Guest Column | April 12, 2021

Why The Time Has Never Been Better For Partners To Add PAM To Their Portfolio

By Katriina Barns, Thycotic

Finding The Balance Between Cost And Innovation: Equipping A Flexible Facility With The Right Partner

With most organizations now facing a very different dynamic shaped by remote working, MSPs are more important than ever for providing essential IT support, particularly when it comes to cybersecurity. Few companies can afford full-time in-house teams, and even the largest companies outsource at least some of their security needs. MSPs with a strong portfolio of cyber solutions and services have a prime opportunity to meet the growing demand.

One of the areas with the strongest potential for growth is Privileged Access Management (PAM), which enables organizations to better protect user accounts with elevated access authorization and admin powers – one of the prime targets for cybercriminals. The solution has been cited by Gartner as one of the top security priorities over the last two years and has only grown more important as attackers increase their focus on identity-based attacks during the pandemic.

Why Is PAM In Demand?

PAM solutions provide critical capabilities to protect privileged credentials and reduce business risk. These include secure credential management, tracking of privileged activity, password masking and rotation, as well as implementing session monitoring controls. Alongside being a valuable offering for their customers, these capabilities are also extremely important for MSPs themselves.

As MSPs usually have privileged access to the systems of their clients, they are a prime target for cyber-attacks. Successfully breaching an MSP will give the attacker the keys to the kingdom of its entire client base unless the MSP has precautions in place.

Aside from protecting all the customer credentials in their care from attack, PAM also can help add extra layers of security and accountability for an MSP’s daily activity. If something goes wrong in the client’s systems, an MSP with access may find fingers pointing in their direction. PAM can be used to track and log all access and activity, making it clear if the MSP was involved in the fault or not.

The Opportunity For New Revenue Streams

One of the biggest opportunities for MSPs to strengthen and expand their security offerings to clients is by offering PAM as a service, to help with the manual overhead, and risk landscape organizations face today. Providing this service enables the MSP to be an integral part of the customer's organization by managing their most critical privileged accounts.

As it falls under the umbrella of identity and access management (IAM), PAM has strong synergy with other products and processes in this field. With PAM, you can implement an automated access management system for your most privileged credentials. But you can gain more granular management capabilities by integrating your PAM tools with complementary, IAM and IGA systems. There is also the potential for integration outside of the identity field, and PAM helps to enhance vulnerability scanning and security information and event management (SIEM) among others.

How Partners Can Add More Value

Managing privileged accounts can be a serious challenge for many organizations. We often find that enterprises have many privileged credentials spread across their estates and have few processes in place to track access by third parties, or accounts belonging to employees who have left or changed roles. It is also common to find privileged accounts being shared between individuals or across teams, with no audit trail to account for it.

PAM enables an organization to easily manage any number of privileged accounts – but only if it is implemented correctly. If privileged account controls are misconfigured, they become overly restrictive and prevent employees from accessing resources and tools essential for their job role. This is particularly problematic with individuals who are isolated working from home.

MSPs have another opportunity to add value here by helping the customer on their journey, advising on strategy, and helping them to streamline the process and adapt it to their needs. While setting up PAM doesn’t need to be particularly difficult or time-consuming, organizations will appreciate having a trusted partner that can handle the entire process for them and then provide ongoing support.

Keeping Up With A Shifting IT Landscape

Most cyberattacks involve credential abuse and access to a privileged account is one of the ultimate goals for most threat actors. Organizations have spent many years investing in multiple layers of security, but a single compromised account can slide right by them to execute a devastating attack. The fact that many people will be working remotely for the foreseeable future also means they are more vulnerable to phishing attacks attempting to snag their login credentials.

As a result, we have seen a strong shift in the security market toward identity-based solutions like PAM. The ability to monitor and control privileged account activity, as well as increased security around privileged credentials, drastically reduces a threat actor’s ability to exploit hijacked accounts.

MSPs that can offer a high-level PAM solution as part of their portfolio and combine it with the skills to support it on an ongoing basis will have a powerful opportunity to expand both their market share and value share for existing customers.

About The Author

Katriina Barns is Partner Alliances Manager, UK at Thycotic