+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

How the just-released Forrester Wave PIM Q4 2018 Report can help you find the right PAM vendor

February 5th, 2019


Forrster Wave PIM Q4 2018 - How to find the right PAM vendor

As awareness about the importance of Privileged Access Management (PAM) and Privileged Identity Management (PIM) increases, (Gartner called it a top priority for cyber security in 2018), executives, IT security and operations teams are evaluating multiple options when selecting a PAM or PIM solution that would be best for their organizations. That means independent analysis becomes very important in identifying vendors that belong on your short list for consideration.

Forrester analysis has helped many businesses to navigate the vendor selection process

For more than 30 years, Forrester has been a leader in using an objective and transparent process to compare and score vendors in specific markets. The Forrester Wave™ is a prime example of how Forrester analysis has helped many businesses to navigate the vendor selection process. It started publishing Wave reports 16 years ago to provide a way for enterprises to better understand the state of the market in emerging areas of technology.

The Forrester Wave uses transparent criteria to score top vendors in a specific industry such as Privileged Identity Management, describing them according to strength across three categories: current product offerings; strategy; and market size.

To help Forrester clients make technology purchasing decisions each Wave report has a downloadable spreadsheet showing evaluation details that enterprises can use to make their own decisions.

How to read The Forrester Wave report

In a recently released research report, The Forrester Wave: Privileged Identity Management, Q4 2018, Forrester evaluated eleven vendors providing technology that protects privileged credentials—the “crown jewels”.  Noting that at least 80% of data breaches have a connection to compromised privileged credentials, such as passwords, tokens, keys, and certificates, privileged credentials:

  • Play a vital role in hackers’ ability to compromise critical systems.
  • Control application-to-application interactions.
  • Safeguard structured and unstructured data.
  • Are core building blocks of cloud and containerized environments.

After providing Forrester analysts with information across 35 criteria, Thycotic has been positioned as a leader by Forrester Research Inc., receiving  the highest possible score in 14 criteria including Cloud and DevOps Support, SaaS Solution Maturity and Privileged Threat/Behavior Analytics.  Thycotic also received the highest possible score among the following criteria: Privileged Password Safe/Vault, Users, Roles and Helpdesk Integration, and Reporting.  A brief review of how to read the Forrester Wave helps explain what that means.

While The Forrester Wave report includes analysis summaries as well as scoring rubrics and individual competitor scorecards, the most recognizable part of the report for many is the Wave graphic itself shown here.

Privileged Identity Management Vendors Chart

The Forrester Wave graphic shown here is divided into different shades of blue that represent relative market positions: Challengers, Contenders, Strong Performers, and Leaders. Based on their strategy and product scores, vendors are positioned to give an easy, visual way to understand where they stand in relation to one another.

Companies positioned higher on the graphic have higher scores (that typically correspond to a more robust features list) for their current product offerings than those positioned below. Dots that are further to the right represent companies with higher scores for strategic and product vision for the direction of the market and their product.

After extensively researching the privileged identity marketplace, Forrester analysts gauge what “best-in-class” looks like across 35 evaluation criteria. Vendors are then scored against best-in-class capabilities for every evaluated area. Sub-scores are weighted according to importance to create overall scores for current offering and strategy, and the products are then positioned accordingly.

By making its scoring criteria transparent, and asking the same questions of each vendor, Forrester aims to make a fair comparison between vendors that enables companies to make more objective decisions. Keep in mind that all the vendors in the Wave are recognized by Forrester as top performers in the PIM marketplace, noted in the report sub-title (“the providers that matter most…and how they stack up”).

The Forrester Wave report also highlighted several trends in the privileged identity market, noting that “As password vaulting and session management technology matures and becomes less effective at thwarting threats, improved privileged behavior and threat analytics will dictate which providers will lead the pack. Vendors that provide cloud and container secret management and continuous improvement ” and deliver platform integration position themselves to deliver effective privilege threat mitigation and DevOps secrets management to their customers.”

Thycotic is known for PAM solutions that are readily adopted by IT teams because they are so easy to deploy and use

As a leader in this most recent Forrester Wave PIM report, we feel the report helps validate Thycotic’s strategy of offering both a full featured Privileged Account Management-as-a-service option with Secret Server Cloud, as well as on-premise flagship product, Secret Server.  Known for our PAM solutions that are readily adopted by IT teams because they are so easy to deploy and use, Thycotic continues to expand our PAM offerings including Privileged Behavior Analytics, along with Privilege Manager, our latest product designed to enable least privilege with application control to help secure endpoints across the enterprise.

To help you in your evaluation of PIM and PAM vendors, you can read the full report by downloading a complimentary copy here.

SHARE THIS


The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.

Latest posts by Joseph Carson (see all)


Leave a Reply

*