Bomgar announced its intent to acquire BeyondTrust, with the combined IT security entity being known as BeyondTrust. Terms of the deal were not disclosed.
Current BeyondTrust CEO Kevin Hickey said the deal makes sense because not only do both companies provide privileged access management (PAM) software, Bomgar also has a portfolio of complementary remote access software. Current Bomgar CEO Matt Dircks will become CEO of the combined BeyondTrust entity once the deal is closed, expected to be sometime in October.
Hickey said the combined company opted for the BeyondTrust moniker because PAM is now one of the fastest growing categories in terms of greenfield opportunities in all of IT. Following a wave of breaches that mainly involved some means of compromising credentials, Hickeys said investments in PAM software are now occurring across the enterprise.
Of course, PAM is not necessarily a new concept. IT operations teams have been managing credentials for accessing specific applications for years. What is different now is that cybersecurity teams are taking control over those processes as they seek to apply an enterprisewide approach to PAM. The primary driver of that shift is the level of integration that now exists between applications. The BeyondTrust PAM software is designed to provide a means to centrally manage credentials across a distributed enterprise in a way that also makes it easier to contain a breach in the event a credential winds up being compromised, he said, adding that approach is proving to become more effective than solely focusing on trying to defend a network perimeter against all possible threats.
Collectively, Hickey said the two companies will have 800 employees serving more than 19,000 customers that collectively generate more than $300 million in revenue per year for the combined entity. The initial focus will be on combining the two PAM products the companies bring to the combined entity, and then integrating that PAM offering with the remote access software provided today by Bomgar, he said.
Hickey noted the credential security issues will only become more acute as IT becomes more distributed in the age of the internet of things (IoT). Managing credentials across islands of IoT projects won’t be feasible for most organizations. Enterprisewide approaches to managing credentials will need to be extended beyond the network edge, he said.
Most end users today still count on end users to manage passwords and credentials. While end users will always play a role in security it’s become apparent that phishing attacks continue to be an effective method to compromise credentials. Hickey said training end users to better recognize those types of attacks remains important, but too many end users remains susceptible to the most rudimentary types of phishing attacks.
Managing credentials may not be the most glamorous task in enterprise IT, but given the number of breaches that now regularly occur it’s clearly become one of the most critical tasks in all of IT. The challenge facing IT organizations not only is finding an agile way to manage all those credentials at scale, but also making sure they can be easily changed once the breach inevitably occurs.