Padlock Security Image by Jan Alexander from PixabayProjectManager is a PPM and work management vendor that has hitherto quietly gained a massive community of 375,000 project managers and 40,000 users without the marketing budgets of and others.  With a name that could not be more synonymous with its solution, it has attracted a large following in the US and provides a wealth of thought leadership on its forums and website.

The company is now under new leadership, with ex Microsoft and Oracle executive Ryan Buma appointed CEO in August. The appointment followed investment from New Zealand investment firm Ninety Mile Ventures Limited.

It has now unveiled the latest version of its solution. This release is focused on delivering enterprise-grade security and governance that aims to extend its security model and become the best in class in the industry.

Stephanie Ray, VP of Product for ProjectManager
Stephanie Ray, VP of Product for ProjectManager

Stephanie Ray, VP of Product for ProjectManager, commented, “Hybrid teams — which consist of team members in different locations, using multiple work styles and skill sets — can’t collaborate effectively and produce their best work using rigid, outdated security models that assume everyone is in the same location using the same processes.

“Adding greater flexibility and control to ProjectManager’s enterprise-grade security allows the members of those teams to engage one another more efficiently and deliver even sensitive company projects more quickly, without sacrificing data privacy and protection.”

While the bulk of the August release was focused on enhancing security, there are some visibility improvements to dashboards and bug fixes to the API and Gantt charts. The September release introduced new ways to organise files and folders. In addition, there are new security permissions users can apply to those folders and files.

Enterprise-Grade Security

Unusually this feature is focused entirely on enhancing security and governance with very few other enhancements. What is does enable firms to manage better is ensuring that a mix of employees and contractors are securely accessing ProjectManager. There are not only enhancements to access controls but also visibility of usage within the solution. The updates below will be available in October.

Passwords strengthened

The first updated feature is included in all editions of ProjectManager: Starter, Team, Business and Enterprise. Administrators can now specify the password complexity required for users. Strong passwords are now available as an option. ProjectManager has defined a strong password as between 8-255 characters in length, at least one upper and one lower case character, a numeric and a special character. The password also cannot contain a character string of 5 characters that are also part of the user’s first name, last name, or email address.

The solution already enables:

  • Password expiration (30-360 days)
  • Restriction of previous password use (blocking the last 5-20 previous passwords)
  • Determining lockout rules (either 5 or 10 attempts)

Two-factor authentication and SSO added

Password controls are rarely enough to protect from access. No matter how strong passwords are, they are possible to compromise in a variety of ways. ProjectManager Enterprise Edition now supports two-factor authentication (2FA). The standard Projectmanager 2FA supports an additional six-digit code sent by email. The admin can set a standard expiry time for each code. In recognizing that 2FA can become cumbersome, it has also added support for SAML single sign-on. Initially, it supports Okta, Ping, Azure and Google. Other providers using SAML 2.0 are also compliant.

Improved governance

ProjectManager has also added three new governance features to its solution.

Audit Log

Available for Enterprise Users, this is not merely an administration tool that only administrators can leverage. The new Audit log tracks more than 20 activities across the solution. This includes security events and account changes. However, authorized users can also see changes to their account, project and tasks with this new feature. Stakeholders can leverage the audit trail to check usage and user adoption, ensuring that the licenses they have paid for are in use.

ProjectManager Audit Log
ProjectManager Audit Log

New Global Admin role

There is a new global admin role available that delivers Admins greater visibility. The role also has other capabilities.

Backup enhancements

A Global Admin can now export account data to a JSON file for backup. It ensures that it is possible to backup user account information, including user details, project details, tasks, and Timesheets. In the event of a restore needed, this saves considerable time.

Enterprise Times: What does this mean

Other vendors often obscure information about security features such as these. They are, however, becoming increasingly newsworthy especially with remote working increasingly important. This latest release gives ProjectManager clients greater visibility, flexibility and compliance across the application. It adds to the already comprehensive security and governance controls that the company has in place for its solution.

With security, an increasingly important board-level matter the change of focus is not just welcome it is required. ProjectManager has set out the standard. It will be interesting to see how others such as Wrike, Asana, Monday, Smartsheet and Planview respond.

One note of caution is that there is room for improvement in the ProjectManage security stance. For example, an increasing number of cloud vendors also support text notifications of codes, this is harder to compromise than email.


Please enter your comment!
Please enter your name here