Editor's note: This blog post was originally published on Febuary 4, 2020 and was updated to include details about the second patent granted for PrivX and to highlight the recognition from the KuppingerCole analysts group.
Early this year, we announced that The United States Patent and Trademarks Office (USPTO) has granted SSH.COM a patent (US10523445), which covers secure passwordless access to hosts in hybrid networks comprising on-premise and cloud resources. This technology is used in our lean privileged access management (PAM) solution called PrivX. Get the full details of US10523445 here.
A few days ago, we announced a further patent (US10764263) granted by the same authority. This one covers the role-based generation and provisioning of short-lived ephemeral certificates for passwordless access to critical systems, applications, and data.
We believe in passwordless IT infrastructures
As IT workloads move to the cloud, privileged access management (PAM) solutions are essential for enterprises of all sizes when adopting multi-cloud services (AWS, Azure, Google Cloud, and other) into use in their IT infrastructure. This is because IT infrastructures host business-critical information, and PAM solutions manage who has access to where and with what rights.
These patents provide SSH.COM's PrivX offering a substantial differentiating edge in the fast-growing multi-billion-dollar market of next-generation PAM solutions because not all PAMs are created equal.
PrivX is a multi-cloud-born (but also on-prem friendly) PAM in which cloud features are not "just an add-on" or an attempt to retrofit legacy architectures to cloud. We simply ditched traditional passwords, permanent credentials, and standing privileges that are easily lost, stolen, misconfigured, have to be managed and need to be rotated. As Gartner puts it:
“The existence of privileged access carries significant risk, and even with PAM tools in place, the residual risk of users with standing privileges remains high. Security and risk management leaders engaged in IAM must implement a zero standing privileges strategy through a just-in-time model.”- Remove Standing Privileges Through a Just-in-Time PAM Approach by Gartner.
With PrivX, your internal or external developers and admins don't handle any standing privileges or passwords. Instead, they are authenticated just-in-time with the right amount of privilege for the task at hand, and that authentication is revoked automatically every time.
We understand that you cannot get rid of all the credentials in your critical IT, so to that end, PrivX also has a password vault for when you absolutely have to store them. We just recommend you use ephemeral access as much as you can.
This is because ephemeral certificates that are created just-in-time are a huge boost to operations: take a look at our quick two-minute explainer video to see what the fuss is all about. You might notice that our lean, scalable and very deployable PAM is a great fit for also growth driven and small & medium sized companies.
Recognitions beyond the patents
While we are excited of this patent (it does once again validate that we are doing something pretty cool and unique), we are even prouder and more excited about the path we are on with PrivX and some of the milestones we have reached:
- Several thousand signups for the PrivX Free program
- A steadily growing roster of paying customers from all across the globe (In fact, Antarctica is currently the only continent we are missing. Penguins: we're coming for you!)
- A growing pipeline of large enterprises interested in and adopting PrivX
- KuppingerCole's recognition of PrivX as an overall leader in their 2020 PAM Leadership Compass (you can learn moe about PrivX customers in the blog post as well)
- Increasing recognition of PrivX and its ephemeral certificate based authentication approach as the leading ZSP (zero-standing privileges) PAM and just-in-time access tool tool on the market
- A cool €2M in EU funding for further development of PrivX
- The patents (and we have several other applications in the pipeline)
All this gives us even more energy to keep developing PrivX and reimagining what a truly modern Privileged Access Management solution is and should be. We have some very cool new developments cooking up that we hope to announce over the coming months.
In the meantime, if you want to know what a truly user-friendly, multi-cloud proof, and easy-to-deploy PAM is, take a look at PrivX. You can either download the free version, take the full product to a test drive within your browser, or arrange a quick demo.