Report: Pioneering Privileged Access Management

Gartner released the first-ever Magic Quadrant for Privileged Access Management*, – it is, in our view, a significant milestone for the industry. We believe it spotlights the critical importance of protecting privileged credentials amidst digital transformation initiatives and the ever-changing threat landscape.

So why the heightened interest in privileged access? The simple answer: disruption starts with privileged access.

The birth of an industry

The concept of ‘privilege’ started simply enough. Privileged access originally referred to the accounts that IT and systems administrators used to maintain networks and systems. These accounts were primarily shared accounts and gave the user all-powerful access to data and information systems on a network. Whoever controlled these accounts controlled the network.

Regulators understood that privileged accounts gave too much power to individual users over networks and data to not be accounted for. Corporate accountability would require an audit trail of who had access to privileged accounts, how they were being used and what they provided access to.

The introduction of the Sarbanes-Oxley Act (SOX) marked one of the first times that securing privileged accounts became critical to achieving compliance, quickly followed suit by regulations like HIPAA, PCI and more.

As the pioneer and a market leader, CyberArk has guided the evolution of privileged access management. CyberArk was the first software vendor to make it easy for organizations to identify, control and audit access to privileged accounts as part of their compliance programs.

Abused privileged access in the spotlight

One of the first major incidents that demonstrated the power of privileged access happened in the summer of 2008, when the city of San Francisco lost control over its FiberWAN network. Terry Childs, the city’s systems administrator, locked access to the network by resetting administrative passwords to its switches and routers.

This event was a high-profile example of the threat of privileged insiders, and begged the question – what would happen if an outside attacker gained this level of control over a network?

The ensuing years gave us an answer– from Edward Snowden, to Yahoo! and the U.S. Office of Personnel Management, to the Bangladesh Bank and Uber breaches – the common denominator was that attackers exploited the access typically granted to a powerful insider and used it to launch and execute their attacks.

Privileged access management as we know it today

Today, privileged credentials exist everywhere. The adoption of cloud, DevOps, robotic process automation and more has dramatically expanded the threat landscape. Attackers know this as well, which is why nearly 100% of all advanced attacks today rely on the exploitation of privileged credentials to reach a target’s most sensitive data, applications and infrastructure.

This is also why privileged account management is now recognized by Gartner as the number one security project for CISOs out of the company’s top security projects for 2018.**

CyberArk leads the market with its focus on simplicity, automation and risk reduction, delivering the most complete solution on the market to protect against external attackers and malicious insiders exploiting privileged credentials and secrets anywhere they exist – including across on-premises, hybrid cloud and DevOps environments, and on the endpoint.

* Gartner, Magic Quadrant for Privileged Access Management, Felix Gaehtgens, Dale Gardner, Justin Taylor, Abhyuday Data, Michael Kelley, 3 December 2018
** Gartner, Smarter with Gartner, Gartner Top 10 Security Projects for 2018, June 6, 2018

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
More about

Don't miss