Getty Images/EyeEm

Privileged access management moving to cloud

Survey shows nearly half of information security professionals are either planning to move privileged access management to the cloud or are exploring the possibility

At least one in five (21%) of more than 200 security professionals polled at the RSA Conference 2019 are already using cloud-based privileged access management (PAM) services or plan to use them.

A further 26% are exploring migration to cloud-based PAM, according to a survey by PAM provider Thycotic.

The survey quantified and evaluated security professionals’ current PAM practices, including challenges in adopting PAM solutions and their interest and progress in transitioning to cloud-based PAM solutions.

Only 36% of respondents said they plan to keep their PAM solution on-premise, indicating that most organisations see a future with cloud-based security systems and expect to increase their use of those systems to 65% in the next two years.

“As more companies move to a cloud-first strategy, momentum is accelerating for adopting cloud-based PAM solutions,” said Joseph Carson, chief security scientist at Thycotic. “Going with cloud allows an organisation to pay only for services used, reduce wasted time, and minimise huge upfront investments and automate updates, along with assuring high availability and geo-redundancy.” 

The survey also revealed that unauthorised access – which should be protected by a PAM system – is the top business risk to cloud environments.

Privileged accounts and privileged access are at the heart of every business because they ensure that the IT team can administer and manage the organisation’s systems, infrastructure and software, and they enable employees to access the data that enables them to make critical business decisions.

But as a result, privileged accounts are also the most likely to be targeted by cyber criminals because they allow the attackers to easily move around the network, accessing critical systems and sensitive data while remaining undetected.

Read more about privileged access management

The survey showed that IT and security teams are still struggling to get management and daily users to understand the necessity of PAM systems, with 28% saying the biggest challenge is persuading team members to use the PAM system.

Nearly a quarter (24%) said educating organisations’ leaders is a challenge to deploying PAM systems, and 19% said finding the budget for PAM technology is an obstacle.

Despite increased awareness of PAM systems and the need to deploy them to stop cyber criminals from abusing powerful accounts, Thycotic said 85% of organisations fail to meet basic PAM security standards.

However, the company also noted some positive indications from the survey, including the finding that 66% of respondents are increasing their knowledge of PAM technologies.

Read more on Identity and access management products