Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Rising to the Modern PAM Challenge

Written by Jim Legg

September 8th, 2020

What drives change in the security space? Either a significant shift in the business environment disrupts how people work, or technology advancements impact the attack surface.

Today, security teams are facing both challenges.

Remote work is here to stay. No company that I’ve talked with has plans to bring the full workforce back to the office any time soon, if ever.

Meanwhile, users are more empowered. Not only do they choose where to work, they also choose which devices, platforms, and applications to use. So, it’s more important—and more difficult—to ensure consistent security policies and central visibility while balancing user productivity.

The term “privileged user” no longer equals “IT user.”

These disruptions are changing the very definition of the word “privileged” in Privileged Access Management (PAM). The term “privileged user” no longer equals “IT user.” It also includes business users who access financial and personal information from web apps and developers who build your products on platforms using AWS, Azure, GCP, or your own cloud.

The meaning of “privileged access” has also changed to include not only who can access what, but also what they can do with that access and when they can do it.

Thycotic has taken on these challenges by embracing the new definition of privilege. We’re doubling down on our mission to provide PAM solutions that deliver the biggest possible impact in the shortest time. We call our solution “powerful PAM made easy.” This reflects our commitment to an optimal end-user experience, where products are easy to try, buy, deploy, configure, and operationalize—solutions that won’t hinder employee productivity.

Thycotic PAM protects all privileged users

Our philosophy is to treat all access with a “never trust, always verify” approach and the principle of Least Privilege security as our guide. We believe all access should be treated like privileged access.

Modern PAM needs to secure every password and privileged object within the enterprise no matter where they reside—on-prem systems, multi-cloud layers, and devices—by embedding security controls within highest-risk layers: Clouds, Code, Data, and Devices. Let’s take each in turn.

Cloud

Over 80% of organizations operating in the cloud experience at least one compromised account each month, according to McAfee, stemming from external actors, malicious insiders, or unintentional mistakes. In the past year, 77% of cloud breaches involved compromised credentials, as reported in the 2020 Verizon Data Breach Report.

Modern PAM addresses SaaS, laaS, PaaS, private and hybrid multi-cloud scenarios.

Code

Rapid development practices require rapid PAM practices. Dev teams need on-demand access to cloud-based applications and databases to administer changes without compromising security or production credentials.

Modern PAM addresses high-velocity secrets management, robotic process automation or RPA, and CI/CD pipelines. We agree with Gartner that 50% of organizations using DevOps will adopt PAM-based secrets management products by 2021, rising from less than 10% today.

Companies keep thousands of files unprotected and open for anyone inside the company to access

Data

In addition to security regulations, privacy laws are evolving rapidly and adding to requirements for data protection. Yet, the Varonis 2019 Data Risk Report says companies keep thousands of files unprotected and open for anyone inside the company to access.

Modern PAM addresses sensitive data storage, customer PII, CRM, and collaboration records.

Devices

85% of cyber attacks enter through compromised endpoints, according to SANS.

Modern PAM needs to address hardware devices such as user workstations, laptops, and servers.

The element of “time” is often the most challenging to define and control

Many companies have kept privileges in place for too long, neglected to expire passwords and accounts, and failed to remove privileges when projects end or people leave.

According to Gartner, “…those who eliminate standing privileges will experience 80% fewer privileged breaches than those that don’t.”

Modern PAM encompasses a broad range of just-in-time strategies that provide users privileged access when—and only when—they require it.

Only PAM in the cloud can keep pace with the new definition of privilege

A few years ago, we decided to go “all in” on the cloud. In the summer of 2018, the cloud version of our flagship Secret Server product reached a significant milestone: for the first time a major PAM vendor’s cloud product reached feature parity with its on-premises equivalent. This move helped us accelerate our mission to deliver rapid time to value for all customers, regardless of deployment size, resources, or level of sophistication.

Security analysts including Gartner, Forrester, and KuppingerCole underscore the importance of cloud PAM in supporting enterprise needs and have validated our leadership. According to Gartner, “by 2025, up to 84% of all organizations will have adopted SaaS-based PAM tools in their PAM practice”.

I am incredibly proud that Thycotic was named a Leader in Gartner’s PAM Magic Quadrant. In 2020, Thycotic’s position advanced while other PAM vendors declined. We think that is because we embraced the cloud and focused on usable security for all.

We’re in this together

I want to thank all our incredible customers, partners and Thycotic team members for working together to rise to the modern PAM challenge.

But our mission isn’t complete and we’re not slowing down. We delivered three new products last year, and four new products already this year. We’re solving more challenges for our customers than ever before.

Stay tuned for more products and more resources to help you embrace the new definition of privilege and secure your organization.

IT Security should be easy. We’ll show you how.

Try Secret Server and experience how FAST & EASY
IT security products can be.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS