Why is PAM Gartner’s Top IT Security Project for 2019?

Why PAM is Gartner's Top IT Security Project for 2019?

Recently, Gartner analyst Brian Reed spoke at the Gartner Security Summit Last week and outlined the top 10 IT security projects enterprises. In his estimation, the number one IT security project for 2019? Privileged access management (PAM).

Of course, privileged access management also topped the list of IT security projects in 2018. Why does PAM receive this recognition? Why should your enterprise make PAM its priority IT security project for 2019?

The Context Behind Gartner’s Recognition

Before we can explore Reed’s observation in more detail, we need a comprehensive sense of the threat landscape. In a recent study, Centrify found 74% of enterprises suffered a breach due to a stolen or compromised privileged account. Additionally, the PAM provider found 26% of U.S. enterprises don’t have a grasp on what privileged access entails.

Perhaps this explains why so many enterprises lack the essential capabilities for protecting their privileged users. In fact, a majority of enterprises even basic capabilities such as a password vault. Additionally, even more businesses fail to deploy multifactor authentication, a more complex necessity.  

Moreover, a separate study Thycotic found enterprises often outright lack visibility over their privileged accounts; obviously, this renders efforts to manage those accounts moot. A significant number of enterprises don’t look for all of the privileged credentials associated with their network, leaving them open as security holes.

Meanwhile, security experts around the world hail identity as the new keystone to next-generation cybersecurity; some now proclaim identity as the digital perimeter—a role previously filled by antivirus software.

So what should your IT security project for PAM involve in 2019?     

Two Key Capabilities For Your PAM IT Security Project in 2019

First, Reed notes enterprises interested in refining and strengthening their overall cybersecurity must ensure they have the basics in check. These include endpoint protection, server protection, provisioning, deprovisioning, log management, and backup. Your enterprise can consider these smaller efforts which lay the foundation the more substantial IT security project of PAM in 2019.  

Reed only cited two capabilities when discussing PAM as a top IT security project for 2019: multifactor authentication and third-party access.

Why these two capabilities above all?

Multifactor Authentication

It remains difficult to determine precisely which enterprises and how many still use single-factor authentication policies. However, a significant number still do—much to their detriment.  

Indeed, single-factor authentication remains prone to password guessing or cracking; hackers can facilitate both processes with illicitly purchased tools and publicly available social media information. In fact, a novice hacker can crack most passwords in a matter of hours.  

Complicating these problems, users often use weak passwords for their essential accounts, reducing the time needed to crack them. Worse yet, users often repeat their passwords across multiple sites and accounts to ensure they remember them. As a result, they increase the chances of a successful credential stuffing attack wherein hackers try as many passwords as possible until something clicks.

Finally, hackers already possess a great number of passwords thanks to previous data breaches. In a single factor authentication protocol, hackers certainly have the high ground, so to speak.

However, the more factors between the access requester and your digital assets, the more secure the latter becomes. The addition of just one more factor can dramatically decrease both your chances of a data breach and your rate of targeting by hackers. Crucially, your business can deploy many additional factors without disrupting normal business processes.

These include geofencing, time of access request monitoring, and biometrics. The latter exists both as physical and behavioral factors.

Third-Party Privileged Access Management

Gartner identifies the other half of PAM as an IT security project in 2019 as privileged access management for third-parties.

While multifactor authentication helps secure your digital assets from without, third-party PAM can protect you from within your own network. After all, third-party actors generally aren’t listed in the enterprise Active Directory of legacy identity security solutions. As such, they don’t often deal with the normal process of provisioning and deprovisioning of other identities; legacy identity security doesn’t possess the visibility to ensure these processes on third-parties.

Thus third-party users, both human and digital, can escalate their privileges without oversight or approval; obviously, insider threats (and hackers) can exploit this for their own gain. Some of the most notorious data breaches in history began in this way.

However, with privileged access management, your enterprise can enforce the Principle of Least Privilege on your third party identities. According to this principle, users should only possess the permissions necessary for performing their job duties and no more.

Therefore, no one, including third-parties, can escalate their privileges independently. Additionally, you can more readily discover inappropriate permissions held by your third-parties and remove them.

Once you can do all this, your enterprise can close some of the most dangerous security holes facing your network.

PAM must become your top IT security project for 2019; both Gartner and the threat landscape agree on this point. If you want to learn more, you can also check out our 2019 Identity Management Buyer’s Guide. We dive into the top vendors and their key capabilities. Also, we provide a Bottom Line analysis for each vendor! 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner