Thycotic: More Businesses Embracing Cloud-Based PAM

Written by Edward Gately
May 7, 2019

PAM awareness is growing, but most businesses don't meet basic PAM security standards.

An increasing number of companies are moving to cloud-based privileged access management (PAM), creating new challenges for them along the way.

That’s according to Thycotic‘s 2019 RSA Conference survey. More than 200 security professionals were polled at the event.

Thycotic’s Joseph Carson

Joseph Carson, chief security scientist at Thycotic, tells us as more and more organizations choose cloud PAM, it provides a “huge opportunity” for MSSPs.

“One of the big opportunities for MSSPs is that when more companies choose a cloud PAM solution they also will evaluate the ability for it to be completely managed for them — so they just need to focus on consuming the solution rather than managing it as well,” he said. “More companies will choose security as a service over the next one to two years. ”

Some 21% of companies have adopted a PAM solution hosted in the cloud as a service or plan to implement such technology, and an additional 26% are looking to transition to a cloud-based PAM solution. Only 36% say they plan to keep their PAM solution on-premises, according to the survey.

The results indicate that organizations see a future with cloud-based security services and expect to increase their use of them to 65% over the next two years.

“The most surprising aspect was 50% of the respondents have 50% of their cybersecurity solutions being cloud-based,” Carson said. “Another surprise was that educating the executive board is the biggest challenge for getting budget approval and companies opt for fewer solutions to reduce the challenge from the shortage of skilled workforce. Many of the survey respondents indicated that they are accelerating their knowledge in PAM technology as the growing need and demand for skilled resources is increasing significantly.”

With more than 90% of the world’s data stored in the cloud, moving to PAM in the cloud coincides with Thycotic’s survey results that show unauthorized access – which should be protected by a PAM solution – is the top business risk to cloud environments.

Other results from the survey reveal that IT and security teams still struggle with getting management and daily users to understand the necessity of PAM solutions. Twenty-eight percent said the biggest challenge was convincing team members to use the PAM solution, while 24% cited educating organizations’ leaders, and 19% cited finding the budget for PAM technology.

“With all solutions, there is always a risk,” Carson said. “But the biggest risk is not getting the most value out of the solutions or the solution is not configured correctly. Cybersecurity providers can assist with following best practices and choosing an MSSP who will ensure that the PAM solution will be correctly configured.”

PAM awareness is rapidly growing; however, 85% of organizations fail to meet basic PAM security standards. Fortunately, two-third (66%) of respondents are increasing their knowledge of PAM technologies.

“The best way for organizations to increase their knowledge of PAM technologies is to read PAM for Dummies and then followed by Least Privilege Cybersecurity for Dummies, as these provide a solid learning path to quickly get up to speed,” Carson said. “This should be followed by reading additional resources from Gartner and KuppingerCole, then getting some hands-on experience with free tools.”