The Privileged Access Management (PAM) market has grown a lot in recent years. According to Statista, the global PAM market was worth $1.4 billion (£1.1 billion) dollars in 2018, and it’s forecast to be worth around $2.9 billion (£2.4 billion) by 2024.
Verizon’s 2021 Data Breach Investigations Report showed that 61% of data leaks involved privileged credentials and information, so it’s no surprise that more and more businesses are choosing to address cybersecurity risks and integrate PAM technologies into their cyber defences. The PAM market’s continuing to evolve, though, and two years after their last report, KuppingerCole has given us a snapshot of today’s PAM market. Read on for our two cents on the latest changes.
As we’ve already mentioned, the PAM market is growing fast. It’s attracting new players, and there are now more PAM and PAM-capable vendors (there are 25 in total) than ever before. New companies are entering the market, but many have launched with highly-focused PAM apps instead of suits, and are often cloud-native. The number of PAM solutions is growing despite the consolidations that have been happening recently - one of the current leaders in the market, for example, is Delinea, which was formed through the merger of Thycotic and Centrify.
One of the biggest players still standing is our partner, CyberArk, which KuppingerCole named once again as an Overall Privileged Access Management Leader in their latest report. Not only has it never been acquired or merged, but it’s publicly traded rather than owned by private equity. Kuppingercole noted in their report that CyberArk has one of the widest support levels for platforms and deployments, and has been investing heavily in R&D lately, adding new features and capabilities including Dynamic Privileged Access.
Despite the presence of bigger businesses like CyberArk and Delinea, which offer every kind of PAM solution, the market has seen a lot of innovation and diversification. The market is currently split between the end-to-end PAM offerings from the bigger players, and the newcomers, who are smaller and more specialised. These vendors focus on one specific area - like DevOps or database access, for example - and we’re seeing more and more of these coming into the market.
The growth of PAM is being fueled by more and more businesses turning to multi-factor authentication (MFA) to protect their privileged data from data breaches or attacks. MFA systems use a combination of passwords, PINs, security questions, one-time passcodes, and even biometrics to authenticate users, and PAM can be used to add an extra layer of protection for the most privileged account users.
Every business is different, and they all have different cybersecurity needs. With more and more businesses moving to the cloud, there’s a greater need for PAM, but there’s not a one-fits-all solution. The proliferation and diversity of new PAM solutions out there can help all businesses to protect their privileged credentials and their data.
Emerging technologies - as well as changing requirements in the identity and access landscape - are leading to new functionalities for PAM solutions. One that’s becoming particularly prevalent, for example, is Customer Identity Access Management (CIAM). A more specialised version of traditional Identity and Access Management (IAM) solutions , CIAM helps businesses to gather information on their customers. The main purpose of it is to help businesses manage customer identities, provide them with stronger cybersecurity, offer them an enhanced experience, and protect their users’ data at the same time. Both the bigger players and the more specialist providers have already begun introducing CIAM into their offerings. CIAM can be integrated with PAM solutions, giving privileged accounts the ability to access their customer data as and when they need it.
Managing privileged accounts can be challenging, particularly in cloud environments, and Cloud Infrastructure Entitlements Management (CIEM) looks set to change that. The complexity of modern cloud infrastructure has meant that businesses that have moved (or are in the process of moving) to the cloud are looking to improve their cloud infrastructure. They’re looking to reduce costs, improve their productivity, and use data better - and CIEM can solve some of the problems that PAM can’t.
CIEM helps businesses to manage the rights, permissions, and privileges for user identities in a cloud environment, making it easier for them to avoid risks such as privileges being higher - or lower - than they should be. With CIEM, IT and cybersecurity teams can ensure their cyber defences keep up with infrastructure changes.
Of course, this doesn’t mean that PAM is on the way out just yet. As Paul Fisher, the Senior Analyst and author of the KuppingerCole Leadership Compass, explained, “Traditional PAM is being slightly shifted right into more static areas of the business but is still fundamentally an important thing to have.” Some PAM vendors have even started offering capabilities that are similar to CIEM, to keep up with customer demand.
The changes in the global PAM market have meant things are improving for IT and cybersecurity teams. Customers have more and more choices now when it comes to PAM solutions, meaning that businesses of all sizes can find the right solution to fit their unique requirements - or simply opt for an all-in-one solution from one of the industry’s leaders.
Whatever solution you’re looking for, we can help. The experts at Infosec K2K can offer you specialist guidance, and help you find the product that’s the best fit for you.
Get in touch with us to find out more about how we can help you.