What is Privileged Access Management and why it’s growing at 32% CAGR

Posted by John Ryan
on 07-Nov-2018 15:30:43

What is Privileged Access Management and why it’s growing at 32% CAGR

Privileged Access Management refers to a class of solutions that help secure, control, manage and monitor privileged access to critical systems. A privileged user has administrative access to these critical assets.

F1-board-complexity-3For example, admin accounts have such a huge breadth of access they need to be extra secure. PAM puts these admin accounts inside a secure repository and access must go through the PAM system to be authenticated. Access is logged and reset each time to ensure access is always made through the PAM system. This isolates the use of these privileged accounts and so reduces the risk of those credentials being stolen.

Passwords universe growth

As the total universe of passwords is likely to grow from approximately 90 billion today to 300 billion by 2020, organisations across the world face a massively growing cyber security risk from hacked or compromised user and privileged accounts, according to research by Cybersecurity Ventures.

95 credentials and passwords are stolen every second

The research notes that more than 3 billion user credentials/passwords were stolen in 2016. That breaks down to 8.2 million credentials and passwords stolen every day or 95 credentials and passwords stolen every second.

Losing user passwords causes serious concerns but losing passwords to privileged accounts can be catastrophic. A privileged account can be human or non-human; they exist to allow IT professionals manage applications, software and server hardware.

Privileged accounts provide administrative or specialised levels of access based on higher levels of permissions that are shared. Some types of non-human privileged accounts are application accounts used to run services requiring specific permissions. The ultimate goal of any hacker is to obtain privileged access so that they can essentially do whatever they want.

200 days to detect a breach

When attackers compromise a privileged account, they can perform malicious activity, steal sensitive information and commit financial fraud. They can often remain undetected for weeks or months at a time. Most cybersecurity breaches go undetected for more than 200 days.

The danger is obvious, but it’s important to understand how cybercriminals and malicious insiders can compromise any end-user or privileged account and “escalate” their privileges to steal information and damage the reputation of any organisation.

80% of breaches involve compromised accounts

Industry analysts estimate that from 60% to 80% of all security breaches now involve the compromise of user and privileged account passwords. Yet, traditional methods of identifying and managing privileged accounts still rely on manual, time-consuming tasks performed on an infrequent or ad-hoc basis.

Privileged Access Management

Privileged Identity Management is a software solution used to manage the identity and access rights of privileged users and outsourced IT vendors to prevent internal cyber threats. The solution has also been enhanced in recent times to provide privileged access rights to regular employees - termed as privilege elevation - as and when the situation demands.

Privileged users can be IT staff and managers who have administrative access to critical systems. The solutions help protect, manage and monitor privileged accounts and access and helps with regulatory and compliance needs.

With proper privileged access Management, an organisation can prevent insider and outsider security threats, cut down business cost and enhance its information security posture.

The overall Privileged Access Management market is expected to grow from $922 million in 2016 to $3,792.5 million by 2021 - a Compound Annual Growth Rate (CAGR) of 32.7%. The constant pressure of managing data breaches along with the need to improve productivity and reduce costs has led enterprises of all sizes to adopt privileged identity management solutions for critical credentials management.

Zinopy provides Privileged Access Managed Service (PAMaaS) as part of our inSIght Managed Security Intelligence Service.

Topics: Security

Written by John Ryan

John Ryan has over 25 years’ experience in the IT industry gained in high profile roles in the IT Security market with Entropy, Calyx and as founder and CEO of Zinopy. He has a breadth of technical experience in all areas of networking and security, with a particular focus on data security and enterprise risk management. John is a regular speaker at industry events.
Find me on:

Zinopy Blog

Zinopy is the trusted workspace virtualisation and information security specialists, and Ireland's leading #CitrixSpecialist Platinum Partner.

Subscribe to our blog for expert views and valuable industry advice and learn how to address your key cyber security and workspace virtualisation challenges including:

  • Preparing for GDPR
  • Protecting against cyber threats
  • Embracing digital transformation

Subscribe Here!

Recent Posts