Gartner: privileged access management is the #1 cyber security priority

7 min read.

News Article
4 January 2019

recent report from Gartner reveals the top IT Security Projects. Privileged Access Management (PAM) has been reported as the #1 Cyber Security priority with traditional security measures no longer being seen as an effective security control alone.

Cyber security is on the top of everyone’s mind in today’s hyper connected world, with fast-growing technologies like cloud, mobile and virtualisation making security boundaries a little blurred. For many years organisations have protected their valuable and senstive information by building a fence around its assets, whilst all the data that flowed in and out was either via a single internet access point or on physical devices.

Today however, there is regular news of cyber attacks defeating these protection strategies, usually attributed beyond our own country’s borders and laws. As a result, those tasked with keeping data secure are looking for new ways to protect their business and its data. We know now however that privileged access is the access most often targeted by cyber security threats because it leads to the most valuable information.

Building multiple levels of security on the perimeter such as firewalls, VPNs, access controls, IDS, IPS, SIEMs and email gateways is therefore no longer deemed fully effective and needs to be combined with Privileged Access Management. When this approach is being adopted, we’re seeing the risk of firms being breached by an attack significantly reduce. It not only has a hugely postive impact on security, but also empowers employees to be part of that security perimeter on the front line.

Why is PAM the #1 Priority for IT Security?

‘Privileged Access’ encompasses access to computers, networks and network devices, software applications, digital documents, and other digital assets that upper management, IT administrators, and service account users have. This access allows more rights and permissions than those given to standard business users and ensures this access remains secure.


One of the major reasons that Privileged Access Management is the #1 priority for organisations in 2018 is that it saves them time and money—both of which can go back into their cyber security efforts—and it enables the CISO to get more done with the same budget.  Most cyber security solutions only reduce risk, so most organisations spend valuable budget on security solutions that typically add no additional business value.

However, the right PAM solution makes employees more productive by giving them access to systems and applications faster and more securely.  Implementing a PAM solution secures access to sensitive systems and reduces the risk of getting compromised by disclosed passwords on the dark web. PAM also reduces cyber fatigue and simplifies the process of rotating and generating new complex passwords. All of these save valuable employee time which translates directly into cost savings for the business.


When was the last time you heard someone talk about how much they like their Antivirus Software or how great their firewall is at protecting the business?  Chances are, never.  But when employees talk about Privileged Access Management it’s a different experience.

Often cyber security solutions have a negative inmpact on productivity, resulting in employees looking for ways around them and greatly increasing risk. Many individuals infact default to using the same passwords for multiple accounts as they have no other way of managing access more effectively. They need to gain quick access to information on a daily and hourly basis and this is often their priority over ensuring it is secure.

Successful CISOs are finding ways to enable employees to take accountability for security, and the best way to do this is to implement a robust yet simple PAM solution.  This will generate new passwords and rotate them when they are stolen or compromised, which these days could be as often as every week. PAM creates a positive relationship between the cyber security team and employees. This is a MAJOR WIN for the CISO.


A large number of organisations have to comply with industry and government regulations and this creates its own challenges. Coming with strong security control recommendations, Privileged Access Management can help get ahead quickly and develop a strong baseline. To be compliant, strong policies have to be in place that cover privileged accounts, monitoring usage and secure logons amongst others.

A PAM solution enables you to get in control of managing and securing privileged accounts to meet the needs of the access control requirement for a good number of the regulations, fast-tracking your way to being compliant.


During a cyber-attack your Privileged Access Management solution enables you to quickly audit privileged accounts that have been used recently, discover whether any passwords have been changed, and determine which applications have been executed.  It’s also a good idea to take a snapshot of the audit logs.  You may have already prepared privileged accounts that are used explicitly for Incidents and enable them to be used by the technical and security team to quickly access systems.

Well-designed PAM software also lets you restrict access to sensitive systems, require additional approval processes, force multi-factor authentication for privileged accounts and quickly rotate all passwords to prevent further access by the attackers. PAM can help compare a baseline to before and after the incident, so you can quickly determine which privileged accounts might be malicious and audit the life-cycle.  This is a good way to ensure you’ll recover and maintain the integrity of your privileged accounts.


Privileged Access Management is a very strong and powerful cyber security solution that keeps most cyber-criminals moving to another target that is not using a PAM solution.

Integrating PAM as part of the broader category of Identity and Access Management (IAM) ensures automated control of user provisioning along with best security practices to protect all user identities. PAM security can also be integrated with Security Information and Event Management (SIEM) solutions. This provides a more inclusive picture of security events that involve privileged accounts and gives your IT security staff a better indication of security problems that need to be corrected, or those that require additional analysis.

PAM can also be used to improve insights into vulnerability assessments, IT network inventory scanning, virtual environment security, identity governance, and administration and behavior analytics. By paying special attention to privileged account security you can enhance all your cyber security efforts, helping safeguard your organisation in the most efficient and effective way possible.

Some Important Considerations:

PAM is the #1 Cyber Security Priority and—thanks to its excellent adoption rate—Thycotic is the #1 choice for complete Privileged Access Management, application control and protecting endpoints.

Experiences with older legacy Privileged Access Management software vendors may have been scary; very complex; required expensive professionals; been very costly; taken years to implement; or never got completely installed.

At Thycotic we have made Privileged Access Management a friendly solution. It’s simple and easy to use, can be easily learned by your own professionals, provides value for money, is fast to implement and provides a satisfying experience.

If you would like to discuss your current security requirements or find out how Thycotics PAM solution works, contact one of the team at NETprotocol:

0330 055 3385

Email Us

Tweet Us