1 Introduction
Many successful cyber-attacks involve the misuse of an organization’s privileged accounts, and that is enabled by inadequate PAM software, policies, or processes. Included in the list of malicious activities that must be detected and controlled are abuse of shared credentials, misuse of elevated privileges by unauthorized users, theft of privileged credentials by cyber-criminals, and abuse of privileges on third-party systems. Businesses increase the risk of attack by over privileging users and admins, not enforcing policies and failure to limit standing privilege.
Traditionally, privileged accounts were primarily given to a small set of administrators who needed access to perform maintenance and upgrade tasks, mostly on-premises LANs or endpoint machines. In some cases, senior employees may have had elevated access rights for specific tasks. It is fair to say that this is no longer the case. Privileged management use cases now extend across entire organizations, with users requiring task-based and workflow access to data, services, and applications held on legacy systems and multi-cloud-based infrastructures. And, of course, admins still need to perform those traditional privileged tasks.
This change explains why PAM software, in general, has developed in the last few years. Both new and traditional vendors have responded well to demands for more advanced PAM capabilities suitable for the modern computing era.
Interest in Least Privilege and Zero Trust based architecture and policies has also grown as organizations look to secure the cloud as well as on premises. Buyers are increasingly aware that a well-configured, modern PAM platform can be an integral part of such architecture and that the traditional capabilities of PAM must extend to supporting cloud environments and SaaS applications and services.
The future of business operations will revolve around a new paradigm of a highly dynamic IT architecture that melds multiple cloud platforms with legacy networks on premises, partner networks, and even, in some cases, mainframe installations. This is what KuppingerCole has christened the Dynamic Resource Entitlement and Access Management (DREAM) paradigm and is what the next iteration of modern PAM platforms (and other identity and data governance tools) should support; to deliver secure access entitlements and greater business value across a new generation of cloud resources and operations.
These new, ultra-hybrid networks will push existing identity and security frameworks to their limit and call for solutions that provide controlled, rapid access to dynamic, often ephemeral resources, wherever they exist.
PAM vendors are responding to this new world in different ways and there will be a place for smaller players as well as the market leaders to provide the capabilities that customers need to navigate new IT architectures. A well designed and easy to deploy platform with targeted functionality may well find a niche among selected buyers. It is into these changing market conditions that Indeed Privileged Access Manager must compete.