By George Lattimore Posted May 3, 2019
For many interested IT organizations looking on, bells are ringing out as a heavyweight battle unfolds in the privileged access management (PAM) space between Okta® vs BeyondTrust. With Okta’s recent announcement of Advanced Server Access Control (essentially a fancy label for PAM), they have entered into a new category of IT management tools where BeyondTrust is a market leader. Let’s see how Okta and BeyondTrust weigh up against each other and what strategic approach each may take as they go head to head.
Understanding the Need for PAM
Before we can give ringside commentary on the fight developing between Okta and BeyondTrust, we should first look at the privileged access management category in general. As a subset of the identity and access management space (IAM), PAM is essentially the ability to provide user access to critical server and network infrastructure resources. But, where does this need stem from exactly? Well, when PAM was originally introduced, the theory was that the access controls available within a traditional identity provider, generally Microsoft® Active Directory® (AD), just weren’t deep enough for the critical nature of network and server infrastructure. More depth of control was needed to realistically delegate user access and establish effective security.
Traditionally, IT networks were largely Windows®-based and on-prem. A key part of that infrastructure was either the on-prem or collocated data center that housed an organization’s servers. These servers ran the organization’s applications and other critical services, and therefore, were viewed as needing a higher level of security. As a result, an add-on category to Active Directory was created and labeled as privileged access management (PAM). End users who needed to access the server infrastructure usually were required to go through an elevated level of authentication and authorization that didn’t suit AD, and vendors such as BeyondTrust saw this opportunity and looked to capitalize.
Comparing Okta vs BeyondTrust
With the shift to cloud infrastructure such as Amazon Web Services (AWS®), Azure®, and Google Compute Engine, Okta has started peddling a new approach to privileged access management. Known as Advanced Server Access, this SSH key management-like approach is focused on enabling secure access to servers, whether they’re hosted in AWS or elsewhere. This part of Okta’s IDaaS platform is a bit of a departure from their traditional focus on web application management. Customers who are leveraging Active Directory today may actually end up using Okta for web application single sign-on and BeyondTrust for controlling access to servers.
At any rate, the challenge with either solution arises when AD is no longer in the picture. Admins are realizing that AD can be more trouble than it’s worth in modern environments, but traditional add-on solutions like Okta and BeyondTrust effectively require the aging IdP, which can be limiting.
As a result, many IT organizations are interested in making the shift to a cloud identity management solution that effectively eliminates on-prem solutions such as Active Directory, and subsequently, combines a number of different categories together. Ideally, an all-inclusive identity management solution would combine web application single sign-on (SSO), privileged access management, two factor authentication (2FA or MFA), and much more.
Next Gen Cloud Identity Management
If you’d like to try out a cloud-based, all-inclusive solution that can simplify how you implement and manage PAM, be sure to explore JumpCloud’s Directory-as-a-Service®. It’s completely free to use for the first 10 users, and a free account gives you full access to the entire platform. Watch the overview above, and then get started combining PAM with MFA, SSO, and more, for all your resources without the need for AD. Delegate user access to cloud-based and on-prem servers via LDAP and SSH keys, and then try extending this access to the rest of your resources, no matter the platform, protocol, provider, or location in question.