One market that performed particularly well during the 2020 pandemic is the privileged access management (PAM) market. As more employees work remotely, PAM has become more important than ever. In 2020, PAM market revenue will increase to nearly 2 billion U.S. dollars. This is equivalent to the previous year’s annual growth rate of approximately 17%. Considering the economic and business uncertainties in the past year or so, this is an impressive number.
Mergers and acquisitions in this area: Centrify and Thycotic
In March 2021, private equity firm TPG Capital acquired PAM provider Thycotic for US$1.4 billion. It plans to merge it with Centrify, another PAM supplier it acquired two months ago. Therefore, Centrify hopes to pose a serious challenge to CyberArk, the leader in the PAM market. PAM technology emerged at the turn of the century to address the increasing demand for privileged access control in the network environment.
Since then, with the sudden expansion of remote work caused by the COVID-19 pandemic and the consequent promotion of cloud adoption, its importance has only increased, making it even more important to monitor and control privileged access.
Okta and other big guys enter the PAM space
In April 2021, Okta, a leading provider of identity as a service (IDaaS), announced its entry into the privileged access management market. However, a battle royale awaits Okta in PAM as it will confront the obvious market leader Cyber CyberArk weighs 800 pounds in its own market segment and has been closely following Okta’s development in recent years, including the acquisition of Stormpath in 2017, a user management service provider for the developer community that provides monitoring and control for the company Developers’ access to application code in the development pipeline and production. The Stormpath service was subsequently merged into Okta’s broader product portfolio.
This is also an area where CyberArk regards PAM as a natural extension, so the entry of competitors with Okta influence is obviously a major development. In fact, some industry experts believe that CyberArk’s acquisition of IDaaS provider Idaptive in May last year was at least partly caused by Okta’s intrusion into the developer access space. Now Okta is entering CyberArk’s core PAM market, placing the cat more firmly among the pigeons.
Cloud Rights Management (CPM) is added to the portfolio
An adjacent segment that may help develop the PAM market is cloud rights management (CPM). CPM is a technology that can discover all existing access permissions in the company’s cloud infrastructure, make recommendations on how to control these permissions based on the zero-trust security principle, and automatically take reduction measures when appropriate. CPM aims to solve the problem of “privilege sprawl”, that is, users such as developers, administrators, service accounts, and application permissions accumulate excessive access rights to company applications and workloads in the cloud, usually through indirect means, such as only belonging to A specific working group.
CPM is a market segment in the early stages of development. The field initially consisted of small startups, including Cloudknox, Sonrai, Ermetic, and Solvo. This is a typical representative of the emerging areas of security technology, which embodies different approaches to specific problems. However, by the end of 2020, two larger technology industry players—Salesforce and CyberArk—have introduced CPM capabilities in their product portfolios. In addition, in April 2021, Zscaler acquired Trustdome, an Israeli CPM start-up company, and became the first major cybersecurity player to acquire a professional supplier in the emerging market field of CPM.
The prospects for the PAM market are bright due to remote work, increased M&A activities, large companies entering this market segment, and neighboring market segments such as CPM showing good growth potential. The PAM market is expected to show good growth in the next five years, reaching USD 4 billion by 2025 (compound annual growth rate of 15.2%).
Don Tait supports and focuses on Omdia’s identity, identity verification and access intelligence services.The research areas he has previously published reports include: blockchain, financial technology, identity and access management (IAM), fraud protection in payment, smart cards… View full bio