Relevance and prospects of the development of Privileged Access Management solutions
DOI: 10.31673/2412-9070.2022.010310
DOI:
https://doi.org/10.31673/2412-9070.2022.010310Abstract
The subject matter of the article is cyber security incidents related to the violation of the rights of privileged users and the development of the market of PAM solutions over the past five years — 2017–2022. And there is also a process of safe and secure granting of access permissions to the organization's information systems with the provision and tracking of secure user activity in the company's business network and cloud environment. The goal and tasks are: determining the relevance and need for management and administrator access control tools, as well as studying the growth trends of the PAM service market. Determination of prospects for the development of a strategy for the implementation of PAM solutions for or in cloud environments. The methods used are: forecasting methods based on market analysis and conclusions from the presented reports of international companies regarding the development of PAM solutions and increasing demand for system data in the future, as well as observing trends in the transition of organizations' activities to the cloud environment with the development of cloud services: IaaS, PaaS, SaaS. The following results were obtained: the reports of CIS Controls, OWASP, Balabit, Gartner, Allied Marked Research and studies of global vendors: Heimdal security, Microsoft, IBM were considered, which made it possible to draw the necessary conclusions and prove the feasibility of using and increasing demand for PAM systems in the next ten years and prove the prospects and the need to implement a new PAM development strategy in the cloud through integration and blurring the boundaries with IAM. Conclusions. The scientific novelty of the obtained market research results indicates that the interest of PAM solutions on the part of customers, who will be aware of the need for access control tools for administrators, determines the further development and competitiveness of these systems. Increasing attack surfaces, increased security risks, the need to keep up with modern business processes — all this requires the implementation of new PAM solutions with an increased level of security, automation, as well as integration to ensure comprehensive information protection, which will become an integral part of the overall strategy information and cyber security of both enterprises and state institutions.
Keywords: vulnerability; incident; access control; PAM; privileged access; privileged accounts; information security; cloud environment; cloud services; IaaS; PaaS; SaaS; IAM.
References
1. OWASP Top Ten [Електронний ресурс]. URL: https://owasp.org/www-project-top-ten/
2. Sager T. CIS Controls. Auditing, Assessing, Analyzing: A Prioritized Approach using the Pareto Principle [Електронний ресурс]. URL: https://www.cisecurity.org/wp-content/uploads/2018/01/Pareto-Principle.pdf
3. What Is Privileged Access Management (PAM)? [Електронний ресурс]. URL: https://heimdalsecurity.com/blog/privileged-access-management-pam/
4. 2021 IBM Security X-Force Insider Threat Report [Електронний ресурс]. URL: https://www.ibm.com/downloads/cas/YNAPDA6B.
5. The Cost of Insider Threats 2020 [Електронний ресурс]. URL: https://www.ibm.com/security/digital-assets/services/cost-of-insider-threats/#/
6. Privileged Access Management Solutions Market [Електронний ресурс]. URL: https://www.alliedmarketresearch.com/privileged-access-management-solutions-market-A12403.
7. Privileged Access Management: Essential and Advanced Practices [Електронний ресурс]. URL: https://www.ekransystem.com/en/blog/pam_best_practices.
8. Привілейований доступ. Облікові записи [Електронний ресурс]. URL: https://docs.microsoft.com/ru-ru/security/compass/privileged-access-accounts.
9. Привілейований доступ: стратегія [Електронний ресурс]. URL: https://docs.microsoft.com/ru-ru/security/compass/privileged-access-strategy.
10. Why and How to Prioritize Privileged Access Management [Електронний ресурс]. URL: https://www.gartner.com/en/articles/why-andhow-to-prioritize-privileged-access-management.
11. Телеграм-канал Державної служби спеціального зв’язку та захисту інформації України [Електронний ресурс]. URL: https://t.me/dsszzi_official.
12. Державна служба спеціального зв’язку та захисту інформації України [Електронний ресурс]. URL: https://cip.gov.ua/ua.
13. Державна служба спеціального зв’язку та захисту інформації України [Електронний ресурс]. URL: h t t p s : / / i n s t a g r a m . c o m / d s s z z i ? u t m _medium=copy_link.
14. Практика використання, нові функції і сценарії роботи PAM [Електронний ресурс]. URL: https://www.anti-malware.ru/analytics/Technology_Analysis/PAM-using-new-Featuresand-Scenarios#part3.
15. Контроль привілейованих користувачів. Що таке PAM-система? [Електронний ресурс]. URL: h t t p s : / / w w w . i t - w o r l d . r u / c i o n e w s /security/147451.html
16. Microsoft is a 5-time Leader in the Gartner Magic Quadrant for Access Management. [Електронний ресурс]. URL: h t t p s : / / w w w . m i c r o s o f t . c o m / s e c u r i t y /blog/2021/11/09/microsoft-is-a-5-time-leader-in-the-gartner-magic-quadrant-for-accessmanagement/?culture=uk-ua&country=UA.
17. Access Management 2022 [Електронний ресурс]. URL: https://www.kuppingercole.com/reprints/62c08b4d46f70b1c19245b8f09011f5e?culture=ukua&country=UA.
18. Identity and Access Management solutions (PAM)? [Електронний ресурс]. URL: https://nordlayer.com/identity-access-management/?gclid=Cj0KCQjwvZCZBhCiARIsAPXbajs0eT4TOD5IHthwSDwFj-Yn6wQ0Oj3DHV6-2qlvt-NUQXiXi8K2aZ7YaAnhiEALw_wcB
19. 9 Identity and Access Management best practices [Електронний ресурс]. URL: https://nordlayer.com/blog/iam-best-practices/
20. Privileged Access Manager (PAM) [Електронний ресурс]. URL: https://softprom.com/ru/vendor/cyberark/product/pam.
21. Privileged Access Management [Електронний ресурс]. URL: https://oneidentity.bakotech.com/privileged-access-management.
22. PAM in the cloud vs. PAM for the cloud. What’s the difference? [Електронний ресурс]. URL: https://delinea.com/blog/pam-privileged-accessmanagement-in-vs-for-the-cloud.
23. PAM for the Cloud [Електронний ресурс]. URL: https://delinea.com/resources/pam-for-cloud-security-whitepaper.
24. Privileged Access for Cloud-Native Workloads (Cloud PAM): Securing Identities in dynamic environments; on-premise, hybrid & public cloud [Електронний ресурс]. URL: https://delinea.com/blog/cloud-pam-privilegedaccess-for-cloud-native-workloads.
25. Privileged Access Management for the Cloud [Електронний ресурс]. URL: https://thycotic.com/solutions/privileged-accessmanagement-for-the-cloud/
26. Your Guide to Privileged Access Management (PAM) [Електронний ресурс]. URL: https://jumpcloud.com/blog/privileged-accessmanagement.
27. What is a Cloud Directory? [Електронний ресурс]. URL: https://jumpcloud.com/blog/what-cloud-directory.
28. Why Privileged Access Management Is So Hard in the Cloud [Електронний ресурс]. URL: https://securityintelligence.com/articles/privileged-access-management-hard-cloud/
29. Privileged Access Management (PAM) What is Privileged Access Management? [Електронний ресурс]. URL: https://delinea.com/what-is/privileged-accessmanagement-pam.
30. Migrating Your Privileged Access Management (PAM) to the Cloud [Електронний ресурс]. URL: https://www.strongdm.com/blog/privileged-access-management-pam-cloud-migration.
31. Rethinking Privileged Access Management for Cloud and Cloud-Native Environments. [Електронний ресурс]. URL: https://goteleport.com/blog/rethink-modern-pamfor-cloud-environments/
32. Applying Privileged Access Management to Cloud Environments [Електронний ресурс]. URL: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-1/applying-privileged-accessmanagement-to-cloud-environments.
33. Privileged Access Management (PAM) in the Cloud [Електронний ресурс]. URL: https://www.ssh.com/academy/iam/privilegedaccess-management-in-the-cloud.
