Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

How the just-released Forrester Wave PIM Q4 2018 Report can help you find the right PAM vendor

Written by Joseph Carson

February 5th, 2019

As awareness about the importance of Privileged Access Management (PAM) and Privileged Identity Management (PIM) increases, (Gartner called it a top priority for cyber security in 2018), executives, IT security and operations teams are evaluating multiple options when selecting a PAM or PIM solution that would be best for their organizations. That means independent analysis becomes very important in identifying vendors that belong on your short list for consideration.

Forrester analysis has helped many businesses to navigate the vendor selection process

For more than 30 years, Forrester has been a leader in using an objective and transparent process to compare and score vendors in specific markets. The Forrester Wave™ is a prime example of how Forrester analysis has helped many businesses to navigate the vendor selection process. It started publishing Wave reports 16 years ago to provide a way for enterprises to better understand the state of the market in emerging areas of technology.

The Forrester Wave uses transparent criteria to score top vendors in a specific industry such as Privileged Identity Management, describing them according to strength across three categories: current product offerings; strategy; and market size.

To help Forrester clients make technology purchasing decisions each Wave report has a downloadable spreadsheet showing evaluation details that enterprises can use to make their own decisions.

How to read The Forrester Wave report

In a recently released research report, The Forrester Wave: Privileged Identity Management, Q4 2018, Forrester evaluated eleven vendors providing technology that protects privileged credentials—the “crown jewels”.  Noting that at least 80% of data breaches have a connection to compromised privileged credentials, such as passwords, tokens, keys, and certificates, privileged credentials:

  • Play a vital role in hackers’ ability to compromise critical systems.
  • Control application-to-application interactions.
  • Safeguard structured and unstructured data.
  • Are core building blocks of cloud and containerized environments.

After providing Forrester analysts with information across 35 criteria, Thycotic has been positioned as a leader by Forrester Research Inc., receiving  the highest possible score in 14 criteria including Cloud and DevOps Support, SaaS Solution Maturity and Privileged Threat/Behavior Analytics.  Thycotic also received the highest possible score among the following criteria: Privileged Password Safe/Vault, Users, Roles and Helpdesk Integration, and Reporting.  A brief review of how to read the Forrester Wave helps explain what that means.

While The Forrester Wave report includes analysis summaries as well as scoring rubrics and individual competitor scorecards, the most recognizable part of the report for many is the Wave graphic itself shown here.

Privileged Identity Management Vendors Chart

The Forrester Wave graphic shown here is divided into different shades of blue that represent relative market positions: Challengers, Contenders, Strong Performers, and Leaders. Based on their strategy and product scores, vendors are positioned to give an easy, visual way to understand where they stand in relation to one another.

Companies positioned higher on the graphic have higher scores (that typically correspond to a more robust features list) for their current product offerings than those positioned below. Dots that are further to the right represent companies with higher scores for strategic and product vision for the direction of the market and their product.

After extensively researching the privileged identity marketplace, Forrester analysts gauge what “best-in-class” looks like across 35 evaluation criteria. Vendors are then scored against best-in-class capabilities for every evaluated area. Sub-scores are weighted according to importance to create overall scores for current offering and strategy, and the products are then positioned accordingly.

By making its scoring criteria transparent, and asking the same questions of each vendor, Forrester aims to make a fair comparison between vendors that enables companies to make more objective decisions. Keep in mind that all the vendors in the Wave are recognized by Forrester as top performers in the PIM marketplace, noted in the report sub-title (“the providers that matter most…and how they stack up”).

The Forrester Wave report also highlighted several trends in the privileged identity market, noting that “As password vaulting and session management technology matures and becomes less effective at thwarting threats, improved privileged behavior and threat analytics will dictate which providers will lead the pack. Vendors that provide cloud and container secret management and continuous improvement ” and deliver platform integration position themselves to deliver effective privilege threat mitigation and DevOps secrets management to their customers.”

Thycotic is known for PAM solutions that are readily adopted by IT teams because they are so easy to deploy and use

As a leader in this most recent Forrester Wave PIM report, we feel the report helps validate Thycotic’s strategy of offering both a full featured Privileged Account Management-as-a-service option as well as on-premises with its flagship product, Secret Server.  Known for our PAM solutions that are readily adopted by IT teams because they are so easy to deploy and use, Thycotic continues to expand our PAM offerings including Privileged Behavior Analytics, along with Privilege Manager, our latest product designed to enable least privilege with application control to help secure endpoints across the enterprise.

More on this subject: How to Find Your Best Match Among Privileged Access Management Vendors


Like this post?

Get our top blog posts delivered to your inbox once a month.