Blog

There are many facets of Privileged Account Management

Mar 26, 2009
Martin Kuppinger

The PAM/PIM/PUM (Privileged Account/Identity/User Management; I prefer PAM) market is one of the boom markets in IT. I've blogged about that recently (here and here). And I've talked with many vendors in that market segment about what they are currently delivering and about what they have in mind for the future. These briefings and the ongoing analysis on PAM proves my thesis that it is still a relatively immature market (not saying that all the products are immature - there are some really good tools out there...).

The PAM market currently is in the typical situation of all emerging markets:

  • There are mainly small vendors.
  • First large vendors are entering the market, mainly through acquisitions.
  • There is no "standard feature set" but many different approaches to solve the problems of PAM.
The latter part is particular interesting to me. Besides the frequently limited support for different platforms and applications as well as for different types of privileged accounts, there are many different technical approaches and features. Some vendors focus on limiting administrative capabilities, other store passwords centrally, some support single sign-on features and so on. Last week I had a briefing with Cyber-Ark which recently announced their PIM Suite v5. Adam Bosnian of Cyber-Ark had a slide in his presentation which showed the evolution from their first solution towards the state of their new suite of PAM solutions. That included aspects like
  • Privileged Password Management
  • Privileged User Provisioning
  • Privileged SSO
  • Privileged Session Management
  • On-Demand Privileges
That list shows that there are many element. When talking with Novell about their Fortefi deal (not really an acquisition, more sort of an asset deal), they also talked about different elements like managing (and limiting) the access as well as auditing privileged access.

Even while some vendors (like Cyber-Ark) are adding more and more features, there is, from my perspective, still no complete solution which fully addresses every part of the PAM problem. Thus it is important first to analyze the specific requirements before choosing a PAM platform. And: Any selection should keep in mind that privileged accounts are found in every operating system as well as in many applications (including the technical users).

I'm convinced that we'll observe to things within the next 24 months:

  • The PAM tools will converge to a common standard feature set plus some additional capabilities - like it has happened for example in the are of Client Lifecycle Management some time ago.
  • There will be some acquisitions of smaller vendors, mainly by the established players in the IAM market. They will start integrating PAM into their suites.
  • There will be, on the other hand, new vendors which become visible - especially because there are several small vendors out there which have solved that problem for a small number of enterprise customers and specific platforms sometimes years ago. Some of them and probably some start-ups will enter the market.
Don't forget to attend my webinar today on another hot topic, Cloud Computing.

And you definitely should attend the European Identity Conference.

Latest posts by Martin Kuppinger
Passwordless Authentication 101
Enhancing Zero Trust in a ServiceNow Environment
Thales Acquires OneWelcome: Beyond CIAM
The Changing Market for Access Control & Risk Management for Business Applications