+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

85 Percent of Organizations Fail to Meet Basic Level of PAM Maturity

Written by Jordan True

April 2nd, 2019

WASHINGTON, D.C., April 2, 2019 — Thycotic, a provider of privileged access management (PAM) solutions to 10,000 organizations worldwide, today announced its 2019 State of PAM Maturity Report. The report summarizes the aggregate data from more than 450 organizations across the globe that participated in Thycotic’s Q4 2018 PAM Maturity Model assessment survey to-date.

According to survey results, while nearly four out of five organizations (78 percent) now include privileged credential protection as part of their cyber security policies, their PAM security practices are woefully lacking and even worse than you might expect. Eighty-five percent of respondents are still struggling to get beyond the initial phase of PAM maturity.

Among those failing to reach even a basic level of maturity:

  • 55 percent of organizations have no idea how many privileged accounts they have or where they’re located.
  • More than 50 percent of organizations’ privileged accounts never expire or get deprovisioned.
  • Only 18 percent of organizations are storing all their privileged accounts in a secure privileged access management vault or password manager.

“The 2019 State of Privileged Access Management Maturity Report is a wakeup call for organizations worldwide to immediately assess their PAM practices with a goal of moving beyond dangerous habits to implementing a PAM Lifecycle Model, which is outlined in our report,” said Joseph Carson, Chief Security Scientist at Thycotic.

Thycotic introduced the free, online PAM Maturity Model assessment survey in Q4 2018 to help organizations determine progress along their journey to lower privileged account risk, increase business agility and improve operational efficiency. The PAM Maturity assessment consisted of 11 questions that determined how far an organization has progressed through the four phases of PAM maturity.

As the basis of understanding the results of the PAM Maturity report, the four phases of Thycotic’s PAM Maturity Model assessment consisted of the following:

  • Phase 1 – Analog – Organizations in the Analog phase face a high degree of risk.
  • Phase 2 – Basic – Organizations transition from Analog to the Basic stage of PAM maturity, by adopting PAM security solutions and automating time-consuming, manual processes.
  • Phase 3 – Advanced – Organizations in the Advanced phase of PAM maturity have moved from reactive to a proactive privilege security strategy.
  • Phase 4 – Adaptive Intelligent – As the ultimate stage of PAM maturity, organizations in the Adaptive/Intelligent phase take continuous improvement to a higher level, integrating leading technologies such as machine learning to collect information and adapt system rules.

“Lack of visibility into how many unprotected privileged accounts exist in an organization and where they are located is an enormous risk for organizations,” said Joseph Carson, Chief Security Scientist at Thycotic. “Because privileged accounts such as local admin and service accounts exist everywhere in multiple places throughout an organization, trying to manually discover and manage them is virtually impossible. Your first step should be automating privileged account discovery on a continuous basis so that you can see what you need to protect and what security controls should be in place.”

View the full findings of the 2019 State of Privileged Access Management (PAM) Maturity Report here.

JOIN OUR MAILING LIST

Get updates, free resources and in-depth how-to's

SHARE THIS


The following two tabs change content below.

Jordan True

Jordan is a social media strategist, digital community manager and a lover of all things IT. She currently manages the Social Media Program at Thycotic and loves to connect with technology communities online and at enterprise IT events. Addicted to the outdoors, you can find Jordan on the running trails in her free time or sharing the latest InfoSec buzz on Twitter @ThycoticJordan.