GigaOm Key Criteria for Evaluating Enterprise Password Management Solutionsv3.0

An Evaluation Guide for Technology Decision-Makers

Table of Contents

  1. Executive Summary
  2. Enterprise Password Management Sector Brief
  3. Decision Criteria Analysis
  4. Analyst’s Outlook
  5. About Paul Stringfellow

1. Executive Summary

Employees everywhere are buried in username and password combinations for both business and personal use. The average user has dozens, if not hundreds, of passwords to manage. Moreover, while human user passwords are a concern, there are also machine passwords used for connectivity and passwords and secure keys held directly inside of in-house developed code.

This proliferation presents a very challenging landscape that comes with high operations overhead and complexity that can often lead to poor practices, such as reusing passwords, writing them down, saving them in browsers, or holding credentials in code. All of these actions pose potential risks and make passwords a high-priority target for cybercriminals. They know that compromising passwords can give them control over key systems and sensitive data. The risk of password compromise is high, and the impact can be significant, which should make tackling these challenges with effective password management a priority for all organizations.

Enterprise password management tools can be an answer to those challenges. Password managers provide a centralized platform to govern the password process, enforce stringent controls, and provide users with a secure and simple way to manage them. Password management solutions store passwords in a secure vault accessed through a single master logon. Users access individual vaults that store passwords, simplify secure password creation, and, in many cases, allow users to interact with applications and websites using only the password needed to access their vault. Leading solutions may also offer secrets management to reduce the complexity of secure keys and their management and rotation.

Password management tools can enhance the user experience and make it more efficient, as well as lower operations overhead and improve overall security posture.

Business Imperative
For technical leaders, password management presents overhead expense and risk. Fortunately, the enterprise password management sector has many mature vendors with well-established products. Finding the right password management solution will deliver significant improvement. Even though its deployment will call for the education of users and change in processes, adoption will greatly enhance the security of password credentials, both human and machine, across an organization. The threat posed by compromised passwords and the impact of a compromise can be significant, so improving password security posture should be a priority.

Technical leaders understand that passwords are only part of the challenge, which is reflected in the fact that password management is increasingly becoming a component of broader identity management platforms, adding capabilities such as single sign-on (SSO) and lifecycle and privileged access management. Password managers also provide a bridge to help organizations move toward the goal of passwordless access. Leading solutions will support passwordless technology, such as biometrics and passkeys, and allow their adoption without the need to refactor the entire authentication process.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of an enterprise password management solution, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of an enterprise password management solution, we provide an overall Sector Adoption Score (Figure 1) of 3.6 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that an enterprise password management solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for enterprise password management are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating Enterprise Password Management Solutions

Sector Adoption Score

1.0

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for Enterprise Password Management

This is the third year that GigaOm has reported on the enterprise password management space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective enterprise password management solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading enterprise password management offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.