Maturing your Privileged Access Management with Gartner recommendations
Considering the recommendations from Gartner’s Market Guide for Privileged Access Management.
By Michael Dullea, Senior Director of Product Management
In our previous blog about Gartner’s Market Guide for Privileged Access Management (ID: G00315141), 2017, we discussed a couple of the key recommendations that Gartner made. Let us look at the implications of these recommendations and understand why they assume significance as you start off on your privileged access management (PAM) journey.
Let’s consider all the recommendations from the report:
Understanding your PAM needs over a period of time and mapping it to a roadmap is necessary. Many of our customers start off their PAM journey with just password vaulting. We have seen companies, who purchased our competitors PAM offerings, adopt a phased approach to purchasing and deployment, and then get very surprised/outraged when they receive the price quote for their next PAM module and discover it is much more expensive than they ever expected it would be. While adopting a phased approach to purchasing and deployment might seem to be a good strategy on the surface, it can potentially make the project much more expensive than expected if you don’t determine, upfront, the total cost for all the PAM software modules, hardware requirements, and the professional services you will require.
High availability (HA) of the PAM solution is critical, after all it is the gateway to all your critical data and applications. In our opinion, a PAM solution MUST:
If a highly available PAM solution requires you to pay for such functionality, you need to think twice before you invest any time or money into that solution. After all, if your roadmap for the deployment touches multiple environments (on-premise and cloud) and varied use cases (human users, scripts, applications etc.), HA is paramount. HA can be deployed out by assembling multiple components, but getting integrated HA in a PAM product helps enormously.
Scalability is another critical factor. Consider this, in 2/3 years, if you plan to expand the deployment to multiple geographies and/or departments, if you plan to extend the solution to protect DevOps environments or IoT control plane, scalability of your PAM solution will be important. There are different architectural approaches to providing scale. For example, one vendor solution requires additional infrastructure and licenses such as servers, OS, databases etc. in order to scale. If that is the case, you must ensure that the cost of these additional components significantly impact the total cost of ownership (TCO) of your PAM deployment.
Session recording is another important consideration. We believe it must be introduced into the deployment cycle as early as possible. After all, if you are deploying PAM and vaulting passwords, it is clear that you want accountability, visibility and auditability of any actions, right? Obviously, session recording impacts the scalability needs of your PAM solution.
Finally, considering non-human accounts is very important. Specifically, you must map out a 2/3 year journey for your PAM deployments. This journey should consider trends that impact your business. We strongly encourage you to put in place a maturity model that caters to your specific needs. Some of the factors to consider as you put such a model in place are discussed in the article posted here.
Gartner Market Guide for Privileged Access Management, Feliz Gaehtgens, Anmol Singh, Dale Gardner, 22 August 2017
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.