- Consolidates access to all the systems
- Easy to deploy/virtual
- Records access for troubleshooting issues
One example of how it has improved the way my organization functions is that before, we had to deal with the firewall rules between domains to control access. With CA PAM, we simply set the rule once, which can be applied when we add new clients into our cloud environment.
They need to improve how it scales. We end up adding new “appliances” to scale for large or complex environments.
I run a multi-tenant cloud environment so I cover multiple domains and environments. So, as we grow our customer base by adding more systems, new customers or have different security zones for new applications/systems for customers, we end up having to add more appliances….we can only scale the virtual resources so much before we start hitting the performance thresholds on the appliance and the thresholds we have set with a customer.
By segregating and/or adding new appliances we even out the load and still maintain the performance we want with our customers. Obviously, I am talking about customers that have a higher access than some other companies.
I have used this solution for roughly a year.
At the beginning, we did have some stability issues, i.e., until we understood the product, and then the process was better.
There were scalability issues. The architecture forces us to add systems - similar to a Cisco model.
The technical support is above average.
I have used different systems in the past with other companies that I worked for, so I have been able to compare several of these. CA PAM is the least expensive option than most and is easy to deploy.
The initial setup/configuration was easy. It was more troublesome in finessing the rule sets/processes that needs to be used, which isn’t a product issue but an internal walkthrough of how we wanted the access to be controlled and in what manner.
Negotiate well but more importantly, design your architecture and understand what you will need as you scale (build building blocks).
We also evaluated One Identity, Centrify and Microsoft PIM.
Make sure you fully vet out what is needed for the complete process, and understand what you need up front for the initial set and what will be added at what trigger points.