Federal IT Security Purchasing We all know that purchasing Federal IT security solutions is complicated – a veritable alphabet soup of requirements, processes, and procurement hurdles to overcome. So how can that possibly have anything in common with car buying, you say? It’s simple – people, processes, and the need to choose a solution that is efficient, cost effective and the best you can buy for your investment. When you start looking for a new car, what do you do? Check to see which models are the most highly rated by the experts and owners. Ask others what they like about the model they have. Check to see who is giving the best deal, and ask for a quote. As Federal IT decision makers, influencers, and purchasers you do exactly the same thing. And this is all the more relevant in purchasing security products – the wrong purchase can leave you stranded in the case of a damaging data breach! Fortunately, experts at Gartner are helping to take the legwork out of reviewing Privileged Access Management solutions in the market place. BeyondTrust is proud to be recognized for the third year in a row by Gartner as a representative vendor in the 2016 Gartner PAM Market Guide. So what are the analysts saying and how is it important to you as a federal technology expert? Let’s look at a few key findings from the report that align to CSIP and FISMA requirements:
  • “Prevention of both breaches and insider attacks remains the major driver for the adoption of privileged access management (PAM) solutions, followed by regulatory compliance and operational efficiency.”
  • “Federal agencies that are required to use multifactor personal identity verification (PIV)-based authentication for privileged users as part of HSPD-12 and Cybersecurity Strategy and Implementation Plan (CSIP) directives19 should look out for vendors that offer native support for Common Access Card (CAC) and PIV smartcards. CA Technologies (Privileged Access Manager, formerly Xceedium Xsuite) and BeyondTrust offer broad support for PIV-based authentication.”
  • “Vulnerability management: Some vendors such as BeyondTrust are leveraging synergies between privileged command delegation and vulnerability management to detect and prevent unsafe operations on potentially compromised or vulnerable systems. Vulnerability assessments can also be correlated with privileged activity for risk scoring.”
Privileged account and session management products, as well as privilege elevation and delegation management products are necessary IT security measures in your efforts to prevent and detect breaches. Successful implementation takes you one step closer to compliance. Let’s talk about where your agency is in your FISMA or CSIP journey. Your reporting deadline is just around the corner! Check out the Gartner PAM Market Guide for a complete assessment of PAM vendors, and compare your needs vs. what the leaders offer.