BR +55 11 3069 3925 | USA +1 469 620 7643

The Competitive Landscape report for PAM

by | Feb 11, 2021 | BLOG

Privileged credentials are spread across the infrastructure of organizations of all sizes and types. Through them, it is possible to take a series of administrative actions, such as significant changes in assets and critical systems as Domain Admin servers or ERP systems. No wonder one can also call them “keys to the kingdom”. 

And ensuring the security of these “keys” and privileged access is not an easy task for those responsible for Information Security. And taking into account the latest news of data leaks, not just IT teams but all organizational leaders are aware of the risks associated with privileged credentials and how such risks are considered to be part of the business strategy. 

It is also worth remembering that, driven by the shift to decentralized models, we saw a boom of cloud-based approaches. For this reason, according to Gartner, more than half of global companies that already use Cloud will adopt a 100% Cloud-based strategy by 2021. In addition, the increase in connected devices as a result of the expansion of IoT, Industry 4.0 (also called Industrial IoT), DevOps, and other digital transformation initiatives has also increased the number of connected devices and privileged credentials. Many of these credentials are not associated with people and are called service accounts. As they are not associated with a user, in most cases, these accounts are not properly managed and monitored by the security teams, which increases the risk of being exploited by malicious attackers.

And for those who think cyberattacks are limited to large organizations, 28% of these attacks were performed against small and medium-sized businesses, according to the Data Breach Investigation Report from 2020. Also, research by the National Cyber Security Alliance has found that 60% of these companies shut down within 6 months after a cyberattack. 

Regarding cyberattacks, some of the biggest and most recent ones involved the lack of proper protection for privileged credentials. The attack on SolarWinds, for example, came to show us the need to ensure the security of these credentials. This is because, by obtaining improper access to the infrastructure through malware, malicious attackers were able to move laterally through the infrastructure via compromised privileged credentials.

Thus, the goal of Privileged Access Management is to assist organizations to protect, control, manage, and monitor privileged access to critical assets. Therefore, by centralizing the management of privileged credentials in one place, a PAM solution is able to ensure the maximum level of security, controlling access and monitoring suspicious activities.

Gartner considers Privileged Access Management so important that it chose this market as the number one security project for two years in a row in its publication Top 10 Security Projects. And to address the Privileged Access Management scenario, Gartner has released the Competitive Landscape: Privileged Access Management report, prepared by its researcher Swati Rakheja. 

And with the increase in PAM adoption, mainly through SaaS deployments, privileged credential management solutions, which were previously limited only to global organizations, are now also reaching small and medium-sized companies. Also according to Gartner’s report, the PAM market will continue to experience great adoption, expecting a compound annual growth (CAGR) of 10.7% between 2020 and 2024, reaching the size of USD 2.9 billion in 2024. 

Considering that PAM use cases are evolving along with the capabilities and functionality of the solutions, and in order to continue to serve this large and promising market, PAM providers must reassess their strategic positioning in the market by offering new features to meet the needs of organizations of all sizes.

Some of the basic functionalities of a PAM solution, according to Gartner, include everything from credential discovery, onboarding, and management through password vaulting and rotation to privileged access governance and recording and auditing capabilities, such as privileged activity logging and reporting.

While small and medium-sized companies are starting their PAM implementations with these basic functionalities, global organizations are including advanced PAM use cases, which cover, for example, Just-in-time, or JIT access. When using JIT approaches, the solution performs access provisioning based on time of use, reducing the attack surface and the risks of attacks that exploit privileged credentials. 

Also, functionalities based on Artificial Intelligence and Machine Learning, Privileged Task Automation, or PTA, and privileged session auditing are also included in the list of advanced PAM functionalities.

Other emerging needs in the PAM market are access management in multi-cloud and DevOps environments, including CI/CD automation and secrets management.

It is important to note that this difference in the use of PAM features also extends to geographic regions: while emerging markets such as Asia-Pacific and Latin America are still implementing basic Privileged Access Management features, more mature markets such as the European and North American already consider and implement more advanced use cases.

Finally, Gartner’s report presents the competitive profile of the main provider within the PAM market, including senhasegura. In this profile, Gartner brings information such as the product or portfolio overview and how the provider competes in the market.

Regarding senhasegura, Gartner highlighted our PAM offer based on the privileged access life-cycle, considering the Before-During-After approach. This life-cycle includes aspects from the discovery of assets, credentials, and digital certificates to the visibility of actions performed in the environment, allowing the organization to cover all aspects associated with the protection of credentials and privileged access.

As a competitive advantage of senhasegura, Gartner mentions Keystroke Dynamic Identity, or KDI. Based entirely on Artificial Intelligence and Machine Learning, KDI allows the continuous verification of the user’s identity through behavioral biometrics. Gartner also shows that senhasegura has been highly praised by its users for its ease of use and quick installation, not to mention its intuitive and user-friendly interface.

Building Digital Manufacturing Through PAM

With the evolution of technology, manufacturing sectors are increasingly digitalized through solutions that optimize the processes carried out in these environments, reducing costs, eliminating human failures, and generating more productivity.  Among the technologies...

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are: What Is Just-In-Time...

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors. As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work,...

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role...
Copy link