Privileged Access Management:
More Necessary Than Ever as
Cloud-Shift Intensifies

Authors

Doug Simmons – Principal Consulting Analyst

Gary Rowe – CEO and Principal Consulting Analyst

Abstract

Breaches, breaches, breaches – will they ever end? Not likely as protecting the enterprise is getting harder and harder. With our IT infrastructure becoming more complicated and porous as cloud-based applications and systems are being blended with legacy systems and emerging technologies the attack surface continues to expand.

Often, the ultimate targets for most hackers are the administrative accounts used by systems administrators of OS’s like Windows and Linux, network and security devices, cloud platforms, databases such as Oracle and SQL Server, and web servers – as well as those embedded within applications to perform various administrative functions in application-to-application communications. To rescue us from administrative account hijacking, solutions residing under the banner of Privileged Access Management (PAM) are available. Such solutions have been on the market for nearly two decades now and have gradually improved to the point where most enterprises will find them compelling. That said, the overall footprint for PAM deployments across many enterprises remains patchy.

This report starts by looking at what PAM is, then evaluates the various types of approaches currently being deployed, the challenges associated with deployment, and provides a review of our short-list of vendors and solutions you should consider. We then conclude with a set of pragmatic recommendations and an enterprise action plan for PAM deployment.