Identity security specialist
Delinea has started the FedRAMP High Authorization process to make its Privileged Access Management (PAM) solution, Secret Server platform, available to federal agencies.
The federal FedRAMP program is designed to ensure that cloud-based IT products meet stringent security requirements. The FedRAMP High designation ensures that the technology has passed the most rigorous standards for handling sensitive government data.
For Delinea, it means that its Secret Server – which is used to secure all privileges, from AI and machine accounts to administrator accounts, in an enterprise – can also protect the U.S. government’s most sensitive unclassified data in the cloud. According to the company, Delinea is working with identity and access management (IAM) and technology integrator
UberEther for the FedRAMP authorization process.
“It demonstrates our commitment to the highest standards of security and compliance, and opens the door for us to deepen our work with U.S. federal agencies,” Delinea President
Chris Kelly told MSSP Alert. “It not only positions us as a trusted provider to the U.S. government, but to any enterprise in highly regulated industries that prioritize rigorous cybersecurity standards.”
Kelly said the process goes beyond simply checking boxes—it’s about building trust in the organizations that rely on the company’s Secret Server.
Identities Under Fire
Delinea’s FedRAMP authorization push comes at a time when the identity security space is seeing rapid changes. Threat actors several years ago began moving from software vulnerabilities to identities and credentials as their targets for compromising corporate and government IT environments.
With the accelerated rise of AI and cloud computing, the identity attack surface has expanded and along with a surge in machine identities. In a
report last month, Delinea revealed that not only has the ratio between machine and human identities widened – there are now 46 machine identities for every human identity, with the number of such identities expected to grow past 45 billion this year – however, they are increasingly becoming targets for cyberattacks.
Security practices around them also are falling short, according to the report. More than 70% of non-human identities – which include not only machine identities but also APIs and service accounts, among others – are not rotated within recommended timeframes, and 97% of organizations expose these identities to third-party vendors, increasing the risk of unauthorized access.
Such trends, along with the rise of AI and accelerated adoption of cloud computing, are driving global identity security market that Fortune Business Insights analysts expect will grow from $19.8 billion in 2024 to
$61.74 billion by 2032.
Cloud, AI Increase Complexity, Risk
“Identity-based attacks are on the rise because they’re so effective and constantly evolving,” Kelly said. “In the age of cloud and AI, organizations are rapidly expanding their IT environments with hundreds, or even thousands, of machine identities interacting with critical data and systems and increasingly making autonomous decisions. ... Organizations need to implement modern security controls that can manage, provision, and govern this identity explosion that have greatly expanded the attack surface.”
The vendor’s Secret Server is a privileged access management (PAM) solution that can be used on-premises or via Delinea’s cloud-native platform. The on-prem version will get the FedRAMP High certification and includes features like a secure vault and password manager, access control through multi-factor authentication (MFA) and single sign-on (SSO), automated discovery of human and machine identities, and reporting and compliance capabilities.
“Identity is foundational for a robust cybersecurity strategy, especially when it comes to authorization,” Kelly said. “Every access decision in modern IT environments starts with identity: who are you, what do you need access to, and how will that access be governed? If you get this wrong, everything else in your cybersecurity arsenal is at risk of failure.”
That’s why zero trust and the principles of least privilege are so important, he added, shifting the focus from simple logins to continuously verifying identities. Last month,
Delinea expanded its AI capabilities to enable organizations to better detect and protect human and machine identities across cloud environments.
MSSPs Fill an Important Role
Protecting identities and detection threats to them is becoming increasingly complex, according to Kelly.
“Not every organization has the bandwidth or resources to stay ahead of evolving attack tactics, which makes MSSPs and MSPs incredibly important partners,” he said. “They help enforce authorization and least privilege, detect threats and unauthorized access, as well as help organizations meet audits and compliance requirements.”
Delinea bolstered its channel program earlier this month by tapping
Alex Thurber as senior vice president of its global channels program. Thurber brings with him experience in the channel with Riverbed Technology, Cisco Systems, and McAfee well as other executive positions with BlackBerry, Virtana, and WatchGuard Technologies.
