ARCON Privileged Access Management Review

We have been able to automate previously manual access management processes


What is our primary use case?

We use it for privileged access management.

How has it helped my organization?

Our purpose initially was to have a few critical projects. Not to have password management of all projects. So we started on a smaller scope. Later on, we implemented it across the organization. So now, all technical solutions are being controlled by ARCON. And the main area of improvement here is, we have ease of access. People have password-less access and a need-to-know-basis access whenever they require, when the approvals are in place for access. Previously, all this things were handled manually in the environment. Those we have automated, we have eliminated dependency on any manual intervention.

Everything is in the system. When a person wants to have access, they put in the data, the requirement, the timing, the other technical parameters. The project managers in charge of the infrastructure, they approve it and the access is available to the person who requires it, all the time. 

Equally we are able to monitor it all. It gives us the capability of monitoring it online, rather than going to the persons' desk for the activities being done. We sit in our office and monitor what is happening in the target device, using ARCON. The recordings and other things are available, in case any forensics are required.

What is most valuable?

Mainly the password vault. So, we have all of our generic IDs, which are present in the infrastructure, we have it securely vaulted. When we want to have access, we use ARCON only to have the access of the target devices or systems.

What needs improvement?

We have the load balancer and we have certain cloud environments. So, if you take Microsoft hypervisor - which comes with its own interface, its own web layer, etc. - something like that also requires privileged IDs. As per our institution policy now, everything has to come through ARCON. We have demanded that these kind of advanced features also should be there.

They have improved a little bit in providing all the interface, but as of now it is not comprehensive, not at all the interfaces, but the major ones are covered. Whatever we have demanded, they have tried to provide the solution. In fact, with a little bit of time, because of new technology, integrations, and dependency on the OEM side - taking all these things into consideration - they have done a good job in integrating many of the technologies which we have demanded.

For example, vCenter that is a hypervisor for VMware. They have a vCenter environment. Now it can be easily integrated with ARCON. We have a plug-in for that. It was not there last year, now they have come up with it and it is working very well. So my cloud management user IDs are now using ARCON for managing the cloud.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

In the basic functionality of the solution, there have not been any challenges. The product is very well designed so that it actually adapts the scalability well. 

But we have seen changes over the last year in terms of security. I would rather not say it is a product deficiency or a deficiency the company. I've been reviewing other products as well, and when we see a product releases something it challenges the other market players. We are seeing that the security trends are becoming very stringent, now providing a high level of security. There has been a lot said and recommended about the access of the infrastructure.

We have our own infrastructure management team which actually looks into the vulnerabilities and the old architecture, protocols, etc. When we start eliminating tools, it's becaue they only support the old communication mechanisms. The migration from SSL to TLS. This is one example. Lately, TLS 1.2 has been recommended by the IT industry. This product was working last year in SSL only. We migrated to TLS 1.2. The adaptability to move quickly towards a new environment is lacking and they are deficient in having integration with other OEMs. I am not naming company names but I would say, for example, one load balancer should be integrated.

For about the last one year or so, everybody has their Web layer for their own product, for their appliances, for their load balancer. Those Web layers are developed by the particular OEM of the appliance. They all have their own logic for providing their access. This solution, doesn't immediately provide any way to integrate with that particular Web layer. So what we do is, whenever we have a new appliance and there is a Web layer above it, we report it to ARCON and they look, see whether it matches any existing solutions, or whether it requires new development.

That is something that is happening every time a Web layer comes out, which is proprietary to an OEM. We have to have them look at it. We cannot directly integrate with that. But that is the scenario with all the products in the market. They cannot integrate directly with any proprietary system. ARCON tries to provide a quick solution.

What do I think about the scalability of the solution?

Earlier they were having issues, only releasing upgrades quarterly. Now they have changed the frequency to monthly, for about the last six months. So that is some kind of improvement.

Updates are not a problem, our in-house team is capable of implementing them, even without support from the company. They provide documentation with the  technical dependencies and the steps.

How is customer service and technical support?

I would rate it eight out of 10, mainly when we ask about regular technical issues. We do a certain hardening of infrastructure. Whenever we start doing hardening, it affects the access management. So troubleshooting on technical aspects, on these kinds of things, which are a regular technical issue, they are good.

But when it comes to new implementations or new integration - because in the last six months we have given them 15 to 20 new integrations, new Web layers, new appliances to integrate and other things - those are new for them also. So they take their time for checking the feasibility, seeing how it works, and then releasing it. So, in these cases they are taking time. 

But otherwise, the support is good. For regular activities, their support doesn't have any challenges. People are available on the phone. There is a portal available for us to look for technical support, and they do update it regularly.

Which solutions did we use previously?

This is the first solution.

How was the initial setup?

They set it up for us and then we trained our people.

What's my experience with pricing, setup cost, and licensing?

I am not in a position to give any financials, but whatever we have paid, it is value for money.

Their licensing model is good. They have been flexible for us.

Which other solutions did I evaluate?

We have evaluated two solutions, for two projects - two of our projects required access management. Then we selected this and we extended this solution for multiple projects as well.

It was an open RFP for us in 2015. There were eight products in that quadrant. So we referred to all of them. For us it was an open tender. Then we technically evaluated, compared them, and then selected one product. It was open to the global market and we saw all the products which were present at the time. I think ARCON is one of the leaders now.

What other advice do I have?

Have your access management process is in line. If you have complex processes, or you have not defined it, it will be rather difficult to implement any such product.

I give ARCON a nine out of 10. The missing point is for not quickly adapting, as per the example I mentioned above, regarding integrations. I don't know whether it's a deficiency at their end, maybe that proactiveness is not there. Or maybe there are too many changes happening in the market, they might not be able to cope with all the changes that are happening.

Lately, in the last year or so, all technical products in the IT world have come up with their own access management portfolio. These kinds of products require integration with this portfolio. I have received 15 to 20 items which require integration, 75% were already available and 25% had to be built. So that minus one is because of that 25% they could have integrated even before I asked them. They could have done a workflow just by surveying market.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email