Request demo
Request demo
Request demo
November 18, 2025

Navigating the PAM Landscape according to Info-Tech 

Written by: Barbara Hoffman

In today’s digital landscape, securing privileged access across IT, operational technology (OT), and cloud environments is more critical and more complex than ever before.

Meeting the New Realities of Privileged Access Management 

As enterprises face increasingly sophisticated threats, sprawling hybrid infrastructure, and compliance pressures, security teams are challenged with managing not only human users, but also non-human identities, ephemeral workloads, and high-stakes access in OT environments.

Traditional PAM solutions, designed around static credentials, password vaults, and perimeter-based models, struggle to keep pace with the dynamic, distributed, and regulated environments in which organizations now operate. 

Info-Tech Research Group highlights this shift, noting that modern enterprises need PAM solutions that enforce Zero Trust principles, provide granular and auditable controls, and scale across diverse hybrid-infrastructures. The ability to reduce standing privileges, support compliance, and integrate seamlessly across IT and OT environments is quickly becoming a baseline requirement rather than a differentiator. 

Establishing a Zero Trust Foundation and Modern Architecture 

In the analysis, Info-Tech recommends organizations seek a Zero Trust-based, cloud-native PAM solution built on modern principles. IT and security teams need to look towards passwordless, short-lived certificate-based authentication, evolving past traditional PAM tools that are focused primarily on vaulting static credentials.

This minimizes the attack surface and eliminates risks associated with hardcoded or long-lived credentials. Access should be granted just-in-time, with just-enough privilege, and then automatically revoked - creating a dynamic, zero standing privilege (ZSP) environment that’s more resilient against misuse and mitigates the risk of breaches. 

Building a solid Zero Trust-based foundation now requires a microservices architecture that can allow for seamless scaling, rapid releases, and high availability. Whether deployed on-premises, in the cloud, in Kubernetes or in hybrid configurations, the right solution needs to adapt to meet the needs of today’s enterprise IT and security teams. 

Core Capabilities for Securing Privileged Access     

At the core, a modern PAM solution brings together a robust set of features to protect high-value assets and streamline access governance: 

  • Secrets Vault Integration: Secure storage and rotation of credentials to ensure continuity across all environments and fundamental compliance with regulatory standards. 
  • Granular Access Controls: Defined roles as to what users can do post-login, including command-level restrictions, enabling precise access governance and enforcement. 
  • Privileged Session Management: Monitoring and recording for all user activity, keystrokes, and session metadata across SSH, RDP, VNC, and web protocols, supporting audit readiness and forensic investigations. 
  • SSH Key Management: Discovery, rotation, and management of SSH keys to eliminate unmanaged trust relationships and facilitate a smooth migration to certificate-based authentication. 
  • Certificate-Based Authentication: Replacement of static passwords with short-lived certificates that are automatically issued and revoked. This simplifies operations and aligns with compliance mandates such as EO 14028 and M-22-09. 

These capabilities should extend beyond user access. For application-to-application (A2A) interactions, secrets and credentials need to be managed programmatically through APIs, enabling secure automation and CI/CD workflows. 

Differentiating your PAM Approach for the Modern Era 

While many PAM vendors offer comparable access control or session management, Info-Tech recognizes our PrivX PAM solution for distinguishing itself through: 

Zero Standing Privileges (ZSP) 

Rather than maintaining privileged accounts with always-on access, PrivX enables just-in-time access provisioning based on RBAC policies. Once the task is completed, the privilege disappears, drastically reducing the risk of credential compromise.

Quantum-Safe Connectivity   

PrivX supports dynamic, on-demand quantum-safe site-to-site tunnels, protecting access from remote locations without exposing the network. This is especially valuable in critical infrastructure use cases where long-term cryptographic resilience is vital. 

Microservices and DevOps Readiness 

With support for modern deployment models (including Infrastructure-as-Code with Kubernetes), REST APIs, and rapid iteration, PrivX is future-ready and easily integrates with CI/CD pipelines and observability platforms. 

Dual IT/OT Focus 

PrivX is purpose-built to operate not only in IT networks but also deep within OT environments such as manufacturing and energy. It aligns with the Purdue model to map user access across different OT zones, ensuring safe, contextual privilege escalation. PrivX Network Extenders allow secure access to isolated OT environments via time-limited, quantum-safe connections using standard and proprietary protocols, without persistent network changes.  

Final Thoughts 

Info Tech concludes SSH PrivX PAM exemplifies what a modern PAM platform should be: Zero Trust by design, adaptable across IT and OT domains, and focused on reducing operational overhead without compromising security.

Leveraging unique expertise and innovation, SSH delivers a solution that meets today’s regulatory, operational, and technological demands. 

The findings from Info-Tech reinforce PrivX’s strength as a next-generation, modern PAM solution. Its combination of Zero Trust enforcement, passwordless authentication, and support for both IT and OT environments distinguishes it from legacy PAM tools that rely heavily on vaulting and static secrets. 

Organizations facing complex compliance demands, contractor access needs, or hybrid infrastructure challenges will benefit from PrivX’s adaptability. Its ability to eliminate standing credentials, enforce least privilege dynamically, and provide granular visibility delivers both security and operational value. 

 

Read the full report>>> 

Learn more about PrivX >>>

 

Tag(s): Operational Technology , PrivX OT

Barbara Hoffman

Product Marketing Manager, PrivX ZT Suite at SSH Communications Security

Other posts you might be interested in

secure communications
7 min read | July 8, 2025

#SecureCommunications: Is Strong Encryption Alone Enough?

Read More
secure communications
8 min read | April 1, 2025

Securing For-Your-Eyes-Only Digital Communications the Right Way 

Read More
secure communications
4 min read | January 20, 2025

Data Sovereignty: Why Our Company Adopted the Matrix Protocol for SalaX

Read More

SSH is a leading defensive cybersecurity company that secures communications between humans, systems, and networks. We specialize in Zero Trust Privileged Access Controls and Quantum Safe Network Security. Our customers include a diverse range of enterprises, from multiple Fortune 500 companies to SMBs across various sectors such as Finance, Retail, Technology, Industrial, Healthcare, and Government. 25% of Fortune 100 companies rely on SSH’s solutions. Recent strategic focus has expanded SSH business to Defence, Critical Infrastructure Operators, Manufacturing OT Security and Public Safety.

Leonardo S.p.A invests 20.0 million EUR in SSH, becoming the largest shareholder of the company. SSH solutions form a Center of Excellence for Zero Trust privileged access management and quantum-safe network encryption in Leonardo - a global industrial group that creates multi-domain technological capabilities in the Aerospace, Defence and Security sector with 17.8 billion EUR revenue in 2024. SSH company’s shares (SSH1V) are listed on Nasdaq Helsinki.

 

Stay on top of the latest in cybersecurity

Be the first to know about SSH’s new solutions, product updates, new features, and other SSH news!

Thanks for submitting the form.

© Copyright SSH • 2025 • Legal