How cloud PAM can transform the enterprise

The cloud wins for enterprise and cybersecurity tech stacks that need to upgrade privileged access management (PAM). Ninety-four percent of companies report using cloud services today, and 75% say security is a top priority. Sixty-seven percent of companies have already standardized their infrastructure in the cloud. In addition, this year according to GartnerMore than $1.3 trillion in enterprise IT spending is at stake from the cloud shift, and will grow to nearly $1.8 trillion by 2025.

By 2025, 51% of IT spend will have shifted from traditional solutions to the public cloudcompared to 41% in 2022. Nearly two-thirds (65.9%) of application software spending will be spent on cloud technologies in 2025, up from 57.7% in 2022.

“The shift to the cloud has only been accelerated over the past two years by COVID-19 as organizations responded to new business and social dynamics,” said Michael Warrilow, research vice president at Gartner. “Technology and service providers that fail to adapt to the pace of the cloud shift are at increasing risk of becoming obsolete or, at best, relegated to low-growth markets.”

Zero trust should guide PAM adoption

The faster enterprises migrate workloads to the cloud, the greater the risk of potential breaches. Relying on legacy on-premises PAM systems to protect new cloud infrastructure is like buying a new car and insisting on traditional key locks instead of Bluetooth-enabled key fobs.

Organizations are also realizing that PAM should be a core part of any zero-trust network access strategy (ZTNA). Designing PAM at the core of an enterprise ZTNA framework ensures the identity access management (IAM) trust weaknesses of individual public cloud providers, and PAM apps will not turn into intrusion attempts and breaches.

For example, Amazon Web Services, Google Cloud Platform, and Microsoft Azure each have their own IAM applications. But no one can protect a diverse hybrid cloud environment from privileged credentials. For this reason, a cloud-based PAM platform encompassing a full hybrid cloud infrastructure is critical to achieving an enterprise-class ZTNA framework. Due to the growing need among enterprises, the PAM market is expected to grow at a compound annual growth rate of 10.7% from 2020 to 2024, reaching a market value of 2.9 billion dollars.

Previously, enterprises spent the bare minimum on PAM on-premises systems to meet compliance requirements. Legacy PAM systems are not designed to support the fundamental elements of zero trust or provide API integration options to become part of a ZTNA-based framework. They also don’t provide the level of security businesses need in increasingly complex hybrid cloud infrastructures. However, they were the first systems to offer credentials, session management, and secret management, but organizations have since outgrown those requirements and now have more complex security challenges to solve.

Today, cloud-based PAM platforms must scale and secure local and remote machine-to-machine privileged access workflows, now the majority of identities in many enterprises. Machine identities are now bigger than human identities by a factor of 45 times — the typical company reported that they 250,000 machine identities last year.

Cloud-based PAM platform vendors continue to improve support for cloud infrastructure entitlement management (CIEM), which monitors cloud platforms in real time to identify anomalies or misconfigurations. CIEM platforms are rapidly maturing in their ability to identify and eliminate potential intrusion and breach risks.

Cloud PAM platform providers are also refining the way policies act as guardrails to reduce false positives and risk. Also on their product roadmaps are plans to improve privileged access security for devops, secret management, microservices, privileged task automation, robotic process automation (RPA), and more.

“Insurers are looking for PAM checks when pricing cyber policies. They are looking for ways the organization discovers and securely manages privileged credentials, how they monitor privileged accounts, and the resources they have to isolate and control privileged sessions.” Larry Chinksi, vice president of global IAM strategy and consumer advocacy at One Identity, wrote in: an article in front of CPO Magazine.

According to CrowdStrike’s CEO and founder George Kurtz’s keynote address at Fal.Con 2022 – and further underlined by a survey of Forrester — 80% of all security breaches start with privileged credential abuse. Another recent research by Delinea found that 84% of organizations have experienced an identity-related breach in the past 18 months. In addition, 75% of organizations believe they will not be able to protect privileged identities because they do not receive the support they need.

Why the future of PAM is in the cloud

CISOs often replace legacy on-premise systems with more advanced cloud-based PAM systems as a core part of their infrastructure consolidation strategies. Every CISO VentureBeat they spoke to at CrowdStrike’s Fal.Con event is focused on consolidating their tech stacks and gaining greater visibility and protection for each endpoint. Consolidating PAM into the cloud frees up more IT resources and budgets as legacy PAM systems become more expensive to run and risk losing vendor support.

Organizations are moving to cloud-based PAM systems to take advantage of potentially lower costs, improved scalability, more configurable, customizable user experiences and workflows, higher availability, and more efficient and timely system updates. Additional factors that motivate organizations to move from on-premises to PAM in the cloud include:

Track and control operating costs (OPEX) in real time

Reducing on-premises licenses and the high cost of renewing Linux, UNIX, and Windows servers, while lowering integration costs, motivate IT leaders to move PAM to the cloud. Cloud PAM providers adept at integration include CyberArk, Delinea, and BeyondTrust, all leaders in this market. In addition, CISOs tell VentureBeat that the financial and IT benefits of elastic computes make cloud-based PAM systems even more competitive and balance their budgets.

Cloud-based integrations based on two-way SSL trust are more secure

The most secure PAM integrations in the cloud rely on two-way SSL trust between the PAM platform and where resources are needed, shutting out cyber-attacks. For example, leading cloud PAM vendors rely on Radius to integrate with its Multifactor Authentication Suite to add MFA support for every PAM instance their customers have in the cloud today.

Greater reliability when integrating with public cloud service with SSLs

Connectors that build two-way SSL trust between cloud PAM platforms and databases, systems and resources in the future of secure access to public cloud platforms. Using a connector-based approach tailored to any public cloud platform that relies on SSL has proven to be more reliable and secure than shell script-based integrations with legacy PAM systems.

Customizable options for cloud PAM platforms that outperform legacy PAM apps

In general, cloud-based PAM platforms offer greater flexibility in customizing and configuring individual screens, workflows, and privileges per person, group, and resource.

Cloud-based PAM platforms help with: compliance

The latest generation of PAM apps and platforms are designed to streamline and scale audit and compliance requirements that continue to grow across all industries. Leading cloud PAM vendors have designed their systems to help organizations comply with GDPR, ISO 27001, HIPAA, PCI, SOX, FIPS, and other industry-specific standards. Many also focus on designing their systems to stay in line with NIST SP 800-207the architecture standard without confidence.

Cloud is the way

PAM vendors have no choice but to move to the cloud as a platform and explore how to differentiate themselves with greater visibility, control, access management and advanced analytics. Unfortunately, legacy APM systems will eventually fall off maintenance contracts and become increasingly expensive to run. As a result, organizations that rely on them need to start looking at how migration to cloud-based PAM systems can provide the advanced support they need in the future.

As CISOs consolidate their tech stacks and reduce IT costs for legacy apps, it’s becoming clear that cloud PAM is the future. Add to that the flexible customization – API support for better integration and instant support for mobile devices, all within a broader ZTNA framework, and it becomes clear that the cloud is the way.

The mission of VentureBeat is a digital city square for tech decision makers to learn about transformative business technology and transactions. Discover our briefings.