Coming in First: Gartner Says PAM Should Be the Top Priority for CISOs


APRIL 2019

By: Orhan Yildirim

In a post by Gartner’s Jill Beadle, Privileged Access Management (PAM) was named the number one security project Chief Information Security Officers (CISOs) should invest in to reduce risk on a significant scale in large enterprises.

“Focus on projects that reduce the most amount of risk and have the largest business impact,” the post quoted Gartner vice president and distinguished analyst Neil MacDonald, who spoke during Gartner’s annual Gartner Security and Risk Management Summit in National Harbor, MD this year.

“These are projects, not programs, with real supporting technologies,” MacDonald said during his presentation, adding that all ten of the priority projects he covered are new to most CISOs, with enterprise adoption at less than 50%.

MacDonald described PAM implementations as those which “make it harder for attackers to access privileged accounts and should allow security teams to monitor behaviors for unusual access.”

MacDonald also focused on the role of “mandatory multifactor authentication (MFA) for all administrators,” as a minimum in any PAM implementation, pointing out that MFA is an ideal means to control third-party access, including that which is granted to outside contractors.

By taking a risk-based approach (high value, high risk) system to prioritize projects, and by choosing PAM which enables IT leaders to monitor and manage behavior among all internal and external individuals given access, MacDonald then went on to list these nine other projects, in order of priority from his vantage point:

  1. CARTA-inspired vulnerability management
  2. Active anti-phishing
  3. Application control on server workloads
  4. Micro-segmentation and flow visibility
  5. Detection and response
  6. Cloud security posture management (CSPM)
  7. Automated security scanning
  8. Cloud access security broker (CASB)
  9. Software-defined perimeter

Ironsphere is a leader in PAM technologies, which can be more easily implemented and integrated into existing enterprise security architectures, with the most comprehensive set of security solutions compared to other more expensive and less flexible traditional options. Learn more about Ironsphere’s PAM solution set here.

Similar Blogs

Enterprise Risk Appetite Frameworks Should Include PAM

Enterprise Risk Appetite Frameworks Should Include PAM

Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”

read more