RSA Identity Governance and Lifecycle Reviews

We are a solution provider and this is one of the products that we implement for our clients. I have helped to deploy this solution to two customers so far.

The primary use case is the addition of another layer of authentication for users to access the network.

The most valuable feature is the security, in particular, the One Time Password support.

Better integration with other solutions such as Oracle Database is needed. Currently, some SQL databases cannot be integrated with RSA.

Technical support in Pakistan can be improved.

I have been working with RSA Identity Governance and Lifecycle for between four and five months.

The stability is generally good. We have experienced bugs but RSA has provided patches for them.

We have had no problems with scalability.

The technical support is generally good, although in Pakistan it could use some improvement. Overall, I would say that product support is average.

I have worked with other solutions and I find that RSA is more mature than similar products by Fortinet and Cisco.

The initial setup is straightforward and it is definitely easy to deploy. That said, there are some complexities in the setup that are inherent to any security product.

The length of time for deployment depends on how many devices you are trying to integrate with. One of my deployments involved 2,500 users with 500 devices, and it took between 20 and 25 days to complete.

All of the features in this product are good and this is a product that I recommend.

I would rate this solution a seven out of ten.

Organizational role management: By defining the roles it made our job easier for new-hire provisioning by automatically granting/creating the tickets necessary for the job role.

• Roles
• Connectors for provisioning
• Re-accreditation or reviews

These help greatly to govern user access.

• User interface
• Workflow
• More connectors

Yes, it depends on your architecture design. If you use the appliance version then it won't handle a huge database volume.

Yes, there are scalability issues. This product does not scale very well. It is not a good product for load balancing / active–active architecture.

Simple and straightforward.

Pricing varies based on user count/number of modules you need.

Before RSA we evaluated SailPoint, CA Identity Governance.

This is a good product for a small-scale organization.

It's used for basic two-factor authentication.

It improved security.

The software tokens are a huge improvement over hardware tokens but it could be cheaper.

I've used it for over 10 years.

It's difficult to distribute to remote end-users, and two-factor authentication is difficult for some users to grasp. Our initial deployment was hampered by a flawed management approach and lack of knowledge.

No issues encountered.

No issues encountered.

Customer service was rarely used.

Technical support was rarely used.

There was no previous solution used.

It was straightforward.

It was implemented in-house which was a huge mistake on our part.

We've not calculated this as we were mainly concerned with security.

It was expensive initially, but day to day costs are minimal.

No other options were evaluated.

Get a vendor team or consultant to assist implementation.

It allows users to authenticate using two-factor authentication, which is becoming more and more of a regulatory requirement.

It has streamlined the process of authentication, which has resulted allows for less calls to our Service Desk/SOC for password resets.

It could be a little more flexible with the installation of the product. Only virtual Linux environements for hardware appliances are allowed for a deployment.

I have been using this version for over a year.

There was a minor issue with getting the replica to attach. We worked through the issue and it's now functioning.

Never - one thing I can say about RSA is that the boxes are stable and solid. With an attached replica, it also allows for peace of mind.

Our license allows for one primary instance and 15 replica's, so the answer is no. It's scalable and works very well at doing this.

I have never had an issue with RSA's customer service, they're an easy 4/5.

Very good. Everyone I have spoken to when a ticket needs opening, has been excellent at guiding me towards a resolution and does solid work with the knowledge transfer.

Yes - we have been using since version 6.1 and the switch was made due to RSA calling EOL on all versions previous to 8.1.

Very straightforward as the setup admin guide is spot on and one of the best I have ever used/encountered.

I am RSA Certified so I handle all implementations of RSA in-house.

The real ROI will happen when we implement the on-demand token code portion within the next year.

The cost initially, if using hardware appliances will run around $10,000. That's with a base license (primary/replica), and also includes the cost of about 50 tokens.

No other options were evaluated.

If possible, hire someone to manage the installation that has a solid concept of what they're doing. Be sure to have them meet with all the teams that will need to authenticate so that all the proper connections are made from the implementation of the product.

Random token generation.

Soft and hard tokens for two factor authentication has been introduced.

Application and appliance stability needs improvement.

I've used it for three years.

There were some scalability issues.

6/10.

6/10.

Synchronization with Active Directory to import all your users makes getting started with the product very easy. In conjunction with software based tokens and some end user training, you can be up and running with a fresh deployment in a matter of days.

Primarily deployed as an authentication mechanism for remote access VPN users, it allows a more secure method of connecting to the network. This is especially a must have when dealing with any regulatory compliance initiatives.

When the 7.x release of Authentication Manager came out, the administrative interface and user interface (for self-provision) relied on the same TCP port even though the URLs were slightly different. We did not want the same port which administrators used open to the public internally, we saw that as a security concern in the fundamental way this system operated. We were excited that the self-provision feature was now built into the box but disappointed at the implementation. We hadn’t planned on standing up a separate web server in the DMZ for the purpose of brokering the self-provision process since 99% of our users were onsite, meaning they could get their tokens prior to leaving the office. When I questioned RSA about this matter, their response was to utilize a Web Application Firewall to block access to the specific administrative URL. We thought this was a bit too involved especially now that we’d need to implement a WAF, so we changed the policy and discontinued the self-provisioning option for users. While consulting on the product, I don’t come across a lot of companies using this feature so it’s not a deal breaker for most, but it’s certainly a nice to have if you would like to offload some of the administrative overhead as the self-provision feature also allows users to reset their PIN and perform some maintenance tasks.

I started using this solution while working at IBM Internet Security Systems in 2007 managing client environments. Since then I’ve consulted on the product performing routine maintenance, upgrades, migrations, and administration. This has involved using RSA Authentication Manager 6.x/7.x, RSA SecurID hardware/software authenticators (tokens).

Deployment is very straightforward if this is a first time install. We did go through several migrations which required some database changes and specific requirements depending on the environment and usage. I highly recommend opening a case with RSA to inform them of your migration so they can assist with any planning and inform you of any potential issues that may arise during the migration.

We typically deployed hardware appliances which are purpose built, so I haven’t come across any stability issues yet. I could imagine that if you under spec a virtualized environment that you could run into some performance issues.

The product scales very well. With a limited license you can add an additional replica, or backup appliance, for redundancy. Depending on the licensing you purchase, you could add up to 15 replicas. We typically see anywhere from 1 to 8 replicas depending on customer requirements and their geographic locations.

I typically dealt with the regional account manager from RSA, so customer service was always exceptional. If we needed to call the regular customer support number for administrative tasks on the account, they were always helpful and resolved our cases within a few days.

I also highly recommend purchasing an upgraded technical support package. Our dealings with technical support have always been great due to the fact that we can bypass the typical tier 1 level and get straight to the teams who have the deeper level of expertise. In certain cases, such as dealing with complex migrations, I always dealt with the same person who was very well versed in the products and could tell exactly what was going on without having to “get back to me” or “check with their peers on this one”.

Included with the hardware appliances are straightforward setup instructions for racking, powering on, and initially setting them up. RSA also provides plenty of in-depth documentation, administrative guides, and knowledgebase articles right on their support website. If the information I needed wasn’t in the admin docs, I found 90% of the answers in the knowledgebase.

I’ve implemented the technology myself as a customer and vendor. As a customer, it was easy enough to follow the standard administrative documents to get up and running. As a consultant (vendor), having had the prior experience made it easy to provide product demonstrations and answer questions.

Typically RSA was the incumbent and most of the time the decision was made to just stay with their products due to the initial investment. I have looked into other products and the one which came closest was Vasco’s IDENTIKEY line. Vasco had a more intuitive workflow upon the initial setup and overall administration. There was a lot less digging around in admin docs and knowledgebase articles to find answers because the layout seemed a bit more straightforward.

Reach out to a Value Added Reseller (VAR) with plenty of experience who can match your requirements with the best solution. If RSA ends up being your selection, I would recommend subscribing to a premium support option because not only will you get a faster response from them, the quality of support is much greater.