the compromise of privileged accounts by 80%. In addition, automating privileged access tasks will reduce IaaS and PaaS maintenance costs by 40% and reduce incidents by 70% by the same time.

Gartner experts have formulated the functionality of privileged access management solutions that you can focus on when choosing a vendor. It should be noted that it is virtually unchanged from the previous 2018 report:

• discovery, management and orchestration of privileged accounts of various systems and applications;
• Control access to privileged accounts, including shared and emergency accounts
• randomization, management and secure storage of privileged credentials data (, passwords keys);
• Providing single sign-on (SSO) to prevent disclosure of credentials
• control, filtering and orchestration of privileged commands, actions and tasks;
• management and transfer of credentials to applications, services and devices without their disclosure;
• monitoring privileged access, sessions and activities, logging, and analysis.

Gartner analysts divide the large class of Privileged Access Management solutions into 3 categories:

• PASM (Privilege account and session management)
• PEDM (Privilege account and delegation management)
• Secrets Management

Privilege account and session management (PASM) solutions protect accounts by storing and accessing credentials in secure storage. Managing privileged access sessions involves injecting credentials without exposing them to the user. PASM solutions can provide service password management (AAPM).

PEDM solutions grant privileges to authorized users. Such solutions provide command filtering, application control, and privilege escalation, i.e., execution of commands with a higher privilege level.

Secrets management solutions provide management, storage, and retrieval of secrets through the API or SDK. Secret management is often used in dynamic and agile environments such as IaaS, PaaS and containers, according to the Magic Quadrant for Privileged Access Management 2020 review by Web Control.

A prerequisite for inclusion in the Magic Quadrant PAM 2020 report is the presence of PASM functionality. Other criteria for inclusion in the report include the availability of certain features, such as secure storage, privileged account detection and automatic secret rotation tools, starting a privileged access session using SSH, RDP, HTTPS protocols, recording and viewing sessions, role-based access model, integration with an existing customer environment. Gartner also has serious requirements for sales level, growth and geography, number of customers and positioning. The location of the company in the quadrant is determined not only by the quality of the product, but also by the level of customer satisfaction, sales and pricing policies, marketing, strategy, innovation and other factors.

Of the 12 vendors selected for analysis, the following companies were among the leaders:

• BeyondTrust
• Centrify
• CyberArk
• Thycotic

Compared to 2019, there were changes in the leadership team - BeyondTrust, Centrify and CyberArk remained the leaders, Thycotic, which moved from the visionary team, was added to them, and CA Technologies, which was the leader in the 2018 report, after its takeover by Broadcom (Symantec), became a niche player. The 2020 report did not include Fudo Security, Micro Focus and Osirium, which is not related to the quality of their products, but to the failure to comply with the requirements for growth and the number of customers.

The BeyondTrust solution provides functionality for both managing privileged access sessions and escalating access. Experts noted that the company's solutions have special functionality - monitoring file integrity for Unix/Linux and Windows, the ability to generate reporting using a large number of pre-configured templates and load balancing during cluster placement. When choosing a PAM solution, note that in the BeyondTrust Password Safe implementation, password management in third-party solutions is implemented through a CLI interface using SSH or Telnet, but not through SDK tools. There is also no SaaS version of the solution. In 2018, BeyondTrust went through a merger and acquisition procedure, combining such recognized solutions as BeyondTrust, Liebermann, Bomgar and Avecto on the same platform. As a result of combining several solutions on one common platform for managing all company privileges, technical support has undergone a change, there is no data for September 2020 to assess whether support has returned to its previous high level. Combining several solutions on one platform is a serious and rather difficult step, but BeyondTrust coped with it by offering the market an approach of universal management of all privileges. This approach makes it possible to select the relevant functionality for September 2020 and supplement it with additional functionality as needed.

Centrify combines the capabilities of PASM and PEDM. Centrify offers a complete SaaS PAM solution. The report noted the free Centrify Health Check service, a one-day consulting program to assess the maturity of the company's PAM program and determine the next steps. When choosing a solution, it should be taken into account that the cost of solving this vendor is higher than the average market, PEDM functionality is not implemented for macOS. Centrify is aimed at using MS AD, so experts call account discovery weak and focused on AD, mainly.

CyberArk is known as a trend setter for the industry. Its solutions implement both PASM functionality, PEDM and Secrets management. In May 2020, CyberArk acquired Idaptive for access control. CyberArk is a complete solution covering various use cases. Gartner experts draw the attention of potential customers to its high hardware requirements and the difficulty in installing some of its components. When choosing a solution, note that the solution does not support Kerberos and MS AD Group Policy for UNIX/Linux.

The Thycotic solution has the functionality of PASM, PEDM and Secrets management. Experts note the ease of installing and configuring the solution. In 2020, the company acquired Onion ID to expand privileged access control on IaaS, SaaS and database platforms.

Gartner analyst reports are not a call to purchase a solution, it is an opportunity to choose what meets the needs of a particular company. To do this, you should not always focus on market leaders. Smaller vendors or vendors that are not included in the leader square often offer special features. Hitachi, for example, implements the "just in time" approach to inject credentials into AWS, OneIdentity uses machine learning to analyze session activities, biometrics to analyze keyboard handwriting and detect unauthorized access. Senhasegure is focused on expanding integration with DevOps tools and is rapidly launching functionality related to Kubernetes management and containers.

KuppingerCole: PAM Solutions Market to Grow to $4.5 Billion by 2025

KuppingerCole, the leading European independent analytical agency specializing in information security research, IAM, IAG, risk management and digital transformation, released a 113-page analytical report KuppingerCole's Leadership Compass PAM 2020, which was shared by Web Control (WEB Control DC) in late May 2020 with TAdviser.

The report provides a comparative analysis of 24 vendors in the market for Privileged Access Management (PAM) solutions and a brief overview of 8 more vendors, which, according to agency analysts, are "worth looking at." For analysis, the agency's experts investigated market segments, technical capabilities of solutions and vendors, relative market share and innovation of solutions.

According to the agency's analysts, CyberArk is the leader in the market, followed by Thycotic and the updated BeyondTrust, which only in 2019 fully completed the merger with Bomgar, Lieberman Software and Avecto.

Privileged Access Management solutions are designed to mitigate risks associated with unauthorized use of privileged accounts. At the same time, privileged records include not only accounts of administrators (servers, network equipment, workstations) who have access to the management of elements of the IT infrastructure, but also business users who have access to confidential data of the company, as well as users who require non-permanent privileged access, for the duration of the project, for example.

In recent years, the privileged access management solutions market has become one of the fastest growing markets. According to KuppingerCole experts, the PAM solutions market, which has about 40 major vendors as of May 2020, will grow from $2.2 billion in 2020 to $4.5 billion by 2025. Among the reasons for this growth are digital transformation, DevOps, distributed computing and the growth of cybercrime.

The comparison of solutions in this report was based on the assessment of the following functionality:

1. Privileged Account Lifecycle Management (PADLM).
2. Shared passwords Account Management.
3. Manage Service Accounts (AAPM)
4. Controlled Privilege Escalation (CPEDM),
5. Manage endpoint privileges (EPMs).
6. record and monitor real-time sessions,
7. implement the principle "just in time,"
8. SSO implementation,
9. Monitor and analyze actions with privileged accounts.

Of the 32 vendors, KuppingerCole analysts identified leaders, leadership contenders and vendors who should be paid attention to due to the presence of, perhaps, unique functionality and/or offer, the prospects of the approach or some other factors.

Leadership was determined by three characteristics - product quality, market presence and partner network and innovation.

The "Product Leaders" category includes companies offering mature products with the most complete functionality. Market Leaders included vendors with a large number of customers around the world and a strong partner network to support products. The Innovation Leaders category includes companies that determine the direction of product development in the market. They offer the most innovative and promising functionality.

Based on product quality, market presence and innovation policy, experts compiled a list of Overall Leaders leaders, which included 9 companies: BeyondTrust (USA), Broadcom ( USA), Centrify ( USA), CyberArk ( USA), Hitachi ID (Canada), One Identity ( USA), SSH (Finland), Thycotic (USA), Wallix (France).

For each company included in the number of leaders and contenders for leadership, experts draw up a short report in which advantages and disadvantages are separately identified, and an assessment is given on the implementation of the main functionality.

Most of the companies from the group of leaders are well known in the Russian market and do not need to be introduced. They offer mature products with full functionality. Here I would like to mention several less well-known companies in Russia that offer non-standard functionality. SSH, for example, has moved away from the traditional password management approach and provides privileged access based on the issuance of a one-time certificate for SHH and RDP. In Hitachi ID HiPAm, experts noted powerful system recovery tools, real-time data replication, and distributed data. A special feature of this solution, according to analysts, is the "Recent" button, which allows you to quickly open previous requests and sessions. Note that this function is not unique for the Russian market, because a quick transition to the last privileged access sessions offers a Russian solution. Experts attributed Broadcom to the group of leaders, which, although it did not appear in independent analytical reports as a PAM vendor until this year, is not a newcomer to this market after the acquisition of CA Technologies with CA Privileged Access Management Suite and Symantec, under whose brand the new PAM solution will be sold.

Among the contenders for the lead (Chellengers) were Kron () Turkey Micro Focus Great Britain India , ( ), Arcon ( ), ManageEngine (США), Systancia ( ) France and Stealthbits (USA), slightly short of the lead, and Onion ID (US offices and), India EmpowerID (US), Senhasegura (), Brazil Osirium (UK), Xton Technologies (USA), Sectona (India), Devolutions (), Fudo Canada Security (offices in the USA and) To Poland and Remediant (USA). These companies were not among the leaders due to the lack of full PAM functionality, but the solutions of these companies can close some specific needs. Xton Technologies, for example, provides weekly updates, including with new functionality. Kron and Osirium, for example, offer the automation of privileged task management by delegating not privileges, but tasks, and automating routine privileged operations. Sectona also offers automation of some tasks, in particular, revoking privileged accounts without the participation of an administrator and automating the management of privileged tasks. According to KuppingerCole experts, there is a high probability that automation will become an important feature of PAM solutions in the coming years.

Vendors worth looking at include Deep Identity (Singapore), HashiCorp Vault (USA), Identity Automation (USA), IRaje (India), NRI Secure Technologies (Japan), ObserveIT (USA), Saviynt (USA), Venafi (USA). These solutions do not have full PAM functionality, which is suitable for small and medium-sized businesses. It should be noted that the missing functionality is often replenished by integration. NRI Secure Technologies, for example, uses BeyondTrust Powerbroker Password Safe to manage passwords, and Saviynt uses HashiCorp. storage to store secrets. Venafi's partnership with HashiCorp, in which Venafi provides centralized policy control, transparency and lifecycle automation of machine service accounts, including public and private SSL/TLS certificates, and HashiCorp provides its storage, is focused on the team's DevOps.

There is an erroneous opinion that PAM solutions are intended only for large companies. That's not the case. Hackers don't pick their targets by company size, they're just looking for hotspots, and smaller companies could also face ransomware viruses or, say, deleting a customer database from a disgruntled privileged user. Often small companies are contractors of large companies and perform some work for them. Such companies do not have a large budget for information security, but, according to Gartner experts, the management of privileged credentials belongs to the list of the top 10 projects, the implementation of which will have the greatest impact on business and cybersecurity.

Of the companies included in the KuppingerCole report, only 3 vendors, IRaje, Kron and Devolutions, are focused on small and medium-sized businesses, so it is advisable for small Russian companies to focus on Russian solutions.

• 1 XLIFFService: Error in XliffFile2XliffString method.

If you are considering deploying a privileged access management solution in your company and need advice, please contact our examiners.- >

See also

• RFID-based access control systems (CDS)
• Terms of Reference for MCDS
• Nine tips for MCDS installers
• Access Control Systems - MCDS (Global Market)