Channel-only security specialist Thycotic has risen up the ranks in Gartner’s Magic Quadrant for the expanding Privileged Access Management (PAM) market.
Simon Azzopardi, senior vice president for EMEA and APAC at Thycotic, told Weirdware.com that Gartner expects half of target organisations to implement a just-in-time PAM model by 2024 — with channel partners focusing on firms that turn over at least $100m a year in pole position to benefit.
“It’s companies that are really above $100m in annual revenue that are spending money on real PAM,” Azzopardi said. “Again, in the [Gartner] report it says if they do implement just-in-time PAM, companies will experience 80% fewer breaches than other companies. And this is really key, because it’s one of the easiest ways to reduce the attack surface.”
The PAM opportunity is exploding because customers now know they need PAM to reduce the attacks or at least mitigate the attacks that are being carried out, and they are turning to partners and asking for recommendations. And they can certainly come to Thycotic for help, Azzopardi added.
“We’re 100% channel. Channel is always at the forefront of everything we do, even from a marketing perspective whenever our marketing team creates any sort of campaign. They’re not just standard campaigns, they’re channel campaigns, so they allow our partners to go and create customised versions within their customer base,” he said.
Anna Michniewska, senior marketing director for international business at Thycotic, noted that channel partners often have very small marketing departments. As a result, Thycotic tries to “act like a little bit of a marketing agency” for partners, going beyond the partner portal and referrals to work more closely with resellers.
“We’ve created a campaign flow for partners and recommend what is the best thing for them to do to generate higher sales. Nobody wants to talk about the pandemic any more, but we moved really fast back at the beginning of the whole situation in March and had a few days of webinars, almost online courses, delivering alternative methods of generating pipeline.
“And most of the pipeline for our partners is coming from physical events, and social selling events. We have lots of experience in generating pipeline from digital activities and we want to share this with our channel partners,” Michniewska said.
Key to Thycotic’s success so far, as you’d expect, is innovation.
“By innovation and listening to what’s really keeping our customers up at night, and how we can focus on least privilege and then releasing it down to the customer side, we have released multiple new solutions over the last six to eight months that have enabled us to be innovation leaders,” Azzopardi said.
Last year Thycotic launched a product called Account Lifecycle Manager which targets the challenge of people creating privileged accounts that can be used or misused at will, and that linger on without an expiration date or similar once they’re created. In larger organisations, managing privileged accounts has become a huge problem that is not entirely fixed by every identity access solution.
“What this tool does is it introduces a governance process around all privileged accounts, including a specific focus on service accounts,” Azzopardi said. “It can stop all privileged accounts being created outside of this tool, all the privileged accounts have to be created within this tool which allows them to control a full lifecycle for these accounts.
“Not only are they controlling the accounts they had in the first place, but also the creation of new ones. It’s a simple concept and you’d wonder why no one has thought about that, but it was something that was absolutely first to market.”
Another key innovation is the ability to deploy a high-speed vault, more suitable for devops and development environments. The DevOps Secrets Vault facilitates security and password management not only at account level but at a high-velocity machine level.
“For devops, one of the things that makes them successful, their foundation, is their ability to spin up and down various environments fast, do some testing, and then put them away. But because they’re developers, they usually need full access. And full access means security risk, right?” Azzopardi said. “Traditional vaults cannot handle that sort of speed.”