The PAM/PIM/PUM (Privileged Account/Identity/User Management; I prefer PAM) market is one of the boom markets in IT. I've blogged about that recently (here and here). And I've talked with many vendors in that market segment about what they are currently delivering and about what they have in mind for the future. These briefings and the ongoing analysis on PAM proves my thesis that it is still a relatively immature market (not saying that all the products are immature - there are some really good tools out there...).
The PAM market currently is in the typical situation of all emerging markets:
- There are mainly small vendors.
- First large vendors are entering the market, mainly through acquisitions.
- There is no "standard feature set" but many different approaches to solve the problems of PAM.
- Privileged Password Management
- Privileged User Provisioning
- Privileged SSO
- Privileged Session Management
- On-Demand Privileges
Even while some vendors (like Cyber-Ark) are adding more and more features, there is, from my perspective, still no complete solution which fully addresses every part of the PAM problem. Thus it is important first to analyze the specific requirements before choosing a PAM platform. And: Any selection should keep in mind that privileged accounts are found in every operating system as well as in many applications (including the technical users).
I'm convinced that we'll observe to things within the next 24 months:
- The PAM tools will converge to a common standard feature set plus some additional capabilities - like it has happened for example in the are of Client Lifecycle Management some time ago.
- There will be some acquisitions of smaller vendors, mainly by the established players in the IAM market. They will start integrating PAM into their suites.
- There will be, on the other hand, new vendors which become visible - especially because there are several small vendors out there which have solved that problem for a small number of enterprise customers and specific platforms sometimes years ago. Some of them and probably some start-ups will enter the market.
And you definitely should attend the European Identity Conference.