Executive View

CyberArk Privilege Cloud

Privileged Access Management (PAM) has evolved into a set of technologies that addresses some of the most urgent areas of cybersecurity today against a backdrop of digital transformation and industrial change. CyberArk Privilege Cloud is an as-a-service solution designed to protect and control privileged access across on-premises, cloud and hybrid infrastructures. It is part of a suite of solutions and technologies from one of the leaders in PAM solutions.

Paul Fisher

pf@kuppingercole.com

1 Introduction

Privileged Access Management (PAM) solutions are critical cybersecurity controls that address the security risks associated with the use of privileged access in organizations and companies. Traditionally, there have been primarily two types of privileged users:

  1. Privileged IT Users – those who need access to IT infrastructure and applications supporting the business for cloud and on-premises workloads. Such permissions are usually granted to IT admins who need access to system accounts, software accounts or operational accounts.

  2. Privileged Business Users - those who need access to sensitive data and information assets such as HR records, payroll details, financial information or intellectual property, and social media accounts but work outside the IT organization.

In recent years the picture has become more complicated with many more non-traditional users requiring and getting privileged access to IT and business data. Some will be employees working on special projects, others may be developers building applications or third-party contractual workers.

In recent years, PAM solutions have become more sophisticated making them robust security management tools in themselves. While credential vaulting, password rotation, controlled elevation and delegation of privileges, session establishment and activity monitoring are now almost standard features, more advanced capabilities such as managing credentials for non-human users, replacing scripts and dynamic secrets, offering native access to end users and the ability to embrace PAM scenarios in an enterprise governance program are becoming the new standard to protect against today’s threats - all integrated into comprehensive PAM suites. PAM is also available as-a-service from a number of vendors with much of the core functionality hosted outside the organization in the cloud.

Extended PAM features. As the market demands have developed vendors have added more functionality to their solutions.
Figure 2: Extended PAM features. As the market demands have developed vendors have added more functionality to their solutions.

PADLM: Privileged Account Data Lifecycle Manager
SAPM: Shared Account Password Management
AAPM: Application to Application Password Management
CPEDM: Controlled Privilege Escalation and Delegation Management
EPM: Endpoint Privilege Management
SRM: Session Recording Management
JIT: Just in Time provisioning
SSO: Single Sign-on
PUBA: Privileged User Behavior Analytics

Among the key challenges that drive the need for privilege management are:

  • Abuse of shared credentials;
  • Abuse of elevated privileges by unauthorized users;
  • Hijacking of privileged credentials by cyber-criminals;
  • Abuse of privileges on third-party systems;
  • Accidental misuse of elevated privileges by users.
  • The requirement to perform attestations on privileged users and admin accounts

Furthermore, there are several other operational, governance and regulatory requirements associated with privileged access:

  • Discovery of shared accounts, software and service accounts across the IT infrastructure;
  • Identifying and tracking of ownership of privileged accounts throughout their lifecycle;
  • Establishing Single Sign-on and/or native secure sessions to target systems for better operational efficiency of administrators;
  • Auditing, recording and monitoring of privileged activities for regulatory compliance;
  • Managing, restricting, and monitoring administrative access of IT outsourcing vendors and MSPs (Managed Service Providers) to internal IT systems;
  • Managing, restricting, and monitoring administrative access of internal users to cloud services.

Full article is available for registered users with free trial access or paid subscription.

Register and read on!

Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package