KuppingerCole Report
Executive View
By Martin Kuppinger

Devolutions PAM Solution

Devolutions provides a PAM solution targeted at SMB customers that provides a good baseline set of PAM capabilities and easy to deploy and operate. The solution comes with a password vault, account discovery capabilities, and strong remote access features. While some of the more advanced capabilities of the leading-edge PAM solutions are lacking, the product fits well to the target group of SMBs.

1 Introduction

Privileged Access Management (PAM), over the past few years, has become one of the most relevant areas of Cyber Security associated with IAM (Identity and Access Management) that deals with identifying, securing and managing privileged credentials and the resulting access across an Organization’s IT environment. Once considered a technology option for optimizing administrative efficiency by managing passwords and other secrets, PAM has evolved into a set of crucial technologies for preventing security breaches and credential thefts. PAM today concerns Security and Risk Management leaders as well as Infrastructure and Operation (I&O) leaders across the industries for several security and operational benefits.

Privileged Access Management represents the set of critical cybersecurity controls that address the security risks associated with privileged users and privileged access in an organization. There are primarily two types of privileged users:

  1. Privileged Business Users - those who have access to sensitive data and information assets such as HR records, payroll details, financial information, company’s intellectual property, etc. This type of access is typically assigned to the application users through business roles using the application accounts.
  2. Privileged IT Users – those who have access to IT infrastructure supporting the business. Such access is generally granted to IT administrators through administrative roles using system accounts, software accounts or operational accounts.

The privileged nature of these accounts provides their users with an unrestricted and often unmonitored access across the organization’s IT assets, which not only violates basic security principles such as least privilege but also severely limits the ability to establish individual accountability for privileged activities. Privileged accounts pose significant threat to the overall security posture of an organization because of their heightened level of access to sensitive data and critical operations. Security leaders therefore need stronger emphasis on identifying and managing these accounts to prevent the security risks emanating from their misuse.

Among the key challenges that drive the need for managing privileged access are:

  • Abuse of shared credentials
  • Abuse of elevated privileges by authorized users
  • Hijacking of privileged credentials by cyber-criminals
  • Abuse of privileges on third-party systems, and
  • Accidental misuse of elevated privileges by users

Furthermore, there are several other operational, governance and regulatory requirements associated with privileged access:

  • Discovery of shared accounts, software and service accounts across the IT infrastructure
  • Identification and continuous tracking of ownership of privileged accounts throughout their life-cycle
  • Establishing and managing privileged session to target systems for enhanced operational efficiency of administrators
  • Auditing, recording and monitoring of privileged activities for regulatory compliance
  • Managing and monitoring administrative access of IT outsourcing vendors and MSPs to internal IT systems, and
  • Managing and monitoring privileged access of business users and IT administrators to cloud infrastructure and applications

Consequently, multiple technologies and solutions have been developed to address these risks, as well as provide better activity monitoring and threat detection.

PAM is essential to all types of companies, well-beyond the large businesses. On the other hand, the broad and complex spectrum of technologies within the PAM market segment and the sometimes complex deployment are not always well-suited specifically for SMBs (small/medium businesses). While they need PAM, their focus (unless being high-risk businesses, e.g. in a critical infrastructure industry) must be on some essential capabilities, which specifically include

  • Managing credentials securely, specifically for shared passwords (Shared Account Password Management)
  • Providing secure remote access whenever required, as a baseline Privileged Session Management
  • Account Discovery to move this into protection

Devolutions focuses on specific PAM solutions for the SMB market, covering remote access, shared account password management for various types of accounts, and is about to add account discovery.

2 Product Description

Devolutions has a set of products that are centered around managing remote access to systems and securing passwords of users. These cover various use ...

Login Get full Access

3 Strengths and Challenges

The Devolutions PAM solution is targeted at SMB customers, even while it comes with several enterprise-grade capabilities, thus also being attractive ...

Login Get full Access

Copyright

©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top