Osirium: Privileged Access Management
Osirium’s Privileged Access Management provides a secure, streamlined way to monitor privileged users for all relevant systems. It manages context-driven access over any number of systems across an infrastructure, and supports an innovative, task-based approach. Furthermore, it comes with a well-thought-out gateway approach for supporting downstream applications.
Osirium is a leading software vendor for Privilege Management solutions, with specific focus on the domains of Privileged Access Management, Privileged Task Management, Privileged Session Management and Privileged Behavior Management. It was originally founded in 2008 in the UK and is privately held. Currently it has over 50 employees catering primarily to UK customers, but as of the time of writing, Osirium has also started addressing the Asia Pacific Region (APAC) and to expand into the DACH region, especially Germany. Further plans for geographical expansion include the Middle East & North Africa (MENA) region.
The decision to expand their geographical reach has been on the road map for Osirium for some time now. This approach is also centered around developing a comprehensive network of channel partners, mirroring what Osirium has been doing in the UK.
In the age of digital transformation, the requirements for IT – but also the way IT is done – are changing. Organizations need to reinvent themselves and become agile and more innovative. Smart manufacturing and the Internet of Things expand the attack surface of organizations. Also, they must meet ever increasing regulatory requirements. To stay ahead, with the vast number of attacks that organizations are facing and the evolving regulations, organizations must invent new methods of addressing these needs while still perfectly serving their customers. Thus, they also need to constantly improve security, to have the right counter measures implemented and thus prevent attacks.
Privilege Management can be considered a domain of Cybersecurity since attackers usually go after the high privilege accounts. The users of the privileged accounts have the broadest access to sensitive company data such as HR records, financial information, payroll details or a company’s IP. Therefore, a strong emphasis needs to be placed on protecting these accounts, which eventually results in a reduced risk of breaches. Privilege Management helps in these scenarios, by increasing the protection of digital assets through protecting the most critical accounts and access to these systems.
Privilege Management is also part of the IAM (Identity and Access Management) domain, because it is about managing accounts and their passwords, as well as their access at runtime, e.g., by monitoring sessions.
Modern tools for Privilege Management must support a variety of requirements, from protecting the passwords of shared accounts, rotating the passwords of service and system accounts, to session monitoring and behavioral analytics.
Mature Privilege Management solutions go much further than simple password generation and access control to individual systems, but also provide a unified, robust, and – importantly - transparent Privilege Management platform which is integrated into an organization’s overall Identity and Access Management (IAM) strategy. While “password vaults” had been at the center of attention in earlier years, capabilities such as advanced analytics of privileged user behavior and advanced capabilities in session monitoring and analysis are becoming the new normal, all integrated into comprehensive suites. However, we also see a growing number of vendors taking different approaches to solve the underlying problem of restricting, monitoring, and analyzing privileged access and the use of shared accounts, such as focusing on task-based approaches for limiting the access for different types of users.
Among security risks associated with privileged users are:
- Leakage of credentials for shared accounts;
- Abuse of elevated privileges by fraudulent users;
- Hijacking of privileged accounts by cyber-criminals;
- Risks through abuse of elevated privileges on client systems;
- Risks through mistakes in using elevated privileges by users.
Furthermore, there are several areas of security, but also user convenience, with requirements which are associated with privileged accounts:
- Managing the ownership and knowing all privileged accounts, both individual and shared accounts;
- Single Sign-On to shared accounts for administrators and operators;
- Reducing elevated privileges of administrators, and in particular operators, to mitigate associated risks;
- Controls for managing, restricting, and monitoring access of MSPs when accessing internal systems;
- Controls for managing, restricting, and monitoring access of internal users to cloud services.
Consequently, multiple technologies and solutions have been developed to address these risks as well as provide better activity monitoring and threat detection. Amongst these, we find Osirium with their approach that focuses on enforcing the least privilege principle by restricting access of users to systems through a task-based approach, which complements their overall Privilege Management suite that delivers to common requirements of Privilege Management.
For a detailed overview of the leading PxM vendors, please refer to the KuppingerCole Leadership Compass on Privilege Management .