Thycotic Telephone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

See Where You Place in the PAM Maturity Model

Written by Joseph Carson

December 11th, 2018

Many companies aren’t sure how to begin their PAM implementation or which security activities have the most impact on their goals. To help you stay on course, Thycotic has developed the first PAM Maturity Model, based on industry best practices that systematically lower privileged account risk, increase business agility and improve operational efficiency. The model gives you a strategic road map for PAM adoption so you can plan ahead and prioritize resources and budget. (Scroll down to see how you rate in PAM maturity.)

Apply lessons from the PAM Maturity Model to your cyber security strategy

We know PAM isn’t a simple fix and the approach to PAM isn’t the same for everyone. Our mission is to help you become a self-sufficient security champion so you can ascend the PAM maturity curve at your own pace. You can apply lessons from the PAM Maturity Model to your cyber security strategy regardless of the size of your company, your industry or the number and type of privileged accounts you need to secure, based on your own risk drivers, budget, and priorities.

Step-by-Step Road Map

The PAM Maturity Model defines four phases of maturity ­­­­organizations typically progress through as they evolve from laggards to leaders in their adoption of privileged account management.

  • Phase 1. Analog: Organizations in the Analog phase of PAM maturity have a high degree of risk. They secure their privileged accounts in a limited way, if at all. As a result, they often provide excess privileges to people who don’t need them, share privileges among multiple administrators, and neglect to remove privileges when users leave the organization or change roles.
  • Phase 2. Basic: When organizations progress from the Analog stage to the Basic stage of PAM maturity, they adopt PAM security software and begin to automate time-consuming, manual processes. 
  • Phase 3: Advanced: As organizations move from a reactive to a proactive privilege security strategy they enter the Advanced phase of PAM maturity and PAM becomes a top priority within their cyber security strategy. Organizations at this level are committed to continuous improvement of their privileged security practices. 
  • Phase 4: Adaptive Intelligent: As organizations ascend to the ultimate stage of PAM maturity they take the concept of continuous improvement to a higher level, often relying on artificial intelligence and machine learning to collect information and adapt system rules. They fully and automatically manage the entire lifecycle of a privileged account, from provisioning to rotation to deprovisioning and reporting.

The Maturity Model is based on security industry best practices and Thycotic’s work with 10,000 customers of all types, ranging from organizations beginning to experiment with PAM to the most experienced and advanced PAM users. Within the four major maturity phases there are gradations of PAM maturity which impact cyber risk, business productivity, and cost of compliance. In addition to accounting for specific security activities mentioned above, the model also reflects the frequency and scale at which organizations conduct those activities.

5 Minutes to Find Out Your Maturity Score

Based on the Model, the PAM Maturity Assessment is a free online tool that helps your security and IT teams prioritize security activities and align budget and resources. Take five minutes to answer just 11 questions. You’ll receive a score indicating your Maturity Phase and a customized report with detailed recommendations on how to ascend the PAM maturity curve.

How Mature Are You?

Take the PAM Maturity Assessment to Find Out. You’ll find a printable PDF of the PAM Maturity Model on the same page.

JOIN OUR MAILING LIST

Get updates, free resources and in-depth how-to's

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS


The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.