Apono is excited to announce it’s been recognized in the 2023 Gartner Magic Quadrant for Privileged Access Management! In its short history (founded in 2021), Apono has already received a number of devoted users and is proud to receive this award.

Summary

The significance of robust privileged access management has never been higher, with cyberinsurance firms now insisting on the adoption of PAM tools. Gartner concludes that leaders in security and risk management should leverage the research in the Gartner report to assess the efficacy of their strategies.

What is Privileged Access?

Privileged accounts serve as a significant avenue for breaches to occur.  Privileged access is access beyond the level granted to normal business users. It allows users to override existing access controls, change security configurations, or make changes affecting multiple users or systems. Privileged access can create, modify and delete IT infrastructure, along with company data contained in that infrastructure, so it carries catastrophic risk. 

Managing privileged access is thus a critical security function for every organization. Regular user access controls cannot effectively manage privileged access, so special procedures and tools are required. 

Gartner Defines Privileged Access Management

Gartner defines privileged access management (PAM) as tools that manage and protect accounts, credentials and commands that offer an elevated level of technical access, that is, administer or configure systems and applications. Available as software, SaaS or hardware appliances, PAM tools manage privileged access for people (system administrators and others) and machines (systems or applications). 

PAM solutions secure just-in-time and zero-standing privileged access across hybrid and multi-cloud environments.

Gartner’s four distinct tool categories for PAM tools are the following: 

  • Privileged account and session management (PASM). Vaulting of privileged account credentials, and session management for privileged users
  • Privilege elevation and delegation management (PEDM). Host-based agents that provide command; filtering and privilege elevation for users on macOS, UNIX/Linux and Windows. 
  • Secrets management. Specialized vault focused on managing credentials for software and workloads. 
  • Cloud infrastructure entitlement management (CIEM). Management of entitlements used in cloud service provider (CSP) infrastructure.     

PAM controls ensure authorized use of privileges (including any related mechanism like privileged accounts or credentials) in authorized target systems for all relevant use cases.

Key Capabilities for Consideration

The must-have capabilities for PAM are:

  • Offering centralized management and enforcement of privileged access by controlling either access to privileged accounts and credentials or execution of privileged commands (or both).
  • Managing and brokering privileged access to authorized users (i. E. , system administrators, operators, help desk staff, and so on) on a temporary basis.

Standard capabilities include:

  • Credential vaulting and management for privileged accounts.
  • Agent-based controlled privilege elevation for commands executed on windows, unix/linux or macos operating systems.
  • Privileged account discovery across multiple systems, applications and cloud infrastructure providers.
  • Management, monitoring, recording, and remote access for privileged sessions.
  • Auditing capabilities to ascertain who used what privileged access when and where.

Optional capabilities include:

  • Secrets management for applications and services.
  • Privileged account life cycle management and remote privileged access for vendors, service providers and other external users that require technical access.
  • Just-in-time privilege management to reduce the time and scope that a user is granted a privilege to the minimum possible.
  • Cloud infrastructure entitlement management (CIEM) and discovery.

Apono Enables Simple and Secure Access to Production

With Apono, you can have all the benefits of accessing production data without any of the risks. When an engineer requires access to fix or investigate a production issue, for example, they can get access automatically through the Data Portal, with built-in security policies enabling them to access only the types of data required, and have that access revoked when it’s no longer needed.