Maturing your Privileged Access Management with Gartner recommendations

Considering the recommendations from Gartner’s Market Guide for Privileged Access Management.

By Michael Dullea, Senior Director of Product Management

In our previous blog about Gartner’s Market Guide for Privileged Access Management (ID: G00315141), 2017, we discussed a couple of the key recommendations that Gartner made. Let us look at the implications of these recommendations and understand why they assume significance as you start off on your privileged access management (PAM) journey.

Let’s consider all the recommendations from the report:

  • Avoid future sticker shock when extending deployments by planning ahead for evolving requirements over the next two to three years; and force vendors to provide pricing for expected features that you may need to buy.
  • Look for integrated high-availability features, built-in multifactor authentication (MFA) and value-priced bundled offerings if you are a small to midsize businesses.
  • Scrutinize vendors’ offerings for MFA integration support, scalability and autodiscovery features if you are a large and global organization.
  • Deploy session recording as soon as possible, because this capability will add accountability and visibility for privileged activity. Include this capability as part of your selection process.
  • Evaluate vendors on how they can help secure nonhuman service and application accounts — these accounts are major sources of operational and security risk, and most organizations have a significant number of them.

 

Understanding your PAM needs over a period of time and mapping it to a roadmap is necessary. Many of our customers start off their PAM journey with just password vaulting. We have seen companies, who purchased our competitors PAM offerings, adopt a phased approach to purchasing and deployment, and then get very surprised/outraged when they receive the price quote for their next PAM module and discover it is much more expensive than they ever expected it would be. While adopting a phased approach to purchasing and deployment might seem to be a good strategy on the surface, it can potentially make the project much more expensive than expected if you don’t determine, upfront, the total cost for all the PAM software modules, hardware requirements, and the professional services you will require.

High availability (HA) of the PAM solution is critical, after all it is the gateway to all your critical data and applications. In our opinion, a PAM solution MUST:

  • Provide built-in high-availability and
  • Not fleece you in the process

 

If a highly available PAM solution requires you to pay for such functionality, you need to think twice before you invest any time or money into that solution. After all, if your roadmap for the deployment touches multiple environments (on-premise and cloud) and varied use cases (human users, scripts, applications etc.), HA is paramount. HA can be deployed out by assembling multiple components, but getting integrated HA in a PAM product helps enormously.

Scalability is another critical factor. Consider this, in 2/3 years, if you plan to expand the deployment to multiple geographies and/or departments, if you plan to extend the solution to protect DevOps environments or IoT control plane, scalability of your PAM solution will be important. There are different architectural approaches to providing scale. For example, one vendor solution requires additional infrastructure and licenses such as servers, OS, databases etc. in order to scale. If that is the case, you must ensure that the cost of these additional components significantly impact the total cost of ownership (TCO) of your PAM deployment.

Session recording is another important consideration. We believe it must be introduced into the deployment cycle as early as possible. After all, if you are deploying PAM and vaulting passwords, it is clear that you want accountability, visibility and auditability of any actions, right? Obviously, session recording impacts the scalability needs of your PAM solution.

Finally, considering non-human accounts is very important. Specifically, you must map out a 2/3 year journey for your PAM deployments. This journey should consider trends that impact your business. We strongly encourage you to put in place a maturity model that caters to your specific needs. Some of the factors to consider as you put such a model in place are discussed in the article posted here.

Gartner Market Guide for Privileged Access Management, Feliz Gaehtgens, Anmol Singh, Dale Gardner, 22 August 2017

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


CA Community is the blog manager’s account used to post general updates and news items.

Comments

Modern Software Factory Hub

Your source for the tips, tools and insights to power your digital transformation.
Read more >
RECOMMENDED
The Business ABCs of APIsPaul Pedrazzi Shares the Secrets of Successful User-Centric SoftwareSecurity is as Simple as Human Nature