How much do Privileged Access Management (PAM) solutions cost?

Privileged Access Management or PAM solutions are a relatively new breed of tools that allow you to manage credentials with advanced permissions. 

It’s vital to properly monitor and secure these accounts because they grant access to critical network systems and applications. 

If you are considering purchasing one of these tools, here are a few key elements to review as you assess costs and pricing structure. 

Costs of PAM

There are four primary factors to consider when evaluating the cost of deploying a PAM solution: 

  1. Licensing: This is the cost of the product itself. It can be a one-time payment or subscription model. Products may also be licensed per credential vault server or by the number of credentials stored, or even a combination of the two.  
  2. Implementation: This refers to the expenses associated with deployment, and often technology providers offer advanced support services to assist in the implementation process. With a new product, proper network and system configuration are essential, so you’ll want to review these offers to consider if it’s right for your team. Surfacing these costs as early as possible in the process is vital as it can often equal, or exceed, the software license fee. 
  3. Training: Your team needs to learn the tool and understand all capabilities. Vendors should offer some form of training to get your team up to speed. But buyers beware, as these costs are often not included in your license fee and can add up. 
  4. Support and Maintenance: Ongoing support of the solution is usually needed for break-fix and updates. Sometimes this is included in the pricing of the platform, but often it is an additional cost.

At the end of the day, it is important to make sure you understand what these fees are, if they are optional, and what they cover.  

PAM pricing models

Most Privileged Access Management tools offer either a subscription or perpetual pricing model. 

  • Cloud: The Software as a Service (SaaS) model is becoming prevalent where you basically pay for the use of the companies infrastructure running the software.  This makes access easier for multiple locations and can bring availability benefits, but it also has security concerns as you do not directly control the infrastructure. SaaS software is usually a flat monthly subscription fee.  Maintenance or support is typically built into the fee.  
  • Subscription: This payment model allows an enterprise to rent the software for a monthly or quarterly cost. Often, the vendors offer a lower price for the first few installments then transition to a higher price for long term contracts.  If you choose this model, make sure you know if support and maintenance are included in the subscription.
  • Perpetual: In this pricing model, an enterprise will buy the software license with a one-time payment and receive the rights to use it in perpetuity.
    In another version of this license model, the provider accepts a one-time payment with a smaller annual cost – typically 20-25% of the list price for support and other services.  However, you will have to pay for upgrades to future versions if you want new features. These prices can be significant if the vendor changes their pricing model or scheme, for example when Microsoft switched from per-processor to per-core pricing for SQL. 

Budgeting for PAM

The actual cost of a PAM tool may vary by use case. Meaning, the size of your organization, the number of endpoint users, or servers accessed impact the price. 

Each company has different approaches, so be sure to map out your implementation and usage plan in advance to estimate the number of users that will need access and how it will scale up as you increase use. 

When considering a new solution, IT managers should understand how their choices will affect how accounting classifies the expense.  This can make a big difference to CFOs and the bottom-line.  

There are two major categories of software expenditure: a capital expense (CapEx) and an operating expense (OpEx). 

Capital expense: This refers to a fixed asset. If you buy a PAM tool in this category such as with a perpetual license, you need to be confident it will be a resource used for at least 3 years as tax laws require the expense to be spread over at least that many, sometimes longer.  

Operating expense: This refers to day-to-day business costs. If you have an ongoing subscription model, you can generally categorize the purchase as an operating expense, which means it can be written off in the same year you paid for the platform.  Additional maintenance and support services fees are generally categorized this way as well. 

A robust PAM solution will dramatically reduce the attack surface of your network offering a significant return on investment. However, it’s important to first lay out your use case, vet a wide selection of PAM providers, and consider all the cost and process implications of implementation. To learn more about the best PAM use cases, check out our blog that covers when implementing a PAM solution makes the most sense.

NOTE: This article is not meant to be construed as tax advice, but rather a general discussion of options and their possible tax treatment.  Always consult your accountant for the proper reporting of the actual purchase. 

The post How much do Privileged Access Management (PAM) solutions cost? appeared first on SecureLink.



*** This is a Security Bloggers Network syndicated blog from SecureLink authored by Tony Howlett. Read the original post at: https://www.securelink.com/blog/how-much-do-privileged-access-management-pam-solutions-cost/

Tony Howlett

Tony Howlett

Tony Howlett is a published author and speaker on various security, compliance, and technology topics. He serves as President of (ISC)2 Austin Chapter and is an Advisory Board Member of GIAC/SANS. He is a certified AWS Solutions Architect and holds the CISSP, GNSA certifications, and a B.B.A in Management Information Systems. Tony is currently the CISO of SecureLink, a vendor privileged access management company based in Austin.

tony-howlett has 50 posts and counting.See all posts by tony-howlett