Two of them, Safeguard Secure Remote Access and Safeguard for DevOps, are brand new, while the Endpoint Privilege Management solution has been enhanced with new capabilities.

One Identity, the identity security-focused business unit of Quest Software, has announced three new or augmented solutions, as part of the revitalization of their PAM [Privilege Access Management] portfolio. Safeguard Secure Remote Access is a Zero Trust Network solution, built new from the ground up to manage privileged accounts in Work From Anywhere environments. The other brand new solution is Safeguard for DevOps, which as the name indicates is specifically focused on security around the DevOps process. The third offering, Endpoint Privilege Management, is a refresh of an existing solution to secure privilege on endpoints.

One Identity is emphasizing that these new solutions are part of a complete rethinking of what PAM is all about.

“PAM has been around for many years – like identity,” said Bhagwat Swaroop, President and General Manager of One Identity. “But while the term is old, how it is done now has been completely transformed. While it has been all about making sure the right people have right access at the same time, we have rethought how that works. That’s new.”

Swaroop identified three major changes that differentiate this next generation of PAM from the last.

“It used to be that 3-4% of users were considered privileged users and the only ones you needed to protect,” he said. “Now everyone has to be considered a privileged user.”

That now also applies to more than people who work for the organization.

“It’s no longer just about protecting your own employees, but all humans, machines and applications,” Swaroop stated. “So the scale of it is very different.”

The other new principle comes from Zero Trust.

“There must be constant verification to verify the right thing is done,” Swaroop said.

Overarching all of this is the shift to cloud, Swaroop stressed.

“We have to be able to serve from a cloud-first model,” he said. “That’s why we have a string of solutions with a cloud-first model with a Zero Trust philosophy.”

Swaroop acknowledged that pretty much all cybersecurity vendors today are playing a variation of this tune, but said that there are nuances between them.

“The devil is in the details,” he said. “One Identity is a leader in identity-centric security, with three pillars where we shine: Lifecycle Management around Active Directory; Identity and Access Management; and Privileged Account Management. We manage without using siloes, and with a dynamic notion of privilege which is fully orchestrated and fully automated.  It’s all about staying in tune with evolving use cases in customer environment. Once, being able to manage it all in the cloud was not a big deal.”

One of the new offerings is Safeguard Remote Access, a cloud-native solution that delivers Zero Trust Network Access to help remote workers securely access privileged resources.

“We’ve been doing remote access for more than 20 years, but this is brand new, and built from the ground up,” Swaroop said.  “Others call it Zero Trust Network Access, but this is built fundamentally differently, with a very identity-centric view. We built this as multi-tenanted and cloud based, hosted in Azure. We can bring it up in minutes to deploy, not weeks or months.

“Some will see this as a VPN replacement,” Swaroop added. “Now people are thinking about remote access as security. Imagine applications are everywhere and data is everywhere. That’s the design point. Does it work with legacy applications centred in one place? Of course. It provides integrated remote access with session management, so you can not only let a contractor in but also see how they are doing things – making sure they are GDPR compliant, for example.”

Also brand new is Safeguard DevOps Secrets Broker, which enables developers to have secure privileged access as they develop applications, to eliminate unauthorized access to resources and protect the network and data during application development. Safeguard DevOps Secrets Broker integrates with a wide range of leading DevOps tools to orchestrate this protection.

“We went down this path of shifting left to protect the development of new applications,” Swaroop indicated. “It’s slightly different from doing it for employees, but is the same principle. We believe it is very strategic, and will expand our TAM. The benefits of our PAM for DevOps is that it is a scalable solution, that is integrated into unified identity security platform, and that you  can run governance over that.”

The third offering is an enhancement of One Identity’s existing endpoint privilege management solution, that takes a holistic approach to protecting endpoint devices

“We have expanded the suite by adding some new capabilities to provide fully unified endpoint privileged management for Active Directory, Azure Active Directory, Windows desktops, Linux Unix, and the Mac,” Swaroop said.

This revitalization of One Identity’s PAM portfolio is good news for the company’s channel partners, he stressed.

“We are partner-centric,” he said. “I know everyone says that, but we partner exclusively for services. Our sales team is eager to partner with the channel.

“Partners want to work with someone who is a leader, not a laggard, who is financially solvent, and will be around,” Swaroop added. “Today we serve 80% of Fortune 100 companies. We are an innovator that is changing paradigm on PAM. This next-gen PAM will enable partners to execute independent selling and deployment more effectively.”