Privileged Access Management solutions too complex
Most Privileged Access Management solutions are too complex, with 68% of organisations paying for wasted features, according to new research.
Keeper Security has released findings from its Privileged Access Management Survey: User Insights on Cost & Complexity. The report explores global insights from IT and security executives, revealing an overwhelming industry desire for Privileged Access Management (PAM) solutions that are easier to deploy and maintain, with 84% of global IT leaders say they want to simplify their PAM solutions in 2023.
As cybersecurity threats continue to grow, IT leaders are seeking effective PAM solutions that can provide visibility, security, control and reporting across every user, on every device, the research shows. PAM adoption is widespread, with 91% of survey respondents saying their organisations use a PAM product.
But the findings show traditional PAM products are failing to meet organisational needs. More than two-thirds of IT managers (68%) say their current PAM product is too complicated or has too many features they don't use, and 87% of respondents would prefer a pared down form of PAM that is easier to deploy and use.
On average, IT teams only use 62% of their current PAM functionality, while 58%of respondents agree there is waste in their PAM solution.
Roughly two-thirds of survey respondents indicate that pricey and superfluous PAM features create too much complexity for users, reducing user satisfaction, while more than half of all IT teams (56%) report they tried to deploy a PAM solution but never implemented it. Of those, 92% said it was because their PAM solution was too complex.
Most organisations (85%) say their PAM product requires dedicated staff to manage and maintain. The report also found two-thirds of IT leaders (66%) say they need a better PAM solution, but 58% say they do not have one because it is too expensive.
"Organisations must secure their privileged credentials, accounts and sessions to protect themselves," says Darren Guccione, CEO and co-founder of Keeper Security.
"The Privileged Access Management Survey: User Insights on Cost & Complexity reveals why IT and security leaders are dissatisfied with traditional PAM products. The industry needs modern, unified PAM solutions that address perimeterless, multi-cloud IT environments and distributed remote workforces," he says.
"These solutions must provide essential functionality with zero-trust security, and at the same time, be cost-effective, easy to implement and engaging for end users."
Alarmingly, nearly two-thirds of IT leaders (62%) say the downturn in economic conditions will likely cause them to scale back their current PAM platform. Today's IT and security leaders require a PAM solution that protects their most sensitive systems without the complexity and unnecessary features that drive up costs. The research shows their top criteria include solutions that are quick to deploy, affordable, and simple to understand and integrate.
Based on the survey results, the top five benefits IT leaders seek in a PAM solution include:
- Managing and monitoring privileged user access
- Protecting against compromise of privileged credentials by external threat actors
- Preventing data breaches
- Protecting against accidental or deliberate misuse of privileged access by company insiders
- Ensuring privileged user access is updated to prevent privilege creep
Respondents also share the top five benefits of a simplified PAM solution:
- Easier to deploy
- Easier to integrate into other systems
- Cost savings
- Consolidated platform
- Requires less staff
"The digital landscape continues evolving beyond the average IT professionals control," says Guccione.
"To maintain visibility and stay ahead of the next wave of cyberthreats, IT and security leaders must adapt, automate and advance with the ever-changing workplace," he says.
"While PAM solutions are primarily designed to protect IT staff, executive leadership, and research and development staff, the accelerated digital transformation and current high-risk security climate make protecting all end-users within an organisation increasingly essential."