Hybrid security trends: why PAM is still the control gap

TL;DR: 68% of organisations suffered a cyberattack in the last 12 months, while 49% would prioritise improving PAM if they could choose, according to Netwrix Research Lab’s survey of 1,610 IT professionals across 106 countries. The message for identity programmes is clear: hybrid security still fails at privilege control, not just at perimeter coverage.

NHIMG editorial — based on content published by Netwrix: 2023 Hybrid Security Trends Report

By the numbers:

• 68% of organizations suffered a cyberattack within the last 12 months.
• 49% of respondents would opt to improve privileged access management (PAM) in their organization if they could decide on their own.

Questions worth separating out

Q: How should security teams reduce privilege risk in hybrid environments?

A: Start by inventorying every elevated identity that can operate across on premises and cloud systems, then remove standing access wherever possible.

Q: Why do hybrid environments make PAM harder to govern?

A: Hybrid environments spread elevated access across different control planes, which makes it easier for privilege to become inconsistent, duplicated, or invisible.

Q: What breaks when privileged access is left standing in hybrid estates?

A: Standing privilege turns one compromised identity into a broad access path across multiple systems.

Practitioner guidance

• Map privileged identities across the hybrid estate Inventory every admin account, emergency account, service credential, and cloud role that can reach sensitive systems.
• Shrink standing privilege before adding more controls Replace persistent elevation with just-in-time approval and task-scoped access where the workflow supports it.
• Unify privileged session oversight Monitor privileged activity through a single control model that covers session start, command scope, and revocation across platforms.

What's in the full report

Netwrix's full research covers the operational detail this post intentionally leaves for the source:

• Survey methodology across 1,610 IT professionals from 106 countries, useful if you need to judge how representative the findings are.
• Breakdowns of security incidents and cyberattack experience by environment type, which help teams compare on premises and cloud exposure.
• Respondent views on current security measures, future plans, and cyber insurance adoption, which are useful for programme benchmarking.
• The full set of broader IT priority data that explains how identity and security compete with other budget demands.

👉 Read Netwrix's 2023 hybrid security trends report on cyberattacks and PAM →

Hybrid security trends: why PAM is still the control gap?

Explore further

View Full Forum →  |  NHI Foundation Course →