According to IBM, in 2014, 55% of all attacks were carried out by either malicious insiders or inadvertent actors, and over 95% of breaches caused by insiders was caused by human error. Throwing gasoline on the fire, Dell has come out with its own security survey that finds that 83% of respondents face challenges with privileged account management.
Given all the internal and external cyberthreats, the fact that only 83% stated they faced challenges was a concern for Jackson Shaw, Senior Director, Product Management, Dell Security. “I agree there are 17% of the people who don’t understand how bad the issue is… as a vector for attack, it’s relatively significant.”
Shaw, who spent 7 years at Quest and came over when the company was acquired by Dell back in 2012, told IT Trends & Analysis he was surprised more firms aren’t spending more time and resources on security and access management, in the face of all this activity. “I think there is still a lack of awareness how significant the problem is…. I don’t think most companies really understand how big the problem is.”
A month ago HP reported that the average annualized cost of cybercrime has soared 82% over the last 6 years, to $15 million per US organization. The average time to resolve a cyber attack was 46 days, with an average cost to participating organizations of more than $1.9 million during this 46-day period, up 22% from last year’s estimated average cost of approximately $1.5 million, which was based upon a similar 45-day resolution period.
The September Cisco router attack illustrated the critical importance of controlling user access appropriately, stated CA Technologies. “The Cisco SYNful breach is a very common pattern familiar to all of us,” said Mordecai (Mo) Rosen, CA Technologies VP, Product Management and Strategy for Privileged Access Management. The breach is the norm, not the exception, and the linchpin was privileged account management, he said.
The Identity and Access Management (IAM) market is expected to be worth $18.3 billion by 2019, almost double last year’s $9.16 billion. In addition to Dell, key players include: CA Technologies, EMC, Oracle, HP, IBM, Intel, Microsoft, Siemens, Okta and Centrify.
According to Gartner’s Market Guide for Privileged Access Management, released at the end of May, while the PAM market continues to see strong growth, adoption by organizations is often partial, leaving gaps that translate to risk. The research company estimates that the size of the PAM market reached $512 million in 2014, up 32%. Interest in PAM technology is driven by several factors: the risk of insider threats; the existence of malware that specifically targets privileged accounts; operational efficiency for administrator access; regulation and failed audits, because auditors are paying closer attention to privileged accounts, and regulations are forcing organizations to create an irrefutable trail of evidence for privileged access; and access to privileged accounts by third parties: vendors, contractors and service providers.
This should translate into a huge opportunity for Dell, but that may not be the case. Stories have started circulating on how Dell plans to address the $49.5 billion debt it will incur with the EMC/VMware acquisition, including a $10-billion asset sale, which could include Quest Software.
Privileged accounts really are the ‘keys to the kingdom,’ which is why hackers seek them out and why we’ve seen so many high-profile breaches over the past few years use these critical credentials, stated Dell. To alleviate this risk and ensure these accounts are controlled and secured, it’s absolutely crucial for organizations to have a secure, auditable process to protect them.
Quest’s future may be murky, but PAM’s future is solid, said Shaw. “I think the market is growing at better than 20%. We certainly are.”
He said they’re getting great interest from customers around this but thinks there’s still a long way to go. “This is probably our flagship from a pain perspective when we talk to our customers.”