All Research
Moving to the cloud sets new challenges for managing access to critical IT environments for small and medium-size businesses (SMBs). These include managing access to multi-cloud services that are used on-demand but discarded when no longer needed, finding a scalable solution without big IT projects and costs, and managing administrative access with limited resources. At the same time, organizations must ensure subcontractors get the right level of privilege for the task at hand but don't walk away with access credentials. SMBs must also protect the company from privileged credential harvesting - now often automated - and demonstrate a solid audit trail if the SMB is accessing customer’s data. This KuppingerCole Whitepaper explores the various solutions for SMBs to overcome these challenges.

Commissioned by SSH.COM

1 Introduction

The pressure on organizations to transform and digitize and create new products and services has meant different processes and technologies are entering the workplace, and some are creeping in without a strategy to manage them. These include technologies such as Cloud, AI, Process Automation, IoT, DevOps, and XaaS (Anything as a Service). Critically, these trends are not confined to large enterprises but companies of all sizes, including SMBs. If anything, SMBs are likely to be at the forefront of digital change.

These trends and technologies offer big opportunities for smaller organisations to ensure they remain competitive and take advantage of new market opportunities, but they need to manage them and ensure they do not increase security and data risks by opening up vulnerabilities in access points.

New infrastructures require data be granted to a wide variety and increasing number of stakeholders. These include traditional line employees, admins and managers but now also individuals from partner organizations, contractors and even customers. Some of these will request and need access to critical assets in order to fulfil their roles: these are known as privileged users.

Privileged users

Digital transformation has changed the landscape for many SMBs. Identity and Access Management (IAM) tools are commonly used by business users but there is a subset of users called privileged users: such as, IT administrators, software engineers, DevOps teams and subcontractors. Employees and other stakeholders may need privilege access to complete a certain task and then no longer need it, requiring extra functionality from the solution. Contractors may be onsite for a short time also needing privilege access accounts, or when working remotely or at a subsidiary site. Some SMBs themselves are 3rd parties who access the critical data of other companies. The increased exposure to data and critical assets has meant the threat of unauthorized access has been elevated, and modern privileged access solutions must do as much as possible to prevent security breaches, as well as provide efficient speedy access to those who need it, when they need it and only for as long as they need it.

SMBs often have in-house solutions such as jump hosts, bastion hosts, VPNs, password managers and even Excel sheets to manage and restrict privileged access. There is a dedicated set of tools called Privileged Access Management (PAM) but often these are not used by SMBs, because the are typically considered to be costly big enterprise tools, are perceived to require massive IT projects or are not seen as elastic enough for SMB needs. The digital landscape has made this a much more challenging market for PAM vendors and has transformed PAM into something much more than a simple administration tool - but different types and size of business need solutions that fit the operations and market sector, and this is especially true of SMBs.

The solutions for smaller businesses need to be different in scale and feature set considering their place in the wider business ecosystem. This KuppingerCole Whitepaper sets out to explore why the privileged user management rules for SMBs are different and how SMBs should pay attention to vigorous PAM solutions despite worries about cost, deployment, scalability and ROI.

Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use