The cloud is winning for enterprise and cybersecurity tech stacks that need to upgrade privileged access management (PAM). Ninety-four percent of enterprises report they are using cloud services today, and 75% say security is a top concern. Sixty-seven percent of enterprises have already standardized their infrastructures on the cloud. On top of that, this year, according to Gartner, more than $1.3 trillion in enterprise IT spending is at stake from the shift to the cloud, growing to almost $1.8 trillion in 2025.
By 2025, 51% of IT spending on will have shifted from traditional solutions to the public cloud, compared to 41% in 2022. Almost two-thirds (65.9%) of spending on application software will be directed toward cloud technologies in 2025, up from 57.7% in 2022.
“The shift to the cloud has only accelerated over the past two years due to COVID-19, as organizations responded to a new business and social dynamic,” said Michael Warrilow, research vice president at Gartner. “Technology and service providers that fail to adapt to the pace of cloud shift face increasing risk of becoming obsolete or, at best, being relegated to low-growth markets.”
Zero trust needs to guide PAM adoption
The faster enterprises migrate workloads to the cloud, the greater the risk of potential breaches. Relying on legacy on-premises PAM systems to protect new cloud infrastructure is like buying a new car and insisting on having traditional key locks instead of Bluetooth-enabled key fobs.
Organizations also realize that PAM must be a core part of any zero-trust network access (ZTNA) strategy. Designing PAM into the core of an enterprise’s ZTNA framework assures the weaknesses of relying on individual public cloud providers’ identity access management (IAM), and PAM apps won’t turn into intrusion attempts and breaches.
For example, Amazon Web Services, Google Cloud Platform, and Microsoft Azure each have their own IAM applications. Yet, none can protect a diverse hybrid cloud environment from privileged credential attacks. Because of this, a cloud-based PAM platform that spans an entire hybrid cloud infrastructure is table stakes for achieving an enterprise-class ZTNA framework. As a result of its growing need among enterprises, the PAM market is projected to grow at a compound annual growth rate of 10.7% from 2020 to 2024, reaching a market value of $2.9 billion.
Previously, enterprises spent the bare minimum for PAM on-premises systems to meet compliance requirements. Legacy PAM systems are not designed to support the foundational elements of zero trust or provide API integration options to become part of a ZTNA-based framework. They also do not provide the level of security enterprises need in increasingly complex hybrid cloud infrastructures. However, they were the first systems to offer credential vaulting, session management, and secrets management, but organizations have since outgrown those requirements and now have more complex security challenges to deal with.
Today, cloud-based PAM platforms need to scale and secure local and remote machine-to-machine privileged access workflows, now the majority of identities in many enterprises. Machine identities now outnumber human identities by a factor of 45 times — the typical enterprise reported having 250,000 machine identities last year.
Cloud-based PAM platform vendors continue to improve support for cloud infrastructure entitlement management (CIEM), which monitors cloud platforms in real-time to identify any anomalies or misconfigurations. CIEM platforms are rapidly maturing in their ability to identify and eliminate potential intrusion and breach risks.
Cloud PAM platform providers are also fine-tuning how policy definitions act as guardrails to reduce false positives and risks. Also on their product roadmaps are plans to improve privileged access security for devops, secrets management, microservices, privileged task automation, robotic process automation (RPA) and more.
“Insurance underwriters look for PAM controls when pricing cyber policies. They look for ways the organization is discovering and securely managing privileged credentials, how they are monitoring privileged accounts, and the means they have to isolate and audit privileged sessions.” Larry Chinksi, vice president of global IAM strategy and consumer advocacy at One Identity, wrote in an article for CPO Magazine.
According to CrowdStrike’s CEO and founder George Kurtz’s keynote at Fal.Con 2022 — and further underscored by a study from Forrester — 80% of all security breaches start with privileged credential abuse. Another recent survey by Delinea found that 84% of organizations experienced an identity-related breach in the last eighteen months. On top of that, 75% of organizations believe they’ll fall short of protecting privileged identities because they won’t have the support they need in place.
Why the future of PAM is in the cloud
CISOs often replace legacy on-premise systems with more advanced cloud-based PAM systems as a core part of their infrastructure consolidation strategies. Every CISO VentureBeat has spoken with at CrowdStrike’s Fal.Con event is focused on how to consolidate their tech stacks and gain greater visibility and protection of every endpoint. Consolidating PAM into the cloud frees up more IT resources and budgets, as legacy PAM systems become progressively more expensive to operate and risk losing vendor support.
Organizations move to cloud-based PAM systems to gain the advantages of potentially lower costs, improved scalability, more configurable, customizable user experiences and workflows, higher availability, and more efficient and timely system updates. Additional factors that motivate organizations to shift from on-premises to cloud PAM include the following:
Track and control operating expenses (OPEX) in real time
Reducing on-premise licensing and the many expenses of refreshing Linux, UNIX, and Windows servers while reducing integration costs motivate IT leaders to move PAM to the cloud. Cloud PAM providers adept at integration include CyberArk, Delinea, and BeyondTrust, all leaders in this market. In addition, CISOs tell VentureBeat that elastic computes financial and IT advantages further make cloud-based PAM systems more competitive in keeping their budgets balanced.
Cloud-based integrations based on two-way secured socket layer (SSL) trust are more secure
The most secure cloud PAM integrations rely on two-way-SSL trust between the PAM platform and wherever resources are needed, which locks cyberattackers out. For example, leading cloud PAM vendors rely on Radius to integrate with its Multifactor Authentication Suite to add MFA support for every PAM instance their customers have in the cloud today.
Greater reliability integrating with public cloud service with SSLs
Connectors that build two-way-SSL trust between cloud PAM platforms and databases, systems, and resources in the future of secured access to public cloud platforms. Taking a connector-based approach tailored to each public cloud platform that relies on SSL has proven more reliable and secure than shell-script based integrations to legacy PAM systems.
Customizable, options for cloud PAM platforms outdistance legacy PAM apps
Overall, cloud-based PAM platforms provide greater flexibility in customizing and configuring individual screens, workflows, and privileges by individual, group, and resource.
Cloud-based PAM platforms help with compliance
The latest generation of PAM apps and platforms are designed to streamline and scale audit and compliance requirements that continue to grow across industries. Leading cloud PAM vendors have designed their systems to help organizations comply with GDPR, ISO 27001, HIPAA, PCI, SOX, FIPS, and other industry-specific standards. Many are also focusing on how to design their systems to stay in compliance with NIST SP 800-207, the zero-trust architecture standard.
Cloud is the way
PAM vendors have no choice but to move to the cloud as a platform and investigate how to differentiate themselves with increased visibility, control, access management and advanced analytics. Unfortunately, legacy APM systems will eventually fall off maintenance contracts, becoming increasingly expensive to operate. As a result, organizations relying on them need to start looking at how migrating to cloud-based PAM systems could provide the advanced support they need in the future.
As CISOs consolidate their tech stacks and reduce IT expenses for legacy apps, it becomes apparent that cloud PAM is the future. Add to that the flexible customization — API support for better integration, and immediate support for mobile devices, all within a broader ZTNA framework, and it becomes clear that the cloud is the way.