Navigating the PAM Landscape: Overcoming Deployment Barriers for Modern Security
PAM SaaS-based platform enables organizations to achieve full visibility, security, control, and reporting across every user on every device in an organization.
Join the DZone community and get the full member experience.Join For Free
Privileged access management (PAM) is critical for securing sensitive systems and data, especially with remote work's expanded attack surface. However, recent research by Keeper Security reveals significant barriers still inhibit broad PAM adoption. Cost and complexity top the list of challenges.
A survey of 400 IT and security leaders found 58% have not deployed PAM because it was too expensive. And 56% attempted PAM deployment but failed to fully implement due to excessive complexity. This indicates an appetite for robust PAM, but solutions remain out of reach for many.
The inability to effectively roll out PAM products exposes organizations to breaches, non-compliance, and privilege creep as unmonitored users accumulate excessive access. Tight budgets during economic uncertainty further stall PAM adoption, despite urgent security needs.
Legacy PAM offerings carry extensive licensing fees, professional services costs, and significant maintenance overhead. They require dedicated staff, which is unrealistic for resource-constrained IT teams. Extensive training and convoluted UIs create usability issues.
However, demand is strong for more affordable options, lowering the barrier to entry. 70% cited easier management and maintenance as the top benefit sought in a scaled-down PAM platform. Ease of integration, role-based controls, and reduced cost followed as leading requirements.
Interview insights from Keeper Security's founders, Darren Guiccione, CEO and Craig Lurey, CTO, at Black Hat 2023 further reinforced the customer desire for modern PAM maximizing simplicity, flexibility and value. They advocate consolidating disparate legacy products under a unified, cloud-based platform.
This new paradigm aims to deliver essential PAM capabilities for today's perimeter-less environments while avoiding needless complexity. Taming unruly costs also allows expanding protection from purely IT staff to the entire organization.
This vision eliminates the false choice between robust security and usability. Keeper's focus is providing customers precisely what they need most, not overengineered products with excessive features. Purpose-built PAM sharply aligns with modern deployment realities.
Lurey explained that Keeper will reach out and automatically rotate credentials in any environment it supports, including Azure AD, AWS, on-premise, databases, cloud infrastructure, websites, etc. Passwords are auto-generated by Keeper and it's all zero knowledge. It uses encrypted APIs and integrates into a unified vault.
Guccione shared a case study where a technology company replaced their EPM and secrets manager with Keeper. They went from paying $750,000 a year with 10 people are managing the solution to $175,000 with 8 people managing it. Customers want fewer vendors to work with. They need seamless solutions that coalesce to do that.
Companies are also looking for PAM solutions to help with compliance. They need to track and monitor every single person in the organization to know when and what they are accessing regardless of where they are. When you take a simple, defined perimeter, and you have a corporate governance device, and you work within their firewalls and within their physical network, that's manageable. When everybody moves remote, and they're distributed you've lost connection to their devices, and you have no way of knowing what they are accessing, downloading, or importing. Keeper solves this problem, helping companies achieve compliance.
For developers, seamless integrations and automation are critical for embedding security into workflows. Solutions like Keeper allow provisioning controlled access to credentials and secrets through code for CI/CD pipelines and infrastructure-as-code.
Forward-looking PAM platforms also increasingly leverage ephemeral credentials. These short-lived auto-generated identities restrict exposure, thereby shrinking attack surfaces.
Innovations in PAM aim to flip the script from security as obstacle to security as enabler. With smarter design, security controls not only safeguard credentials but also unlock agility gains. Developers stand to benefit tremendously from this evolution.
The message for enterprises is clear — today's PAM can likely secure your tomorrow, but only if excessive complexity and costs are stripped away without forsaking protection. Solutions must align to IT's needs and constraints. With the right foundations in place, PAM's potential to thwart breaches and empower innovation is vast.
Opinions expressed by DZone contributors are their own.