Key Criteria for Evaluating Privileged Access Management Solutionsv2.0

An Evaluation Guide for Technology Decision Makers

Table of Contents

  1. Summary
  2. Privileged Access Management Primer
  3. Report Methodology
  4. Decision Criteria Analysis
  5. Evaluation Metrics
  6. Key Criteria: Impact Analysis
  7. Analyst’s Take

1. Summary

Privileged access management (PAM) enables administrative access to critical IT systems while minimizing the chances of security compromises through monitoring, policy enforcement, and credential management.

A key operating principle of all PAM systems is the separation of user credentials for individual staff members from the system administration credentials they’re permitted to use. PAM solutions store and manage all of the privileged credentials, providing system access without requiring users to remember, or even know, the privileged password. Of course, all staff have their own unique user ID and password to complete everyday tasks such as accessing email and writing documents.

Users permitted to complete system administration tasks that require privileged credentials log into the PAM solution, which provides and controls such access according to predefined security policies. These policies control who can use which privileged credentials and when, where, and for what tasks. An organization’s policy may also require logging and recording of the actions taken while accessing data with the privileged credentials.

Once implemented, PAM will improve your security posture in several ways:

  • Day-to-day duties are segregated from duties that require elevated access, reducing the risk of accidental privileged actions.
  • Automated password management reduces the possibility that credentials will be shared, while it lowers the risk in case credentials are accidentally exposed.
  • Extensive logging and activity recording in PAM solutions assists with audit of critical system access for both compliance and forensic security.

This GigaOm Key Criteria report details the criteria and evaluation factors for selecting an effective PAM platform. The companion GigaOm Radar report identifies vendors and products that excel on those criteria and factors. Together, these reports provide an overview of the category and its underlying technology, identify leading PAM offerings, and help decision-makers evaluate these platforms so they can make a more informed investment decision.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.