What is our primary use case?
We are using the virtual appliance. We are a cloud company working widely with virtualization. We provide virtual machine to our customers. When we deploy a new solution, we try to use our system to show our customers that it works for them. That is why we are using a virtual appliance which validates the usage.
For now, we are using it for traceability of access inside the platform because we are a certified company: ISO 27001, SecNumCloud, HDS... We use this solution to monitor the session of our administrator and also to capitalize on incidents. When you have an incident in the night and our Level 3 people are working on it, they don't have the time to document all they do on the platform. The main goal is to have the service up as fast as possible. We are now recording the session, and the morning after the incident, we can see the session and understand what has been done to resolve the incident.
We are using the latest version of Safeguard.
How has it helped my organization?
When we are asked to do an investigation for a server, we have all the information that we need. We never have any problems as all the information is available to us.
What is most valuable?
The transparent proxy is the most valuable feature. When you are connecting to a server inside the platform, the user doesn't need to change their habit. They just have to make small configurations to their workstation, then it is transparent for them. Our users like the solution because it's transparent. Users doesn't need to have interaction with 3DS OUTSCALE IT or security team to work as usual. It's interesting for the users because they don't have to think, "I have to note all that I've done during the incident to remember it".
We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless.
The "transparent mode" allows for better visibility. With its monitoring, we can do investigations which are good for us and improve our system.
What needs improvement?
The interface is better now, but it still could be improved a lot. It needs more organization, menus, automatic refresh of information, and Web 2.0.
An official HashiCorp Vault connector would be very helpful inside the platform.
SSH implementation is not 100% compatible with standard SSH (openssh). For example : JumpHost.
As a result, some options require manual tunning, and complicated user-side configs, where it could be much simpler
For how long have I used the solution?
We have been using it for a long time: six years.
What do I think about the stability of the solution?
It is very stable. We have never had incidents with it. When we lost a connection with our Active Directory, the system continued to work. When we lost the storage on the virtual appliance, we restarted it, then it was fine. Thus, the product is very stable.
One or two people are needed for deployment and maintenance. For the deployment, it's done by the security team for now. However, in the near future, it will be managed by the operations team.
We upgrade about every two months the latest version.
What do I think about the scalability of the solution?
We don't use the scalability. When we need a new appliance, we deploy it inside another network. We don't need scalability for now, but if we grow quickly, we will need to think about it.
We have about 50 users inside the company, including the security team, operations team, infrastructure team, and Level 1 support.
We are using 75 percent of the parallel session unless there is an incident, then we can use all the slots.
How are customer service and technical support?
I used the technical support once. It was good. I had the answer to my question quickly. I have direct access to the pre-sales team and my account manager. So, I called in and my problem was solved.
Which solution did I use previously and why did I switch?
Yes but we had to quit it because they didn't have what we needed and it was very expensive.
How was the initial setup?
In the beginning six years ago, we started with a small instance. We used it very simply and learned how to manage it.
With the newest version that we massively deployed, we had one week to know how to install it and how it works. Now, we know how it works very well.
Install is fairly simple, with basic options.
Configuration requires a little explanation on the way it works but is straightforward too.
What about the implementation team?
We deployed it ourselves.
What was our ROI?
We have seen ROI in terms of time. It's easier for us to investigate incidents, which is helpful. It has improved our performance with investigations. It used to take a month to write an incident. Now, it takes us a week, cutting the time down by a fourth.
What's my experience with pricing, setup cost, and licensing?
Our licensing costs are on a yearly basis.
Which other solutions did I evaluate?
We evaluated CyberArk, which was pretty good, but it is very expensive. CyberArk's interface was better. Also, CyberArk's login was not so transparent. We chose One Identity because it has a transparent login in interruption in the network.
What other advice do I have?
When you use Safeguard in production, it provides traceability and protection around your platform.
I would rate the solution as a seven (out of 10) because of the interface.
I have seen the future of analytics, and it's very interesting. I hope to have the time to try and learn something about that.
Securely store, manage, record and analyze privileged access
Prevent security breaches and limit damage by putting in place a privileged access management solution. Get a free 45-day trial, or request a demo of One Identity SafeGuard.