What is our primary use case?
Our company is regulated by the central bank in our country. There are about 4,000 employees in our organization.
Our main need was to reduce the operational cost of our department by increasing the window of operations to 24-hour rather than have office unemployment.
We are now digitizing the access control function through One Identity. Whoever forgets their password can reset it on their own rather than reaching out to the security desk. Whenever we have a new employee, we found that it was taking at least two days to get them a username or access to the system. Now, once they are logged into the organization and are registered on our ERP system, their complete access will be ready within five seconds. They will receive an SMS with their username and password so they can start working. This has increased efficiency and effectiveness of the access control function. It has reduced operational costs as well as providing services 24/7 with a platform that can be used anytime and anywhere for investigation in case we have a requirement.
We use the physical appliances, as they are more reliable. Around the world, dedicated appliances are more reliable than having a virtual version/copy. We went with the physical appliances because they are dedicated and closed like a black box. However, we haven't reported any misses with the virtual version.
What is most valuable?
We use the solution’s Approval Anywhere feature which enables us to add an extra layer of security for critical passwords without adding time-consuming approval processes. In the past, we were having problems when a user went on vacation. There were many recalled cases of password sharing. When we received this type of incidence and started to investigate, we found out the past setup had no solution. For example, if someone with a daily duty went on vacation, they still had to do it within the office. That is why sometimes people tried to justify the sharing of passwords by the importance of their duties. Now, by using this platform, if someone goes on a vacation, out of office, or needs urgent/planned leave, then our setup will select the functions tied to that person and automatically delegate them to the next person. That person can start performing that duty based on their access. No sharing of passwords is required.
What needs improvement?
The multilanguage functionality does not support the Arabic language, even though this solution is deployed in an Arabic region. However, it matches our criteria and requirements overall.
One Identity is using a third-party to create one-time passwords. Due to our security restrictions, we needed to build our own. When we discussed this with One Identity, "Why they don't provide a technology that can be hosted on our data center and be built by One Identity," they said they are using a third-party. This was their justification, so I think it's based on their strategy and there's no harm using a third party. However, we were having an issue using a third-party.
For how long have I used the solution?
I have using this solution for about six months. The project started about one year back. We started product introduction through phases. We went full-fledged with One Identity using Cloud Access Manager, Password Manager, and Privileged Access Management along with identity and access management.
What do I think about the stability of the solution?
We have been trying to stabilize the system until now. We haven't had the chance to revisit the deployment to find out if there are any expansion plans, as we are working to sustain the set up. We want to increase end user awareness and start building the number of reports.
What do I think about the scalability of the solution?
I didn't have a requirement to test the scalability of the solution. We did discuss the scalability with the system integrator at the beginning, and it's on the license level. I don't think we will have an issue once we come to the point of needing to scale.
We have 3,000 end users and 10 administrators.
How are customer service and technical support?
I haven't had a chance to work the One Identity technical team. We work with the local partner instead.
None of my team has gone for training yet. However, they did have a handover for operation of the solution. It doesn't need that much training as long as you know the basics of access control functions. End users only need to have a tutorial to the portal. This is what we provide: a tutorial for how to use it and the know-how.
Which solution did I use previously and why did I switch?
We previously were using a manual process. One Identity helped us to automate this process.
How was the initial setup?
We integrated One Identity with our ERP system (Oracle) and also with our security operations center (Splunk). The integration went perfectly. It was an easy connection. We built the connectivity directly through the API. What we found time consuming: the setup and connecting One Identity. E.g., Oracle takes more time than Splunk to connect because Splunk's system is ready to send the security logs to the security operations centers. With Oracle, the integration depends on the business needs and there are a number of different requirements based on those business needs. The enhancement One Identity made is the historical part related to system access control goes through our SOC to this tool.
What about the implementation team?
My team worked on the initial setup. I don't remember any critical escalations related to technicalities during their field deployments. The local system integrator helped us with any deployment challenges. There was zero disruption to privilege users during the deployment, which can be attributed to the work of the project management team. The deployment took about six months using two outsourced resources.
For the consultation services, we went with a well-known, famous system integration company (Exceed Gulf), who is local. They were cooperative, experienced, and professional. They have led many successful deployments in our region. Sometimes, they provide better advice when we are releasing an RFP to the market, e.g., when they got this RFP, they added value by doing a slight amendment to the deployment. This contributed a lot to the success of this project. Their advice comes based on their experience in the deployment for such a solution in our region. I strongly recommend working with Exceed Gulf and the same team that we worked with, as their technical skills were perfect.
What was our ROI?
We have not yet seen ROI. The benefit that we get from using One Identity is that it reduces operational costs.
What's my experience with pricing, setup cost, and licensing?
We have a yearly license. The cost depends on how much a company wants to invest in technology. In our organization, we believe in modern digitization and automation processes so we found it affordable. One Identity was not that much less than other solutions and it is not a cheap solution. There were number of cheaper solutions. However, it's the most effective, according to our evaluation.
Which other solutions did I evaluate?
When we started thinking about approaching such a solution, there was an increased need to digitize or have a platform that helped to provided access control functions. There were a number of solutions in the market, like Oracle and Microsoft. One Identity (per our evaluation) was our selected solution. One Identity won when we match these criteria against other solutions in the market:
- The system integrator
- Strength of the solution
- Complexity of the solution (less complex than other solutions).
What other advice do I have?
Make sure to always get the support. This solution could not be successfully implemented with no support of the HR and procurement system. You will need to mature all of your HR and procurement processes to do the deployment in a secure manner. This is a security solution, not an IT solution. If you want to deploy it as a security requirement, you need to ensure that the HR and procurement processes are correctly in place. You can use it as a technology solution, because not all the technology requires security, but all security requires technology.
We haven't activated the session recordings yet. We have tested it, and while it worked successfully, we didn't apply it fully because of internal technical issues.
All the logs in the system are recorded and sent to our security operations center (SOC) for analysis. In our SOC, we have end user behavior analysis, but do not depend directly on One Identity to provide this. However, I might ask to have a report for the user behavioral analysis going forward.
I can rate the solution as an eight (out of 10).
Which deployment model are you using for this solution?
Securely store, manage, record and analyze privileged access
Prevent security breaches and limit damage by putting in place a privileged access management solution. Get a free 45-day trial, or request a demo of One Identity SafeGuard.