Key Findings: The 2018 Privileged Access Management Magic Quadrant

Key Findings: The 2018 Privileged Access Management Magic Quadrant

It’s here at last: after months of anticipation, technology research and analysis firm Gartner released their much anticipated 2018 Privileged Access Management Magic Quadrant report. In this report, Gartner evaluated the strengths and weaknesses of the 14 Privileged Access Management solution providers it considers the most significant in the market. They base their findings on distinct service and market share criteria.

Gartner’s researchers take their findings on each vendor and use them to create their proprietary Magic Quadrant graph. This graph plots the PAM solutions providers based on the completeness of, and their ability to execute on, their identity security platform’s capabilities and vision. The four categories of the Quadrant are Leaders, Visionaries, Challengers, and Niche Players. Despite the labels, Gartner explicitly states it does not endorse any vendor, product, or service depicted in its research publications.

The 14 vendors selected to the Gartner 2018 Privileged Access Management Magic Quadrant are ARCON, BeyondTrust, CA Technologies, Centrify, CyberArk, Fudo Security, Hitachi ID Systems, ManageEngine, Micro Focus, One Identity, Osirium, senhasegura, Thycotic, and WALLIX.

The Gartner 2018 Privileged Access Management Magic Quadrant is the first of its kind, marking the first time Gartner has formally evaluated the market category (hence the anticipation surrounding it). In the opening lines of the report, Gartner refers to PAM as “one of the most critical security controls, particularly in today’s increasingly complex IT environment.”

What does Gartner predict for the future of privileged access management market? Who was named a Leader, and why? And what does this Magic Quadrant mean for PAM?

The editors of Solutions Review read through the Gartner 2018 Privileged Access Management Magic Quadrant, available here courtesy of Centrify. Here’s what we learned:   

How Gartner Defines Privileged Access Management       

The first step to understanding Gartner’s analysis of PAM technologies is understanding what they mean by “PAM.”

Gartner’s researchers define privileged access management as technologies which “provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access.” All PAM use cases must offer the capabilities to discover privileged accounts on enterprise systems, automatically manage and vault passwords for critical administrative and application accounts, and control access to privileged accounts.

Gartner also distinguishes different key PAM capabilities for human users and services/applications. For example, the former requires single sign-on (SSO), whereas the latter must eliminate hardcoded passwords via availability on-demand to applications.

To be considered for inclusion in the Gartner 2018 Privileged Access Management Magic Quadrant report, vendors must meet certain conditions set by the researchers. These are both technical and market-related.

A few of the key technical requirements include:

  • The ability to secure storage capabilities for credentials.
  • User interfaces to examine privileged credentials.
  • Capabilities for privileged account discovery, mapping, and visualization across multiple systems.
  • Credential brokering to applications.

A few of the key market requirements include:

  • Competitive market share in at least major regional markets.
  • Sales of their PAM technologies to multiple industries.  

Who (Kind Of) Didn’t Make the Report

The Gartner 2018 Privileged Access Management Magic Quadrant is the first of its kind. As such, the report contains little of the normal examination of who or did not make the report this year (although Gartner does provide an Honorable Mentions List for those vendors who did not meet all the inclusion criteria).

The only significant absence Gartner comments on is Bomgar’s. However, this exclusion is not what it appears; Bomgar earlier this year purchased and merged with BeyondTrust. They took on the BeyondTrust name rather than the other way around, making them a vendor somehow both included and not included on this MQ.

4 Leaders in the Gartner 2018 Privileged Access Management Magic Quadrant

Of the 14 solution providers in the report, Gartner placed half of them in the Niche Players Quadrant. According to Gartner, Niche Players offer PAM technologies which fulfill the needs of specific use cases, industries, or applications; Gartner emphasizes that Niche Players can outperform their competitors and are often highly effective in their areas of focus.

Meanwhile, 3 of the vendors were named to the Visionaries Quadrant. These Vendors meet many PAM requirements but lack some quality or factor to execute fully on their respective visions. They are often innovators in their field, offering unique features in their solutions.

With no solution providers named to the Challengers Quadrant, that leaves only 4 vendors for the Leaders Quadrant. Gartner considers these providers as those with comprehensive PAM toolset, the capability to execute on their toolset, and a robust customer market.

The 4 Leaders of the Gartner 2018 Privileged Access Management Magic Quadrant are CyberArk, BeyondTrust, CA Technologies, and Centrify:

  • BeyondTrust receives praise for its integration of PAM functions with asset and vulnerability management. Gartner evaluated them before their acquisition by Bomgar. 
  • Gartner states CA Technologies’ PAM solution has some of the most efficient privileged session management capabilities available.
  • Centrify is lauded for its SaaS-delivered full remote PAM for third-party technicians, negating the need for VPN solutions.
  • Gartner praises CyberArk for its long history in the PAM market and for its technological innovations and product line expansion.       

What Will the Future Hold for PAM?

Gartner makes some bold predictions for the future of privileged access management, but the overall theme of those predictions is clear: growth. Gartner claims by 2021 40% of enterprises will embed PAM into their formal change management, and 50% will adopt PAM-based secret management into their DevOps. For comparison, less than 10% of enterprises incorporate PAM into either process in 2018.    

Gartner makes numerous other observations in its MQ report—including their 4 pillars of PAM. One of their most interesting: a PAM solution is not a substitution for a clear privileged access security vision for your enterprise. Without the right privilege processes in place, your enterprise will not see the success you’d like from your PAM solution. The reverse is also true: with a clear vision, success with a solution will follow.    

The absence of Challengers from the Magic Quadrant may indicate many of the PAM vendors prioritize industries and verticals rather than offering a broader toolset. This may be important for enterprises to note when seeking a PAM solution: there may be solution providers addressing your particular use case or business model.

You can read the full 2018 Privileged Access Management Magic Quadrant report here, courtesy of Centrify. 

Ben Canner