Privileged Access Management:
Will We Never Learn?

We continue to get hacked. Instead of reaching a place where cyber security can consistently prevent hackers from inserting ransomware, injecting malicious code, stealing sensitive data, etc., we only find ourselves falling further behind. With the democratization of traditional IT into an Agile-centric rapid development and deployment model intended to help many businesses stay afloat and meet their customers’ ever-increasing demands, the necessary cyber security protections are often ignored or saved for later.

This unfortunate phenomenon is becoming all too real to many citizens around the globe as our Operational Technology (OT) infrastructure like electric grids, fuel and gas pipelines and water systems are being severely and successfully attacked. The combination of massive, relatively unbridled IT and OT infrastructure being spread out over multiple ‘platforms’ – both on premise and in-cloud in our race against “revenue time” is a very sobering predicament to find ourselves in, no matter what industry you happen to be in.

So why and how do hackers succeed? Broken record: by hijacking privileged access rights in order to drop their malicious code in your environment.  For more than two decades, the TechVision Research team has been (strongly) advising its customers to invest money and personnel resources in Privileged Access Management deployment. That said, the overall footprint for PAM deployments across many enterprises remains patchy. Beating the same drum in support of PAM is not fun, but we are here to keep you apprised of the maturation and deploy-ability of several PAM solutions.

This report starts by looking at what PAM is, then evaluates the various types of approaches currently being deployed, the challenges associated with deployment, and provides a review of our short-list of vendors and solutions you should consider. We then conclude with a set of pragmatic recommendations and an enterprise action plan for PAM deployment.