An interesting question in this context is whether this will affect the overall PAM market. First of all, it confirms what I’ve described earlier in my blogs: There will be a convergence of PAM with provisioning and other IAM solutions. And with more vendors providing such integrations (some are providing some integration or are working on that), customers are likely to pick the “integrated PAM”. However, there is no doubt that at that point of time the PAM specialists in most cases have more feature-rich offerings, which might complement even these integrated PAM approaches or replace them in case that specific features are required. Thus, there will be a “stand-alone” PAM market for the foreseeable time. On the other hand I expect more acquisitions of PAM specialists to happen given that the larger vendors might want to speed-up the development of their integrated PAM offerings by acquiring a product and integrating it. Another point to mention: IBM’s approach shows that PAM is moving out of a niche towards a mainstream IAM market segment.I completely agree that we are going to see a greater tie-in between provisioning and privileged account management systems. After all, isn't a privileged account a special type of account and isn't my provisioning application used for creating accounts? "QED" as my old math professor would say. I think the traditional stack vendors (IBM, CA, Sun, Novell, etc.) are going to have to address privileged account management within their platforms sooner than later. Regulators and compliance professionals are starting to wake-up to the fact that companies do not have a good handle on their privileged accounts, who has them, what they are doing with them and who has authorized them to have one. Just ask yourself who has an Active Directory domain administrator account in your organization, why they have one, who authorized them to have it and what they do when they use it? That’s not an easy question for most organizations to answer today. The same goes for “root” on your Unix or Linux systems. In fact, on Unix and Linux the question is even more difficult to answer.
Privileged account management as a subset of identity management is new. Provisioning has been around a long time and is somewhat “old news”. In 2010 I think we will see a lot more market turbulence around privileged account management and I agree with Martin’s prediction to expect more acquisitions.
Hmmm, did Microsoft make a mistake in their purchase of Desktop Standard in 2006 by allowing the BeyondTrust bit to escape? In retrospect, they would have been better to keep the PAM (BeyondTrust) portion – they need it like the other stack vendors!