What is our primary use case?
Before the COVID pandemic, we mainly used this solution to manage existing admins. After the pandemic, we have had a few cases where we moved to consumers and external users managed by the PAM. In addition, we've seen many customers moving access to use the PAM solution for their employees after the pandemic.
What is most valuable?
The most valuable features are session and password management on the physical and virtual appliances.
What needs improvement?
There is a new trend of not having any privileged users or accounts. So they look at metrics as a solution. They remove the privileged accounts completely, and anyone from the company that wants to run or execute a session can go through their solution without having two usernames.
For how long have I used the solution?
We have used this solution since 2013, and most customers implement the latest update. We help them migrate to the latest version, and the solution is about 90% deployed on-premises.
What do I think about the stability of the solution?
It is a mature solution, and we use many mature solutions. For example, Safeguard is a mature solution and is implemented by a large number of customers. The release cycle is good, and there is a release almost every three or four months.
One Identity Privileged Access Suite for Unix is reliable. Regarding PAM, you have just a few large players in the market like CyberArk, BeyondTrust and Safeguard. They are stable and well-implemented.
What do I think about the scalability of the solution?
It is scalable, there are no issues, and you just need to buy more licenses. It depends on whether the license is for the user, admin, or per system.
How are customer service and support?
I rate the technical support a six out of ten. The technical support of One Identity depends on the case. If it is product-related, it takes quite a while, and they have to go back to the product management team. But if it's related to general support, they're quite good. They're very straightforward and responsive.
How was the initial setup?
The setup process depends on the environment of the customer. It's not dependent on the solution. For customers with normal use cases and scenarios, it's a straightforward implementation, but for a customer with more than one environment, they may have BeyondTrust in one environment and Safeguard in another one. When they want to consolidate later, there may be complications. It depends on the devices and assets they would like to have under their PAM solution.
The standard time for implementation is four weeks. I rate the setup an eight out of ten. There needs to be a dedicated resource for maintenance.
What's my experience with pricing, setup cost, and licensing?
I rate the price a six out of ten. The price depends on the customer's perception. Some customers will see it as high, but the investment is justified. Regarding the cost of the solution, it costs about $15,000 to $18,000 to implement as a professional service. If the customer gets virtual appliances, they can reduce their costs, but if they go for physical appliances, the price is way higher.
What other advice do I have?
I rate this solution an eight out of ten. The solution is suitable for larger companies and will be suitable for government entities, large groups, or banks. It's an enterprise solution and not for small companies. It may be suitable for medium companies if they have any compliance issues. For example, if they work in a specific sector or have a certification like ISO 27001, they will need to invest in it.
Some products require installation while others do not. It is the approach each vendor takes in building the architecture of their product. Most encryption occurs on the hardware if the customer has appliances. BeyondTrust has a different approach, so we find Safeguard more flexible than BeyondTrust.
Regarding advice, each customer needs to build their use cases and determine future trends very carefully. They need to decide whether or not they want to scale up or if their business is changing. They can view reports and see specific metrics and frameworks. We show them if they need a light or deep solution. For example, if you have a PAM solution and later implement an IGA solution, it increases integration costs because you have to integrate both solutions.
It is also important to see which technology is suitable for them. For example, if a customer tells us that they have Identity Manager from One Identity for an IGA solution and are looking at PAM, I will advise them to go with Safeguard. That will save them $50,000 in integration because it's an out-of-the-box integration. Both products are from the same vendor and work seamlessly.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner