What is most valuable?
The CA PAM’s ability to seamlessly integrate and provide a demarcation between users and systems is the most attractive aspect. It:
- Enables all control to start with Xsuite’s Deny All, Permit by Exception (DAPE) approach to limit privilege access controls.
- Enables all privileged users to see only those systems and access methods to which they’re expressly allowed access. Privileged users include Vendor Integration and Partners.
- Enables and verifies all system policies, providing an additional level of control by selectively filtering commands issued.
- Enables unauthorized commands to be blocked, with optional user warnings and policy violation alerts to security teams and logs.
- Enables sessions of users attempting to violate policies to be terminated, or accounts deactivated; enterprise policy control.
- Enables “leapfrogging” prevention, which allows one system to be used as a launch point for additional attacks / lateral movement.
- Enables full stack and system integration.
- Enables service integration with all systems using APIs or application to application.
These features greatly assist us and our clients in protecting their data privacy.
How has it helped my organization?
In retrospect, we and our clients have seen a reduction in service-related issues for application server and mainframe environments, a reduction in the provisioning lifecycle and requirements for systems such as mainframes, and a substantial increase in security flow and protection.
What needs improvement?
I believe continued expansion of integration to multiple systems including SSO and SAML technologies will provide a more-expansive, enterprise view of access orchestration, which will in turn strengthen the security of the environment.
For how long have I used the solution?
I have been involved with this product for three years, both using and implementing for client architectures.
What do I think about the stability of the solution?
I have not encountered any issues with stability.
What do I think about the scalability of the solution?
I have not encountered any issues with scalability; this is a true enterprise expandable product for mid-market and beyond.
How are customer service and technical support?
In my experience with the CA PAM, their support apparatus has improved immensely over the past 12 months and continues to improve based on client feedback. Indications from my clients are that CA Technologies actually listens to their concerns and takes action.
Which solution did I use previously and why did I switch?
Being in the technology sector for many years, we did not initially use products such as the CA PAM. We relied on common architecture, such as Microsoft and Oracle. As the need for more segregation of duties became prevalent, we looked to enhance our security with privileged access management. The feedback from most clients surrounding PAM is it provides a segregated extension of access control framework to enable better protection of customer privacy/data.
How was the initial setup?
The initial setup is not complex. The design and integration can become complex without the proper solution architecture and understanding the impacts changes in technology place on a companies operational process and employee behavioral management. These topics became more complex to manage and establish than the product itself.
What's my experience with pricing, setup cost, and licensing?
Product pricing and licensing is related to short-term or long-term business planning. In many cases, this solution should be looked at as a long-term solution. Therefore, considering the long-term savings in perpetual vs annual licensing is paramount to a progressive architecture. Therefore, I believe it is in the interest of the business to make these decisions prior to OEM engagement; they need to be vetted and defined as a value to the company at large.
Which other solutions did I evaluate?
No other options were evaluated because this PAM has made substantial gains in system integration, which outweigh industry choices.
What other advice do I have?
I am a proponent of the product in many ways but most importantly, I believe a solid, well-thought-out strategy and solid architectural plan for the future needs to be the priority, not buying a product to fit the unknown.