GigaOm Radar for Enterprise Password Managementv2.01

1. Summary

Every organization has employees who are buried in username and password combinations, both business and personal. Humans are not good at remembering long and complex passwords, and this leads to poor practices that include reusing passwords, writing them down, or saving them in browsers. These practices present a significant risk to the security of an organization.

Cybercriminals are aware of these unsafely stored passwords and know that compromising a user’s credentials can give them access to key systems and sensitive data. This means these usernames and passwords are a priority target, making it essential that organizations find ways to tackle the complexity of user access and improve password security.

Enterprise password management can be an answer to that challenge. Password managers provide a centralized platform usually built around a secure vault that is accessed through a master password logon. Password managers can greatly simplify the user’s password experience by automating many of the complex tasks related to user access, including password creation, enforcement of password policies, automated credential completion, and secure password sharing, all of which help to reduce logon friction, improve user efficiency, and reduce the complexity that leads to poor password practices and heightened risk. Some solutions go further, integrating password management into a broader identity management platform and allowing it to deliver capabilities such as single sign-on (SSO) and identity lifecycle management.

Password and credential management is not limited to user access. Organizations often need to provide secure credentials to non-software systems or as part of their software development process. Often, this access is not provided through username and password but via certificates and cryptographic keys, generally called secrets, the management of which is complex. However, vendors are now adding secrets management to their solutions, helping to reduce its complexity through automation of practices such as credential injection into code and key rotation.

Passwords, however, are not a viable long-term approach to system access, and organizations must find a way to move toward a passwordless future that replaces traditional credentials with different authentication factors and biometrics to control access. Password managers can help bridge this gap by introducing passwordless access to their platforms and using it to obfuscate passwords and other credentials when users access enterprise systems, initiating the shift toward passwordless operations, even for platforms that as yet do not support such access.

At the same time, after recent breaches involving password management vendors, organizations are likely questioning the security of password managers. This is a wake-up call to the industry. But while the security of these solutions is a serious consideration, the risks presented by poor password management are too numerous and significant to ignore. At present, password managers are still the best way to address the risk of compromised credentials.

This GigaOm Radar report highlights key enterprise password management vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating Enterprise Password Management Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.