One Identity Safeguard Review

We are able to demonstrate what has happened on systems and who did what, but we want to be able to generate CSRs from the interface for certificates


What is our primary use case?

We primarily use One Identity Safeguard for Privileged Sessions (SPS) for managing our customers' access to their critical systems.

How has it helped my organization?

We are able to demonstrate what has happened on the systems and who did what, when we have to investigate, in regards to audits using evidence.

What is most valuable?

  • Acting as a proxy
  • Session encryption
  • Flexibility of usage

The transparent mode for privileged sessions is one of the best thing for customers, because they don't see the system in-between. Thus, it is transparent for them.

The system is easy to manage, as it is not a system that you will change everything all of a sudden. It evolves most of the time with customer requests.

What needs improvement?

  • We have not yet found the solution to be extensible through cloud-delivered services.
  • Our external indexers are able to integrate with a hardware security module (HSM), which is good. What we have now requested is the integration of HSM with the SPS solution to be able to not have to manage certificates and the private key outside of any tamperproof system.
  • We would like to be able to generate certificate signing requests (CSRs) from the interface for certificates. 
  • We would like to be able to manage the lifecycle of the archived audit traits. If they are on the box, the cleanup and archiving policies are applied, as soon as they are archived on the external share, this does not apply. We need our customers to not have to manually delete these archives.
  • From a web interface perspective, we would like to be able to duplicate connections, so we can reorder them.

What do I think about the stability of the solution?

We have not had a major issues regarding stability once we migrated our users onto the virtual solution. However, for some users, the physical appliance has been a bit buggy.

What do I think about the scalability of the solution?

As of now, we use mainly virtual and have not tested the scalability and high availability, because it is a new thing.

How are customer service and technical support?

The technical support is good. There has been great improvement to all the knowledge base articles available. Therefore, we are able to find a lot of solutions already when we create support requests.

It takes us a long time to make the people from product management and development to understand our needs, e.g., integrating this product with HSM.

If you previously used a different solution, which one did you use and why did you switch?

Because we are a service provider, we have to demonstrate that our systems are really tamperproof. We had that experience previously, and now again, with One Identity SPS, as the product fits our needs.

How was the initial setup?

The initial setup is quite simple, not complex. The installation documentation is good, so the installation is okay. You just need to read the documentation, understand how it works, and how it has to be integrated. Once you do your homework, it's quite easy.

What about the implementation team?

We are the integrator for the deployment.

To install and deploy the solution for the customers, we count one day for a workshop with all the people involved: network, business users, IT, support, etc. Then, for the implementation, it can take another one to five days.

What was our ROI?

It is the life of our customers because it brings a lot of security. So, the return on investment is really on all aspects of compliance, security, and audit.

Which other solutions did I evaluate?

We implement this solution upon customer request.

What other advice do I have?

Test it and its competitors. You will probably choose SPS.

Both the search functionality and speed have been greatly improved.

We are not using privileged passwords.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest

Sign Up with Email