Gartner Says More Than 50 Per Cent of Large Companies Will Use Software Tools to Manage Shared-Account Passwords by End of 2010
Analysts to Explore the Challenges Facing Identity and Access Management Programmes at Gartner Identity and Access Management Summit, London, 23-24 June 2008
Egham, UK, June 16, 2008
The number of organisations using software tools to manage passwords for shared accounts grew 50 per cent worldwide in 2007, according to Gartner, making it one of the fastest-growing identity and access management (IAM) markets. Analysts predict that the shared-account password management (SAPM) market will continue to exhibit strong growth and that more than half of large organisations will use SAPM tools by the end of 2010.
Growth has been driven largely by regulatory compliance, especially where regulations, such as payment card industry data security standard (PCI DSS), require personal accountability. “Two or three years ago, the adoption of SAPM tools was largely focused on larger financial services companies,” said Ant Allan, research vice president at Gartner. “However, compliance has further driven growth across a variety of vertical industries and sizes of organisations. SAPM tools can minimise the risks associated with the use of shared accounts, improve regulatory compliance, and reduce operational costs.”
Gartner estimates that around half of organisations using SAPM tools are large (i.e. organisations with 5,000 employees or more), around two thirds are based in North America and a quarter is based in Europe, the Middle East and Africa (EMEA). One fifth is in banking and other financial services.
“SAPM tools have emerged as best practice for managing shared-account passwords,” said Mr Allan. “Increasingly, they are also being used to manage security and operational risks for software-account passwords used for application-to-application (A2A) and application-to-database (A2DB) access. However, implementation may require an organisation to change every calling application which could create a significant bottleneck to roll out.”
Gartner recommends that organisations use a SAPM tool to automate processes and enforce controls for shared superuser accounts and shared firecall accounts that provide higher than normal privileges for emergency access outside normal working hours. “Organisations considering using SAPM tools to manage passwords for software accounts need to do so as part of a broader application security strategy,” concluded Mr Allan.
Gartner analysts will further discuss how organisations can manage individuals’ use of shared accounts in a controlled and auditable manner at the Gartner’s Identity & Access Management Summit, taking place 23-24 June 2008 in London. The conference brings together a compelling blend of Gartner expertise, end-users and vendors in four tracks, including new research and best practice advice, real-life case studies, interactive panels and solution provider sessions over two days.