BeyondTrust has named Gartner analyst Felix Gaehtgens as Vice President, Product Strategy. Gaehtgens spent 13 years at Gartner, where he was considered to be an expert in privileged access management (PAM), identity and access management (IAM) and machine IAM. He told ChannelBuzz why he made the decision to leave for BeyondTrust specifically.
“Why didn’t I go to another vendor?” he asked rhetorically. “The reason why I really explicitly chose to talk to BeyondTrust and didn’t even start talking to some of the other vendors was because I really saw its potential to be become the leader in many of the aspects of privileged access management. And I think that the team and the team’s focus on their customers and the way that they treat their customers was different than from what I’ve seen.”
Gaehtgens covered PAM at Gartner for 12 years, so he definitely still sees BeyondTrust smack in the centre within PAM. It is becoming much more than that, however.
“If we look at where things are heading right now, I see some huge opportunities in some adjacent areas, some of them like really so close that you can touch them or that you’re actually already overlapping with them,” Gaehtgens said. “One is machine identity management, or some people call it, non-human identities. This has always been a part of what privileged access management solutions delivered, but they delivered it according to an old legacy model of managing static service account credentials and passwords. The account that is used by an application to connect to its database or an automation account that does something every night on a particular system, they need credentials as well. PAM tools would always do this.
“But now, if you fast forward to today, it’s a vast area where I think for every person that an organization has, probably have 40 to 50 different processes, different machine accounts that are acting and doing all kinds of things,” Gaehtgens noted. “And that’s even before we have Agentic AI, and if you bring Agentic AI in, that adds another exponential dimension to all of this. So we will have a lot of interactions between machines and they have to be secured and protected. And we’re really at the cusp of a major crisis because the way that these are being protected is very immature right now. And so there’s a tremendous opportunity for ourselves to become a leading voice and a leading actor within that space.”
Machine actions complicate this further.
“When extending from the privileged human access to the machine access, let’s say we have a company with 10,000 people,” Gaehtgens commented. “And of these 10,000 people, how many people need privileged access? It could be maybe 200, maybe 300 or 500. But then how many machine interactions do we have? Now, before AI, it would probably be hundreds of thousands of machine actors doing some things, right? And they’re usually not very well protected, or they’re protected using some fairly antiquated methods that really do not scale to modern cloud systems. There’s actually a massive scale of these machine-to-machine interactions that have to be secured. Now you bring in Agentic AI and that adds yet another dimension to it. The only way to do this actually is by moving to a dynamic method. We can’t manage hundreds of thousands of accounts, especially when these accounts are really just used for a few seconds or a few minutes or maybe even a few hours before they go away and then a new one is being created. With today’s dynamic infrastructure, we’ve got all these containers that are spinning up left, right and centre, like there’s no tomorrow. We’ve got these agents that spin up, do something for a little bit, maybe four seconds, and then they invoke something else that runs for a few seconds. All of this needs to be credentialed. We have to do this dynamically. We have to do this in a policy-based way. And that creates a tremendous opportunity for BeyondTrust to really become a leading light within that thing. That’s one of the things I’ve focused on quite a bit at Gartner in my last one and a half years, and I’m really looking very heavily into this and to make us a big leader within that particular area.”
When dealing with more traditional IAM like Okta, things which appear simple can be more complex than they appear.
“Once you’re in Okta, you can look at all these tiles and you click on one of them and then you’re automatically logged into whichever application it is, and that’s a very neat feature and that’s also a very visible feature because you’re using it and you love it because you don’t have to remember a different password for all of these tiles,” Gaehtgens said. “That’s what we would call single sign-on or federated sign-on because it leverages the account that you have within your organization to then log on to all of these other applications. But there are a few other things that have to happen in the background. So IAM is more than just single sign-on or even sign-on, even though sign-on is of course a very important factor. There’s also the authentication piece. How do we make sure you are who you claim to be? And then there’s the other part, which is also interesting, which is if I don’t know you, how can I tell that you actually claim that you are who you claim to be? How do I actually verify that you’re not some kind of synthetic identity generated by some kind of bot? Some kind of AI? So that anti-verification piece is another piece of that. And then you have another one, which is the whole identity lifecycle management and identity governance. And we’re still talking about people, right?”
People have to be managed very differently than machines.
“It’s because people have a fairly long-term relationship with a company,” Gaehtgens pointed out. “You’ve got this agent that has to look at multiple things. They have to look at your calendar. They have to look at your location. They have to think about travel plans and times, all of these kinds of things. And so they actually interact with a lot of different systems. You look at your calendar system, they look at booking, they look at some kind of geolocation service, like some kind of mapping service, all of these things. So you’ve got all these interactions happening. And that whole thing might take a minute or so with one thing driving the whole process and interacting with all of these systems. And after that, the job is done. They don’t need that permission anymore because the job’s done. So you need to create all of these types of connections and all of this access instantly for maybe a minute. And then afterwards tear everything down again. Right. So it’s a totally different animal than onboarding an employee or onboarding a customer that you’re going to have a relationship with for months or years.”
A key part of Gaehtgens’ new job will be to spearhead the strategic product vision. After eight days on the job, he is still figuring that out.
“As I looked at BeyondTrust from the outside in as an analyst, what I saw was a lot of deep customer relationships and a focus on maximizing value and flexibility for clients. And now that is not just some fuzzy talk, but very specifically when you compare BeyondTrust to some of their competitors, you find that some competitors, they play the typical games that vendors play to maximize revenue, to maximize vendor lock-in, kind of force you down a path that doesn’t necessarily always align with an organization’s best goals. So for example, one thing they’ll try to do is get you on their cloud plan. Whether you really want to or not, it’s just kind of something that they’ll try to force you down by just making it more and more and more difficult to run self-hosted. The other thing that some vendors would try to do is they’ll take a pretty popular product and then they’ll splice it and dice it into different components and license them separately.
“BeyondTrust never really played this game, which I thought was very friendly to their customers,” Gaehtgens said. “And even today, they deliver on-premises and SaaS versions of all the products. And they really ensure that clients retain that choice that best fits their needs.”
The other thing was that BeyondTrust built a really strong portfolio of different products to cover different needs around privileged access management.
“So when you look at it from my perspective, it’s like I’ve got a lot of great building blocks that do certain things,” Gaehtgens said. “Think of it like a lot of different Lego blocks. And what I want to do right now is to enable us to to take these blocks and perhaps put them together or allow clients to put them together in different ways to cover much more ground because you can already do a lot of things in isolation. So if you if you build some more pathways between the products or if you extend some of those products slightly to help you get to some other things, that just opens up the path to do a lot of new things.
“There’s another big world out there, which is the whole world of DevOps and cloud-native computing, software development, DevOps pipelines,” Gaehtgens stated. “This isn’t something where privileged access management really has a big role. But then again, it should because when you’re building software, a lot of this happens in a very automated way. You have like these pipelines that build software and they put heaven and earth into motion. They verify pools and they build containers. So actually, there is a lot of privileged access that happens within the these pipelines and much of it is automated. And a lot of these things, they’re kind of being patched together with bubblegum and shoestring when we talk about security. Whereas if you really have a good privileged access security model, you can really tie them together with something much stronger, which I think is a tremendous additional opportunity for us to take those great building blocks that we already have and extend them a little bit to cater to all of these additional use cases that use a lot of hyper-automation. And that, of course, would then enable us to be of use to a much wider population of constituents that would use our products.”
Gaehtgens continued to suggest ways to advance BeyondTrust’s product vision.
“I have not changed anything in the products on my eight days, but I think I brought in some excitement for how we can think about adapting some of our products to extend to other other use cases and how we can also integrate them with other use cases that to me can have seemed like a pretty obvious value add, but that I think clients aren’t yet realizing it. So I want to do much more of that. That way, privileged access management isn’t just something to manage access for your sysadmins and your operators, but is used in a lot more automated processes and extends into other constituencies that hadn’t classically been seen as the typical consumers of privileged access, even though there is that functionality there. It’s just not really as well known. Let’s say we’re talking about drones, like a lot of drones are being sold to hobbyists or maybe military uses. And actually, that does make sense, except that your regular delivery pipeline or delivery chain hasn’t really used these methods. But with a little bit of adaptation, we could actually enable that use case and make that more prominent. So adding a little bit really opens up the use cases for what we can actually do.
“There are some products that innovate in their own silo,” Gaehtgens continued. So if you’re a product manager, you think about how your product is being used and what customers want you to do, but when you have multiple of these Lego blocks, there are some bigger ticket items that you want to drive across your own portfolio. It means what if we think of like some of the main themes and enable these themes across all of our different products, like automated processes or machine interactions. There are different products within the portfolio that do a bit of that. So if this is now becoming a common theme around our products. If you have different products that fit together, that extend your capabilities, it’s going to allow you to do this new paradigm in a much more effective way. The whole portfolio acts as an enabler and modernizes along with all of the technological shifts that we’re seeing within the industry.”
Despite all the technology shifts, Gaehtgens is dubious about a lot of the hype, as befits someone who spent years at Gartner.
“When I was at Gartner, I got the same thing, all of the vendors suddenly throwing up all these buzzwords and all of that hype in there. Now, for AI, I mean, for sure, it does have an impact on a lot of people. When you look at web search, for example, web search is going down quite drastically because people aren’t even going to Google and searching for a phrase, they’re just putting something in a chat. And they expect to get an answer from that. We can also leverage our private company data for outcomes, so they can say, hey, look at all the revenue across the portfolio and tell me all of the specific trends. If you had to do that by hand, it would take you a few hours to do this. But if you’ve got it connected to your AI, it can actually fetch this data and massage this data and give you the results that you’re looking for in a much faster way. And so that means that we’ve got a lot of more connections that are being made through the adoption of that and they have to be secured. And very honestly, a lot of this is not very well explored. I mean, we do understand the problems and there are a lot of novel approaches. It’s going to take a while for that dust to settle until we really have good practices. In addition, a lot of machine-to-machine communications is happening, and they all need to be credentialed, and they all need to be authenticated. So that’s one of the things that I’m definitely dealing with right now as well.