Content of Figures
- Figure 1 The PAM market is seeing dynamic growth as vendors seek to add better functionality to meet security challenges and more players enter the market.
- Figure 2 Transparent Security platforms including PAM must be embedded within the CI/CD lifecycle that DevOps teams work within.
- Figure 3 PAM for DevOps currently offers the choice of certificates or encrypted vaults to authenticate access.
- Figure 4 The Overall Leadership rating for the PAM DevOps market segment
- Figure 5 The Product Leadership rating for the PAM DevOps market segment
- Figure 6 Innovation Leaders in the PAM DevOps market segment
- Figure 7 Market Leadership in the PAM for DevOps Leadership Compass
- Figure 8 The Market/Product Matrix.
- Figure 9 The Product/Innovation Matrix
- Figure 10 The Innovation/Market Matrix
This report is an overview of the market for Privilege Access Management (PAM) solutions and provides a compass to help buyers find the solution that ...Login Get full Access
1.1 Market segment
Privileged Access Management (PAM) solutions are critical cybersecurity controls that address the security risks associated with the use of privileged ...
The impact of agile development and DevOps on PAM
The pressure on organizations to develop their IT infrastructures within an automated Continuous I ...
Transparent Security platforms including PAM must be embedded within the CI/CD lifecycle that DevOps teams work within. A security feedback mechanism ...Login Get full Access
1.2 Delivery models
This Leadership Compass is focused on PAM products for DevOps that are offered in on-premises, in the cloud or as-a-service (PAMaaS) by the vendor.Login Get full Access
1.3 Required capabilities
At KuppingerCole we believe that the following capabilities are essential if PAM is to meet the demands of DevOps and other agile development environm ...Login Get full Access
1.3.1 Toolchain support
Efficient DevOps teams will want to use the most effective set of tools for developing and delivering applications. Such tools can comprise of code, a ...Login Get full Access
1.3.2 Runtime support
Developers who wish to run apps in containers and elsewhere may not always have written all the code to fully execute. Therefore, they need access to ...Login Get full Access
1.3.3 Finished application support
One of the guiding principles of DevOps is support for CI/CD and to provide fast updates to applications, particularly when bugs or vulnerabilities ma ...Login Get full Access
1.3.4 Certificate support
While PAM has traditionally relied on an encrypted vault to store and manage passwords for authentication and access to privileged data and tools, the ...Login Get full Access
1.3.5 Base PAM support
While authentication of privileged accounts is of paramount importance within the DevOps environments to ensure users get access to the tools they nee ...Login Get full Access
1.3.6 High Availability (HA)
Having a method of accessing vaulted PAM accounts in an emergency is important for all PAM deployments but in the high stress, high strategic value De ...Login Get full Access
1.3.7 Non-human user support
Integral to digital transformation is the communication between machines and applications, and to other applications, data centres and databases to ge ...Login Get full Access
1.3.8 Shared account support
Best practice demands that organizations switch to single identity privileged accounts, but shared privileged accounts still exist in many organizatio ...Login Get full Access
1.3.9 Just in Time (JIT)
Just-in-time (JIT) privileged access management can help drastically condense the privileged threat surface and reduce risk enterprise-wide by grantin ...Login Get full Access
1.4 Other capabilities to support DevOps
PAM should accommodate the presence of a multitude of privileged users within an organization which includes temp workers, contractors, partner organi ...Login Get full Access
1.4.1 Privileged Account Data Lifecycle Management (PADLM)
The usage of privileged accounts must be governed as well as secured. A discovery mechanism to identify shared accounts, software accounts, service ac ...Login Get full Access
1.4.2 Controlled Privilege Elevation and Delegation Management (CPEDM)
This is another important function related to the fluid and fast changing needs of digital organizations. As the name suggests it allows users to gain ...Login Get full Access
1.4.3 Endpoint Privilege Management (EPM)
EPM offers capabilities to manage threats associated with local administrative rights on laptops, tablets, smart phones, or other endpoints. EPM tools ...Login Get full Access
1.4.4 Session Recording and Monitoring (SRM)
SRM enables more advanced auditing, monitoring and review of privileged activities during a privileged session, including key-stroke logging, video se ...Login Get full Access
1.4.5 Privileged Single Sign-On (SSO)
Single Sign-On is a user authentication system that permits a user to apply one set of login credentials (i.e. username and password) to access multip ...Login Get full Access
1.4.6 Privileged User Behaviour Analytics (PUBA)
PUBA uses data analytic techniques, some assisted by machine learning tools, to detect threats based on anomalous behaviour against established and qu ...Login Get full Access
Selecting a vendor of a product or service must not be based only on the comparison provided by a KuppingerCole Leadership Compass. The Leadership Com ...
The five vendors that comprise the Overall Leaders are well established brands: BeyondTrust, Centrify Corporation, CyberArk, SSH Communications Securi ...
In the Product Leader category, we see the same five Overall Leaders joined by one giant, Broadcom, and one much smaller but innovative company – Ha ...
This section is most interesting as Innovation is key to creating PAM that works well in DevOps environments. We have seven Leaders now: CyberArk, Bey ...
The results of this section are unsurprising. Centrify, BeyondTrust, CyberArk and Thycotic form a tightly knit group which accurately reflects their m ...Login Get full Access
3 Correlated View
While the Leadership charts identify leading vendors in certain categories, many customers are looking not only for a product leader, but for a vendor ...Login Get full Access
3.1 The Market/Product Matrix
The first of these correlated views contrasts Product Leadership and Market Leadership. This is where we see a more granular breakdown of the results ...
Vendors below the line have a weaker market position than expected according to their product maturity. Vendors above the line are “overperformers...Login Get full Access
3.2 The Product/Innovation Matrix
This view shows how Product Leadership and Innovation Leadership are correlated. It is not surprising that there is a pretty good correlation between ...
Vendors below the line are more innovative, vendors above the line are, compared to the current Product Leadership positioning, less innovative.
In ...Login Get full Access
3.3 The Innovation/Market Matrix
The third matrix shows how Innovation Leadership and Market Leadership are related. Some vendors might perform well in the market without being Innova ...
Vendors above the line are performing well in the market compared to their relatively weak position in the Innovation Leadership rating; while vendors ...Login Get full Access
4 Products and vendors at a glance
This section provides an overview of the various products we have analyzed within this KuppingerCole Leadership Compass on PAM. This overview goes int ...Login Get full Access
Ratings at a glance
Based on our evaluation, a comparative overview of the ratings of all the products covered in this document is shown in Table 1. ...Login Get full Access
Table 1: Comparative overview of the ratings for the product capabilities
In addition, we provide in Table 2 an overview which also contains four ad ...Login Get full Access
5 Product/service evaluation
This section contains a quick rating for every product/service we’ve included in this KuppingerCole Leadership Compass document. For many of the pro ...Login Get full Access
After acquiring Avecto, Lieberman software and BeyondTrust, Bomgar decided to merge the businesses and keep the BeyondTrust brand for the new entity. ...Login Get full Access
Based in the US, Centrify offers several PAM modules as part of an overall suite which includes privileged access, authentication, privileged elevatio ...Login Get full Access
Headquartered in Israel and the US, CyberArk is one of the more mature providers of PAM solutions having been in the market since 1999. It has continu ...Login Get full Access
Based in Ohio (US), EmpowerID offers several products within its broader IAM portfolio, of which EmpowerID Privileged Access Management (PAM) is its r ...Login Get full Access
HashiCorp is a provider of multi-cloud infrastructure automation software for cloud and on-premises environments. Built on an open-source foundation, ...Login Get full Access
5.6 SSH Communications Security
Based in Helsinki, Finland, SSH.COM offers PrivX as its primary product in the PAM market. PrivX is a relatively new offering in the market by SSH.COM ...Login Get full Access
5.7 STEALTHbits Technologies
Founded 2002, in Stealthbits Technologies is a US-based company that offers several solutions designed to help organizations meet their GRC obligation ...Login Get full Access
5.8 Symantec (was acquired by Broadcom Inc.)
A new name for PAM but one borne by the acquisitions by US chip giant Broadcom of CA Technologies and subsequently, Symantec. Having digested the form ...Login Get full Access
Based in Washington D.C. (US), Thycotic offers the Secret Server platform as its primary PAM. Secret Server is known for its comprehensiveness, ease o ...Login Get full Access
6 Vendors and Market Segments to watch
Aside from the vendors covered in detail in this Leadership Compass document, we also observe other vendors in the market that we find interesting. So ...Login Get full Access
6.1 Remediant SecureONE
Based in San Francisco, Remediant is a single product PAM company founded in 2013. Its SecureONE product uses agent-less and vault-less technology at ...Login Get full Access
Saviynt is a US-based company founded in 2010 that specializes in IGA and Identity solutions. It has recently entered the PAM market with a new cloud- ...Login Get full Access
US based Venafi offers TrustAuthority, a machine identity protection platform that also offers extensive SSH key management for securing privileged ac ...Login Get full Access
7 Related Research
Advisory Note: Trends in Privileged Access Management for the Digital Enterprise –71273
Architecture Blueprint: Access Governance and Privilege Management – 79045
Blog: PAM Can Reduce Risk of Compliance Failure but is Part of a Bigger Picture
Blog: Privileged Access Management Can Take on AI-Powered Malware to Protect
Blog: Taking One Step Back: The Road to Real IDaaS and What IAM is Really About
Executive View: BeyondTrust Password Safe – 80067
Executive View: CyberArk Privilege Cloud – 80122
Executive View: Devolutions PAM Solution – 80070
Executive View: One Identity Safeguard Suite – 80074
Executive View: Thycotic Privilege Manager – 80004
Executive View: Wallix Bastion – 79053
Executive View: Xton Technologies Access Manager – 80128
Leadership Brief: Privileged Account Management Considerations – 72016
Leadership Compass: Identity Provisioning – 70949
Leadership Compass: Identity Governance & Administration – 71135
Leadership Compass: Privilege Management - 72330
Whitepaper: AI, Machine Learning and Privilege Access Management – 80120
Whitepaper: Privileged Access Requirements for Small to Medium Size Businesses (SMB) – 80123
Whitepaper: Understanding Privilege Access Management – 80302