StrongDM: Interview With CEO Tim Prendergast About The Zero Trust PAM Company

By Amit Chowdhry ● Oct 18, 2024

StrongDM is a leader in Zero Trust Privileged Access Management (PAM). StrongDM provides a policy-based platform that enables precise control over privileged actions and grants secure, compliant, and frustration-free access to all critical infrastructure. Pulse 2.0 interviewed StrongDM CEO Tim Prendergast to learn more about the company.

Tim Prendergast’s Background

What is Tim Prendergast’s background? Prendergast said:

“The foundation for everything I’ve done in technology starts with a 128K Macintosh I received from my father when I was a kid. That was a life-changing event for me and it provided a path that led me to becoming a software engineer and architect. I eventually became the principal architect for Adobe’s Cloud Team, where I designed and scaled a massive AWS infrastructure, which was one of the largest enterprise cloud environments ever built.”

“The project was huge and complex, but I learned first-hand what it takes to migrate workloads and build and maintain a cloud infrastructure. In that role, I became obsessed with the security aspects of this thing we had built because I had to be obsessed with it. It led me to reconsider the critical role that security plays not just in the general aspects of a software environment, but in running and  growing a successful business.”

“I had a lot of interaction with CISOs and CIOs and began to understand the overwhelming burden on their shoulders. They had to migrate and scale these unwieldy workloads into the cloud, but their corresponding security solutions lacked the necessary visibility and automation to operate at scale. They had no way to automate security and compliance. I knew there could be a better, easier, far more effective way, so I joined with some of my Adobe colleagues to create Evident.io, which became the first continuous security solution for public clouds. Palo Alto Networks acquired Evident after a few years and made it the cornerstone of their cloud security business.”

“While I’m a builder at heart, it’s not only about developing products for me. I’m an entrepreneur and I love the process of orchestrating the efforts of smart, dedicated people and creating an environment where they can think big, try stuff, make mistakes, collaborate, and eventually deliver something truly transformational. And that’s why I joined StrongDM two years ago. I was so intrigued by the ingenuity and foresight of the people here, so I came in as CEO to help take the company to the next phase.”

Formation Of StrongDM

How did the idea for StrongDM come together? Prendergast shared:

“I discovered that the privileged access management (PAM) market was filled with vendors who hadn’t delivered any innovation in decades. These companies were still delivering virtual private network (VPN) replacement products when their customers needed solutions to manage growing groups of users who are operating in increasingly complex environments. So, we put our efforts together and delivered a Zero Trust PAM solution that uses the principles of Zero Trust to evaluate and govern every action, no matter how minor.”

Favorite Memory

What has been your favorite memory working for the company so far? Prendergast reflected:

“Things move so fast in the startup world. Sometimes it’s hard to frame all the change and activity around specific milestones. But the place we’re in now as a company, and the direction we’re going became clear when we realized the state of the PAM market had to change and that we could change it. Our team – with contributors from product, engineering, sales, and marketing –  collectively recognized that traditional PAM solutions were not only outdated, but also fundamentally ineffective in addressing the rapidly evolving challenges of modern enterprise security.”

“We saw that existing PAM solutions focused too narrowly on access control without considering the dynamic and complex actions performed by users within an organization’s digital environment. This gap left enterprises vulnerable to sophisticated cyber threats that frequently exploited these blind spots.”

“So, we decided to change it. We embarked on a mission to redefine PAM. We envisioned a dynamic, Zero Trust PAM solution that would adapt to the context of the user, the sensitivity of the action, and the evolving threat landscape – ensuring a robust and comprehensive security posture.”

“Building this new solution was transformative. We worked tirelessly to develop fine-grained authorization policies and a robust policy enforcement engine capable of maintaining continuous vigilance over every action within an organization’s digital ecosystem. We understood that this unified approach would not only enhance security, but also provide organizations with the agility needed to respond to emerging threats swiftly.”

“This stage in our company’s evolution is seared into my memory because it marked the beginning of a revolutionary shift in enterprise security – and we did it. It gave us a new commitment to creating a solution that would fundamentally transform how organizations protect their most critical assets.”

Core Products

What are the company’s core products and features? Prendergast explained:

“StrongDM enables enterprises to improve security controls for critical infrastructure and resources through micro-authorizations, contextual awareness, and enforcement of policies. It gives multidimensional protection of managed enterprise resources through granular, continuous assessment and authorization for privileged users.”

“For security and compliance teams, StrongDM is a practical and efficient solution for managing access within an organization. Its core product is a dynamic and Zero Trust PAM platform that goes beyond just controlling access. It evaluates every user action in real-time, considering the context and sensitivity of each action to ensure security and compliance.”

“Our platform integrates smoothly with various infrastructure components, whether in the cloud, on-premises, or hybrid setups. It supports Single Sign-On (SSO) for easy and secure access and includes workflows for access requests, making it straightforward for users to get the permissions they need. With real-time monitoring and session recording, admins can keep an eye on activities and quickly address any suspicious behavior.”

“The StrongDM solution is built to scale with growing organizations and supports the migration from legacy PAM solutions to a more reliable, seamless, and policy-driven solution.  Its detailed audit logs and reporting tools help meet compliance requirements, while robust API and SDK support allow for custom integrations and automation. Overall, StrongDM provides a comprehensive and adaptable solution for modern access management.”

Evolution Of StrongDM’s Technology

How has the company’s technology evolved since launching? Prendergast noted:

“When we first launched StrongDM in 2015, our primary focus was on simplifying access management. We saw a lot of complexity and friction in the way organizations managed access to their infrastructure, and we wanted to streamline that. Our initial solution was all about making access easier and more secure, consolidating access controls into a single platform.”

“As we evolved, we quickly realized that the real challenge wasn’t just about who gets access, but what happens after access is granted. We started to see the limitations of traditional PAM solutions, which were too focused on the perimeter and not enough on the actual actions users were taking. This led us to develop a more dynamic approach, incorporating Zero Trust principles that evaluate every action in real time. It was a significant shift from just managing access to actively managing and monitoring what users do once they’re in.”

“Over time, we integrated more advanced features like real-time session monitoring and detailed audit trails, which gave organizations deeper visibility into their environments. We also expanded our integrations to support a wide range of infrastructure components, whether in the cloud, on-premises or in hybrid setups. This adaptability became a key strength, allowing us to meet the diverse needs of different organizations.”

“Our technology has also become more user-friendly. We’ve added features like SSO and access request workflows, making it easier for users to get the permissions they need without compromising security. We’re continuously refining our approach to ensure that StrongDM remains a robust, scalable solution that grows with our customers’ needs.”

“Looking back, it’s clear that our evolution has been driven by a deeper understanding of the challenges our customers face. We’ve moved from simply managing access to providing a comprehensive solution that ensures security at every step, from initial access to every action a user takes. It’s been an exciting journey, and we’re committed to continuing this path of innovation and improvement.”

Significant Milestones

What have been some of the company’s most significant milestones? Prendergast cited:

1.) 2015 – Launch and Initial Product Development: StrongDM was founded with the goal of simplifying access management for infrastructure. Our initial product focused on consolidating access controls, making it easier and more secure for organizations to manage who could access their systems.

2.) 2017 – Expanding Integration Capabilities: We expanded our integration capabilities to support a wide range of infrastructure components, including cloud, on-premises, and hybrid environments. This flexibility allowed us to meet the diverse needs of our growing customer base.

3.) 2018 – Introduction of Real-Time Monitoring: Recognizing the limitations of traditional PAM solutions, we introduced real-time session monitoring and detailed audit trails. This shift allowed organizations to gain deeper visibility into their environments and better manage what users were doing after access was granted.

4.) 2019 – Incorporation of Zero Trust Principles: We integrated Zero Trust principles into our platform, evolving from simple access management to a more comprehensive security solution. This involved evaluating every user action in real-time and adapting security policies based on the context and sensitivity of each action.

5.) 2020 – User Experience Enhancements: To improve user experience, we added features like SSO and access request workflows. These enhancements made it easier for users to obtain necessary permissions without compromising security, streamlining operations for our customers.

6.) 2021 – Scalability and Performance Improvements: We focused on ensuring that StrongDM could scale with growing organizations. Our platform was optimized for high performance and reliability, capable of handling increasing numbers of users and resources without a hitch.

7.) 2022 – Continuous Innovation and Custom Integrations: We introduced robust API and SDK support, allowing for custom integrations and automation tailored to specific organizational needs. This flexibility empowered our customers to leverage StrongDM in ways that best fit their unique workflows and security requirements.

8.) 2023 – Recognition and Market Leadership: StrongDM gained significant recognition in the market. Our commitment to innovation and customer-centric development solidified our position as a trusted provider of advanced access management solutions.

9.) 2024 – Introduction of Zero Trust PAM Solution: We achieved a major milestone by introducing our Zero Trust PAM solution. This groundbreaking development set a new standard for enterprise security, providing organizations with a dynamic, real-time approach to managing and securing privileged access.

Customer Success Stories

Upon asking Prendergast about customer success stories, he highlighted:

“Here’s a great story about Axos Financial, a holding company for Axos Bank, Axos Clearing, and Axos Invest.

1.) Challenge: Amid rapid growth, the company was reviewing and attesting 200,000+ database permissions on an annual basis. The work was done by 200 managers and was time-consuming and operationally inefficient. They needed to redesign the database access management model to keep pace with company growth, and create a system of efficient access processes without compromising data security. 

2.) Solution: Axos implemented StrongDM to centralize and streamline their access management processes. The platform’s real-time monitoring and audit capabilities ensured that all user actions were recorded and could be reviewed for compliance purposes. Additionally, Axos implemented a Role-Based Access (RBAC) approach to streamline the provisioning process and reduce the number of access requests per database. Users now make a single request in the StrongDM platform and receive all the appropriate access for their roles.

3.) Outcome: From a security standpoint, Axos was able to eliminate direct database access. Users now must go through StrongDM (which serves as an additional security layer between users and databases), removing direct database access and providing visibility into access patterns. Because StrongDM captures audit logs at the gateway level outside the database, Axos has an audit trail detailing who accessed which database and what they queried without impacting the performance of the database. 

Total Addressable Market

What total addressable market (TAM) size is the company pursuing? Prendergast assessed:

“StrongDM is targeting the PAM market, which is experiencing significant global growth. In 2023, the global PAM market size was valued at approximately $3 billion. The market is projected to grow at a compound annual growth rate (CAGR) of around 22% from 2024 to 2032, reaching a value of about $17.7 billion by the end of this period.”

“This growth is driven by several factors, including the increasing number of cybercrimes, the rising demand to mitigate high-profile data breaches, and advancements in access management technologies. The surge in remote work and the associated cybersecurity risks have also heightened the need for robust PAM solutions. Additionally, regulatory requirements across various industries mandate stringent access control measures, further fueling the demand for PAM solutions.”

“StrongDM’s innovative approach to PAM, which includes real-time monitoring and Zero Trust principles, positions us as a leader within this expanding market. By addressing the complexities of modern enterprise infrastructures and providing dynamic security solutions, we’re poised to capture a significant share of this growing market.”

Differentiation From The Competition

What differentiates the company from its competition? Prendergast affirmed:

“I’ll be very clear on how I see StrongDM standing apart from the competition in this market. I’m continuously shocked by how poorly the PAM industry has treated customers to date.”

“We’re building something very different here at StrongDM. For example, we are guided by a bill of rights for admins and privileged users:

  1. You have the right to a product that covers your entire infrastructure, not just the things your PAM decided are enough.
  2. You have the right to a streamlined, simple deployment without the need for professional services.
  3. You have the right to not fear, but embrace your PAM partner because they actually care about solving your problems and not the balance in your bank account.
  4. You have the right to say “YES!” because anyone can use the technology to do their job without suffering.
  5. You have the right to get time back because automation, cloud-native concepts, and resiliency were design principles from day one.
  6. You have the right to full visibility of activities, and should have the option to connect it all to your monitoring tools so that you have the security awareness to react to events and make good decisions.
  7. You have the right to simply and easily produce access-related evidence for audits and investigations.
  8. You have the right, as a privileged user, to securely and easily connect to the infrastructure needed to do your job using your preferred tools or methods.
  9. You have the right to easily add new technologies to your stack, knowing that it will not take weeks or months of work to be added to your PAM tool.
  10. You have the right to be confident that all access tied to a specific user has been deprovisioned when they change teams or get a new role.
  11. You have the right to easily request access to the tools you need, and have those requests approved and provisioned, or declined, within a reasonable timeframe–not days or weeks.
  12. You have the right to an easily managed identity lifecycle across your infrastructure, supported by open standards such as SCIM, OIDC, and SAML, so you can meet compliance requirements.”
Exit mobile version