privileged access management Last week, BeyondTrust had a significant presence at the Gartner IAM Summit in Las Vegas. There were several takeaways from this important show, including: Let’s take a look at each of these takeaways in some more detail. The intertwining of PAM and IAM This really isn’t a new approach, but customers are starting to tackle more PAM and IAM projects together as the security and infrastructure teams in many enterprises begin to converge around core security concepts, such as least privilege and user access. A critical success factor for customers here will be to ensure they have flexibility in selecting their best of breed IAM and PAM partners, and not to be locked into a closed framework covering both (which won’t cover either very well). This convergence was evidenced by the number of attendees (350!) at our Solution Provider Panel Session, titled, “Practical Advice: How to Add Privileged Account Management to Your Enterprise IAM Strategy” featuring security leaders such as David Tyburski, CISO, Wynn Resorts; Ernie Anderson, Principal, Booz Allen Hamilton; and Nick Cavalancia, Founder, TechVangelism. The panel answered questions like:
  • Where did you start when it came to PAM? How did you prioritize?
  • How did you transition from PAM to IAM, or vice versa?
  • What lessons did you learn? What were the gotchas?
  • What is your 1-5 year IAM and PAM strategy?
  • What are the three things every CSO should consider before they begin a PAM project?
The record attendance at this session (orders of magnitude more than any other vendor with a session at that time, by the way!) is proof-positive that there are many questions yet to be answered on how to make PAM and IAM work together. Next, let’s talk about alternatives I personally had a dozen conversations – and my booth mates had many more – where an attendee would say something like, “I’ve got an active PAM POC going, and it’s not going well. There are surprises. It’s complex and expensive…” you get the idea. There are a couple of PAM vendors out there that are notoriously costly and complex, and customers are fed up. If you recall our Privilege Gone Wild study earlier this year, you likely remember that prospective customers worry most about the cost of CyberArk, Dell and CA. Watch for more on this soon! Finally, PAM is more than just passwords Although an important first step in gaining greater control and visibility over privileges, passwords are not the only challenge. Many one-dimensional “PAM” vendors out there are pushing their password-only option hard, to the detriment of customers. What happens when these customers want to expand their PAM coverage out to enforcing least privilege on endpoint management, or delegating access on Unix or Linux servers? Buy more best of breed and try to cobble it all together and hope it works out? What customers are asking for is:
  • Both broad and deep privileged account management capability across every scenario in an integrated platform
  • Detailed reporting and privileged analytics for multiple stakeholders to mitigate security and compliance concerns and tighten up operational practices
  • Alignment with other security solutions, providing a more complete picture of IT risk management – not another silo to manage
Scott Carlson, Security Architect for PayPal, addressed these very issues in his excellent session, “Trust But Control: Managing Privileges Without Killing Productivity.” Oh, and we had some fun, too When in Vegas, right? Check out some the fun we had – in the booth, at sessions, and in our Martini’s and Moolah suite. If we talked with you at the show, we want to continue to dialogue! Contact us today. If you need guidance on how to take your privileged account management deployment to the next level, check out our 7-step strategy for achieving complete privileged account management or read Gartner’s Twelve Best Practices for Privileged Access Management.