CA Privileged Access Manager Review

Automates the security of DevOps pipeline for the shared secrets across environments


What is most valuable?

For me, it is the robust API which is the most valuable feature. This allows for low maintenance costs and allows applications to automatically connect. This is great to automate security of the DevOps pipeline for shared secrets across environments. Also, being on Linux and a virtual appliance is great.

How has it helped my organization?

Before we had a vaulting solution that had a manual provisioning of the DB and privileged accounts. Now, we can automate this provisioning through APIs which are easy to understand and implement.

What needs improvement?

I wish it could create local accounts on desktops. But, what I really want to do with it is automatically manage DevOps pipelines through tools like Docker/Puppet/Chef. It would manage shared secrets to the segregated environments. I am hoping that the API is helpful for this.

For how long have I used the solution?

We have used it just for a PoC, but we are purchasing it soon. From going through the selection process, we felt CA PAM was the best option for our company.

How is customer service and technical support?

CA technical support has been very responsive the past couple years. It has come a long way.

Which solutions did we use previously?

I have used ERPM, but it was difficult to upgrade the product. The structure of the vaulting policies was not conducive to Ally’s organization. Plus, it ran on Windows, which in our world you want to always go with a Linux solution, when possible.

How was the initial setup?

In the PoC, it seems very easy to get started.

What's my experience with pricing, setup cost, and licensing?

Don’t go with an agent model. Don’t go with a model that has you buying a thousand different parts. Go with PAM that gives you everything, or you’ll just be paying costs of implementing another tool that PAM would have just given you up front. PAM can monitor exponentially more devices than it competitors. This covers a large audit item for us.

Which other solutions did I evaluate?

We looked at CyberArk, BeyondTrust, ERPM and ObserveIT.

What other advice do I have?

If you truly want to secure a DevOps world that is constantly changing the architecture and number of boxes, then you need CA PAM.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email