Assessing and advancing PAM maturity

Thycotic has introduced its PAM Maturity Assessment, the first tool designed as a strategic framework to help organizations understand their current level of PAM maturity. As a free online tool, the PAM Maturity Assessment increases an organization’s visibility into how it manages privilege security and enables security and IT teams to prioritize actions and align budget and resources.

  • 5 years ago Posted in
Information security and IT professionals can take the free survey in under five minutes by visiting https://thycotic.com/resources/thycotic-pam-maturity-model/. Participants get an immediate grade upon completing the survey, along with a follow up email that includes a report with detailed results and customized recommendations to systematically lower privileged account risk, increase business agility and improve operational efficiency.

 

“Many companies aren’t sure where to start with PAM or which security activities have the most impact,” said Joseph Carson, chief security scientist at Thycotic. “This model is based on security industry best practices and our work with 10,000 customers of all types. It’s designed to help companies progress on their PAM journey based on defined benchmarks as well as their own risk drivers, budget, and priorities.”

 

Step-by-Step Roadmap

 

The model defines four phases of maturity ­­­­organizations typically progress through as they evolve from laggards to leaders in their adoption of privileged account management.

 

  • Phase 1. Analog: Organizations in the Analog phase of PAM maturity have a high degree of risk. They secure their privileged accounts in a limited way, if at all. As a result, they often provide excess privileges to people who don’t need them, share privileges among multiple administrators, and neglect to remove privileges when users leave the organization or change roles.

 

  • Phase 2. Basic: When organizations progress from the Analog stage to the Basic stage of PAM maturity, they adopt PAM security software and begin to automate time-consuming, manual processes.

 

  • Phase 3: Advanced: As organizations move from a reactive to a proactive privilege security strategy they enter the Advanced phase of PAM maturity and PAM becomes a top priority within their cyber security strategy. Organizations at this level are committed to continuous improvement of their privileged security practices.

 

  • Phase 4: Adaptive Intelligent: As organizations ascend to the ultimate stage of PAM maturity they take the concept of continuous improvement to a higher level, often relying on artificial intelligence and machine learning to collect information and adapt system rules. They fully and automatically manage the entire lifecycle of a privileged account, from provisioning to rotation to deprovisioning and reporting.

 

In addition to the PAM model and online tool, Thycotic is planning on releasing a trend report of PAM maturity in the coming months, with the goal of creating greater understanding of privileged account security and providing metrics on PAM adoption back to the international security community.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Trend Micro has released new research detailing the murky cybercrime supply chain behind much of...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...
State of Industrial Cybersecurity report reveals only 21% of organizations achieved full maturity...