Novell has announced that they have acquired the technology for privileged account management (PAM) from Fortefi Ltd. PAM addresses the need to better manage privileged accounts. It is a broad field, starting with root account management in the Unix and Linux environments and reaching out to technical user accounts, system users and local as well as domain administrators in Windows environments or database and other system administrators. There are many privileged accounts out there. And these accounts frequently aren't well managed, despite the fact that they either have full access or at least at lot of access rights. Sometimes they are used by several persons, there passwords becoming (sort of) public. Frequently, no responsibility for these accounts is assigned to a user. A consistent lifecycle management often is missing.

Thus it is no surprise that auditors are analyzing the state of PAM more often than in former days. Missing PAM is a risk, opening the door for insider attacks - and sometimes making outsider attacks more easy and more hazardous. Companies have to act on this.

Over the years, a pretty segmented PAM market has evolved. Some companies only address the Unix/Linux root account management, others focus on Windows accounts. Most of these solutions are point solutions, even while the management of privileged accounts should be a part of the overall identity/account lifecycle management. Thus it is no surprise, that Novell as an established vendor in that market has acquired a PAM vendor. We have predicted this before, for example in our "Trend Report IAM and GRC 2009-2019". And we expect other established IAM vendors to enhance their portfolios as well. Thus, the Novell deal with Fortefi might be the first one in a wave of acquisitions.

There are two important things to note:

  1. Novell has done a step into this market, but the solution which focuses on Linux/Unix root accounts doesn't fully solve the requirements. There are many other privileged accounts out there which have to be managed. Novell will have to go beyond the Fortefi solution.
  2. When an IAM vendor acquires PAM technology, the logical next step is to integrate the technology with their Identity Lifecycle Management offerings, going beyond the standalone approaches which are most frequently found in the PAM market today.
Overall, the Novell acquisition will have a significant impact on the PAM market, which today is (as mentioned) segmented and where most (but not all) of the vendors are relatively small and pretty specialized.