Commissioned by SSH.COM
The pressure on organizations to transform and digitize and create new products and services has meant different processes and technologies are entering the workplace, and some are creeping in without a strategy to manage them. These include technologies such as Cloud, AI, Process Automation, IoT, DevOps, and XaaS (Anything as a Service). Critically, these trends are not confined to large enterprises but companies of all sizes, including SMBs. If anything, SMBs are likely to be at the forefront of digital change.
These trends and technologies offer big opportunities for smaller organisations to ensure they remain competitive and take advantage of new market opportunities, but they need to manage them and ensure they do not increase security and data risks by opening up vulnerabilities in access points.
New infrastructures require data be granted to a wide variety and increasing number of stakeholders. These include traditional line employees, admins and managers but now also individuals from partner organizations, contractors and even customers. Some of these will request and need access to critical assets in order to fulfil their roles: these are known as privileged users.
Digital transformation has changed the landscape for many SMBs. Identity and Access Management (IAM) tools are commonly used by business users but there is a subset of users called privileged users: such as, IT administrators, software engineers, DevOps teams and subcontractors. Employees and other stakeholders may need privilege access to complete a certain task and then no longer need it, requiring extra functionality from the solution. Contractors may be onsite for a short time also needing privilege access accounts, or when working remotely or at a subsidiary site. Some SMBs themselves are 3rd parties who access the critical data of other companies. The increased exposure to data and critical assets has meant the threat of unauthorized access has been elevated, and modern privileged access solutions must do as much as possible to prevent security breaches, as well as provide efficient speedy access to those who need it, when they need it and only for as long as they need it.
SMBs often have in-house solutions such as jump hosts, bastion hosts, VPNs, password managers and even Excel sheets to manage and restrict privileged access. There is a dedicated set of tools called Privileged Access Management (PAM) but often these are not used by SMBs, because the are typically considered to be costly big enterprise tools, are perceived to require massive IT projects or are not seen as elastic enough for SMB needs. The digital landscape has made this a much more challenging market for PAM vendors and has transformed PAM into something much more than a simple administration tool - but different types and size of business need solutions that fit the operations and market sector, and this is especially true of SMBs.
The solutions for smaller businesses need to be different in scale and feature set considering their place in the wider business ecosystem. This KuppingerCole Whitepaper sets out to explore why the privileged user management rules for SMBs are different and how SMBs should pay attention to vigorous PAM solutions despite worries about cost, deployment, scalability and ROI.