Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Encrypted Traffic Strategies
Webinar: Best practices for enterprise net traffic
Omdia's On-Demand Webinars
Omdia's On-Demand Cybersecurity Webinars
What's next for DC firewalls?
Webinar: Net security for software-defined DCs
6/4/2021
09:00 AM
Don Tait
Don Tait
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

The Perfect Storm for PAM to Grow In

With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored.

During the pandemic of 2020, a market that performed particularly well was the privileged access management, or PAM, market. With more staff working remotely, PAM has never been more important. In 2020, revenue in the PAM market increased to nearly $2.0 billion. This equals an annual growth rate of around 17% from the previous year. This is an impressive figure, considering the economic and business uncertainty over the last year or so.

Mergers and Acquisitions in This Space: Centrify and Thycotic
In March 2021, private equity firm TPG Capital acquired PAM vendor Thycotic for $1.4 billion. It plans to merge it with Centrify, the other PAM vendor it acquired two months earlier. Centrify will thereby hope to present a serious challenge to PAM market leader CyberArk. PAM technology came into existence around the turn of the millennium to address the growing need for control of privileged access in networked environments.

Its importance has only increased since then, with the sudden expansion in remote working caused by the COVID-19 pandemic and the concomitant boost to cloud adoption combining to make it even more vital to monitor and control privileged access.

Big Guns Like Okta Entering the PAM Space
In April 2021, Okta, a leading vendor in identity-as-a-service (IDaaS) announced its entry into the privileged access management market. A battle royale awaits Okta in PAM, however, for there it will be going up against the clear market leader, CyberArk. The 800-pound gorilla in its own segment, CyberArk has kept a keen eye on Okta's evolution in recent years, including its 2017 acquisition of Stormpath, a provider of user management services aimed at the developer community, delivering the ability for companies to monitor and control their developers' access to application code in the development pipeline and in production. The Stormpath service was then folded into Okta's broader portfolio.

This is also an area that CyberArk sees as a natural extension for PAM, so the entry of a competitor with the heft of Okta was clearly a significant development. Indeed, some industry pundits see CyberArk's acquisition of IDaaS provider Idaptive in May last year as a move prompted at least in part by Okta's encroachment into the developer access space. Now Okta is entering CyberArk's core PAM market, putting the cat even more firmly among the pigeons.

Related Content:

Fundamentals of Privileged Access Management (PAM)

Okta's PAM and IGA launch underpins its "primary cloud" ambitions

TPG plans a PAM powerhouse to challenge CyberArk, buying Thycotic and merging it with Centrify

Cloud Permissions Management (CPM) Adds to the Mix
An adjacent segment that may help to grow the PAM market is cloud permissions management (CPM). CPM is technology that discovers all the extant access entitlements within a company's cloud infrastructure, makes recommendations on how they might be reined in, in line with zero-trust security principles, and, where appropriate, automatically takes the curtailment action. CPM aims to address the problem of "permission sprawl," whereby users such as developers, administrators, service accounts, and application permissions accumulate excessive access rights to a company’s applications and workloads in the cloud, often by indirect means, such as simply belonging to a particular workgroup.

CPM is a market segment at a very early stage in its development. This sector initially was made up of small startups, including Cloudknox, Sonrai, Ermetic, and Solvo. This is typical of newly emerging areas of security technology that embody a different approach to a specific problem. However, toward the end of 2020, two much larger tech industry players — namely, Salesforce and CyberArk — launched CPM capabilities within their portfolios. Furthermore, in April 2021, Zscaler became the first major player in cybersecurity to buy a specialist vendor in the emerging market segment of CPM with its acquisition of Israeli CPM startup Trustdome.

Conclusions
The PAM market has a bright future due to remote working, an increase in mergers and acquisitions activity, large players entering this segment, and adjacent segments such as CPM showing good growth potential. The PAM market is projected to show good growth during the next five years, reaching $4.0 billion in 2025 (a CAGR of 15.2%).

Don Tait supports and specializes in Omdia's identity, authentication and access intelligence service. Previous research areas where he has published reports includes: blockchain, fintech, Identity and Access Management (IAM), fraud protection in payments, smart cards, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.