KuppingerCole Report
Advisory Note
By Paul Fisher

Trends in Privileged Access Management for the Digital Enterprise

Privileged Access Management (PAM) is one of the most important areas of risk management and security in any organization. Privileged accounts have traditionally been given to administrators to access critical data and applications. But, changing business practices, agile software development and digital transformation has meant that privileged accounts have become more numerous and widespread. To reduce the risk of privileged accounts being hijacked or fraudulently used, and to uphold stringent regulatory compliance within an organization, an adequate PAM solution is essential.
By Paul Fisher

1 Introduction

Privileged Access Management (PAM) solutions are critical cybersecurity controls that address the security risks associated with the use of privileged ...

Login Get full Access

2 Highlights

  • What is Privileged Access Management (PAM) and why it is critical to the security and compliance posture of organizations
  • Analysis of the PAM mark ...
Login Get full Access

3 Development of PAM

Once considered a technology simply for managing passwords, PAM has now evolved into a stronger and wider risk management function supported by featur ...

Login Get full Access

3.1 Business Technology

The changes in business technology have had significant impact on PAM and will continue to do so. The challenge to keep up with technology changes is ...

Login Get full Access

3.2 Business Processes

Technology changes are related to changes in business processes and usually the demand will precede the solution or application. Other times, a new te ...

Login Get full Access

3.3 Security Integrations

Privilege Access Management contributes to the security posture of the organization and therefor it is important that it doesn’t exist in a siloed e ...

Login Get full Access

3.4 Security Processes

As mentioned in 3.3, analytics and event management are essential for any organization as cybercrime and hacks are commonplace, few organizations will ...

Login Get full Access

4 Market growth

In recent years Privileged Access Management (PAM) has become one of the fastest growing areas of cyber security and risk management solutions. Kuppin ...

Login Get full Access

5 Cyber attacks, hacks and PAM

As the number of privileged accounts grew in organizations, criminals realized they were an easy route into those organizations if they could get hold ...

Login Get full Access

6 Understanding Privilege Access Management

The theory behind privileged accounts is sound. By restricting access to certain data or parts of the IT infrastructure to delineated people, you have ...

Login Get full Access

7 The elements of advanced PAM in detail

A simple PAM solution will provide an organization with the basic defences needed to protect privileged accounts, but most organizations today will ne ...

Login Get full Access

7.1 Privileged Account Data Lifecycle Manager (PADLM)

The usage of privileged accounts must be governed as well as secured. The PADLM function serves as a tool to monitor the usage of privilege accounts o ...

Login Get full Access

7.2 Shared Account Password Management (SAPM)

Best practice demands that organizations switch to single identity privileged accounts, but shared privileged accounts still exist in many organizatio ...

Login Get full Access

7.3 Application to Application Password Management (AAPM)

Part of digital transformation is the communication between machines and applications to other applications and database servers to get business-relat ...

Login Get full Access

7.4 Controlled Privilege Escalation and Delegation Management (CPEDM)

Another increasingly important function relative to the fluid and fast changing needs of digital organizations. As the name suggests it allows users t ...

Login Get full Access

7.5 Endpoint Privilege Management (EPM)

EPM offers capabilities to manage threats associated with local administrative rights on laptops, tablets, smartphones or other endpoints. EPM tools e ...

Login Get full Access

7.6 Session Recording and Monitoring (SRM)

Session Recording Management offers basic auditing and monitoring of privileged activities. SRM tools can also offer authentication, authorization and ...

Login Get full Access

7.7 Just in Time Provisioning (JIT)

Just-in-time (JIT) privileged access management (PAM) can help drastically condense the privileged threat surface and reduce risk enterprise-wide. Imp ...

Login Get full Access

7.8 Single Sign-On (SSO)

Single sign-on is a user authentication system that permits a user to apply one set of login credentials (i.e. username and password) to access multip ...

Login Get full Access

7.9 Other advanced features

PAM should accommodate the presence of a multitude of privileged users within an organization which includes temp workers, contractors, partner organi ...

Login Get full Access

8 Future trends and developments

PAM solutions have already become more sophisticated as security demands increase, as the previous chapters have shown. In some instances, the abundan ...

Businesses of all sizes are under pressure to transform and embrace digital in the global race to become more agile and flexible across the value chai ...

Login Get full Access

8.1 Moving beyond passwords and vaults

Some vendors are starting to offer agent-less and vault-less PAM solutions which stops credentials from ever being shared or stored and removes one la ...

Login Get full Access

9 Summary and recommendations to business

Any modern security solution has the responsibility to prevent security breaches and be easy to use for administrators and end users alike. It must al ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.