Forecast: 2018 Gartner Magic Quadrant for Privileged Access Management Solutions

Forecast: 2018 Gartner Magic Quadrant for Privileged Access Management Solutions

Gartner has released its 2018 Privileged Access Management Magic Quadrant 

On November 30 of this year, technology research giant Gartner will release their first Magic Quadrant report for Privileged Access Management Solutions.

Every year, cybersecurity technology professionals from every subcategory of our vast field eagerly await the arrival of their respective Gartner Magic Quadrant report. Thanks to their proprietary research methodology, Gartner’s annual marketplace analyses generate a level of buzz in the tech world only matched by Apple’s keynote speeches.

Whether it be for Endpoint Security, SIEM, or Identity Governance and Administration, the Magic Quadrant is heralded Gartner’s premier report for each cybersecurity marketplace. IT administrators, solutions architects, and cybersecurity professionals alike use Gartner’s findings and advice as a critical jumping-off point for their yearly initiatives and purchasing decisions.

But what does the 2018 Privileged Access Management Magic Quadrant mean for the identity security market overall? What will Gartner focus on in their evaluation of privileged access management solutions?

Since this is an entirely new Magic Quadrant (unlike Access Management, which evolved from a previous MQ) predicting the vendors included in the report will be impossible. However, the market can provide some indications:

Setting the Scene  

According to the Verizon 2018 Data Breach Investigations Report, 73% of cyber attacks were perpetrated by outsiders. Of these data breaches, over 80% were the result of weak or stolen passwords. If a hacker, whether external or internal, enters your enterprise’s network there is a 68% chance they will dwell there for months before being discovered.

With the average data breach costing over $3 million, the stakes have never been higher for enterprises. The fight over keeping threat actors out now revolves around credentials and access management.

Passwords and the single-factor authentication protocols have suffered a loss in popularity over the last few years. Enterprises and employees alike are finding passwords to be remarkably insecure; they are easily stolen or cracked. Often they fall prey to tactics like credential stuffing and password spraying—tactics that prove successful a distressing amount of the time. Further, passwords are incredibly easy to forget, which creates more issues for enterprise help desks as they try to recover them.

At the same time, passwords have hung on in part because of business process continuity. People understand how passwords work and will be suspicious of new technologies like hard tokens possibly disrupting their jobs.   

It is not a far stretch to assume Gartner will evaluate privileged access management solutions not only on their security but on their ease of deployment and adoption. While many experts say security should trump convenience, this may result in employee exacerbation and workarounds. Perhaps Gartner will evaluate this, as well as how it works with or against the mold of passwords.    

Key Capabilities in Privileged Access Management Solutions

Privileged access management solutions are designed to help keep your privileged credentials and most vulnerable assets secure against hackers. Unsecured privileged credentials can wreak horrific damage on your enterprise unchallenged due to their powerful permissions on your network. By deploying a privileged access management solution, enterprises can:

  • Implement Zero Trust Security, ensuring that factors like device location and typing behaviors are taken into account during authentication.
  • Implement the Principle of Least Privileges, limiting the power privileged credentials can have in the network and thus limiting the damage done during a theft
  • Closing orphaned account—accounts consider valid but without a user in the system directory.
  • Preventing password reuse—the number one cause of so many password thefts.

It remains to be seen which of these capabilities Gartner favors over another in their 2018 Gartner Magic Quadrant for Privileged Access Management. However, it will be safe to assume these features will have some place in their criteria.  

Will Biometrics Slip Into the Report?

The most common capability of privileged access manage is multifactor authentication (MFA). Experts disagree on where it is most appropriate for MFA to be deployed on an enterprise network. Some contend that MFA should be deployed as the perimeter to the enterprise network, demonstrating the same digital security they would deploy physically. Others say that MFA should be relegated to only entry points to the most valuable databases.

Gartner may or may not weigh in on this debate. Surely the strength of a vendor’s MFA capabilities will play a role in their placement on the Magic Quadrant. But the real question will be what role biometrics will play in their evaluation of Privileged Access Management Solutions.

Security experts have long stated biometrics will fit best into an MFA scheme rather than as an independent single factor authentication model. Many Privileged Access Management Solutions have thus incorporated them into their identity security. Will Gartner consider how PAM vendors handle biometric data in terms of security? Or how biometrics are used to authenticate? There is no Magic Quadrant report for Biometric Authentication…will the 2018 Gartner Magic Quadrant for Privileged Access Management become one by proxy?

Only time will tell. Stay tuned to Solutions Review to see the key findings of the 2018 Gartner Magic Quadrant for Privileged Access Management.      

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner