1 Introduction

Endpoint Privilege Management (EPM) platforms manage threats associated with privileged access rights originating on laptops, tablets, smartphones, or other endpoints. EPM tools offer controlled and monitored escalation of user privileges on endpoints and often include capabilities such as application white and blacklisting for endpoint protection. Some form of user behaviour analytics tool is also commonly included.

Traditionally, privileged access was primarily given to a small set of administrators who needed to perform maintenance and upgrade tasks, mostly on-premises LANs or endpoint machines. In some cases, senior employees may have had elevated access rights for specific tasks. Privileged management use cases now extend across entire organizations, with users requiring task-based and workflow access to data, services, and applications held on legacy systems and multi-cloud-based infrastructures. And increasingly admins, users, and specialists such as DevOps will seek access from an endpoint device, which may not be issued by the organization itself.

This change explains why PAM software, in general, has developed in the last few years. Both new and traditional vendors have responded well to demands for more advanced PAM capabilities suitable for the modern computing era. And this development has extended to the previously static area of Endpoint Privilege Management which, now very much part of the multi-cloud, hybrid IT architectures currently proliferating.

Interest in Least Privilege and Zero Trust based architecture and policies has also grown as organizations look to secure the cloud as well as on premises. Buyers are increasingly aware that a well-configured, modern PAM platform can be an integral part of such architecture and that the traditional capabilities of PAM must extend to supporting cloud environments and SaaS applications and services.

The future of business operations will revolve around a new paradigm of a highly dynamic IT architecture that melds multiple cloud platforms with legacy networks on premises, partner networks, and even, in some cases, mainframe installations. This is what KuppingerCole has christened the Dynamic Resource Entitlement and Access Management (DREAM) paradigm and is what the next iteration of modern PAM platforms (and other identity and data governance tools) should support; to deliver secure access entitlements and greater business value across a new generation of cloud resources and operations.

Moreover, the outbreak of the pandemic and subsequent alteration in the work culture has meant that workforces are accessing applications remotely on all sorts of devices. These new, ultra-hybrid networks will push existing identity and security frameworks to their limit and call for solutions that provide controlled, rapid access to dynamic, often ephemeral resources, wherever they exist. Managing dynamic privileged access from endpoints must be secure and friction free if it is to succeed in delivering value to the organization and convenience to users.