What is our primary use case?
I see it performing really well. It has a really good scalability attribute, where you can continuously keep dumping on new users and giving them only the access they need on the projects that they would view. It is very controlling and I really like that.
What is most valuable?
Whoever built it from the ground up, they understand how an organization is laid out. You can tell. When a user comes in, it automatically picks up their information. It is very easy to use. The interface is very friendly, colorful, and bold. I really like that. It is friendly to the users.
What needs improvement?
What PAM does is when a user signs in, or when a user gets prompted to an organization, they are classified based on what teams, job titles, and roles that they have.
One feature I would like to see is instead of just giving passwords to the user based on job function, from auditing perspective, turn that cycle around. Let us have a reporting feature that will say, "Can you please show me all the users who have access to the DB admin account essay." That would really help from an auditing standpoint.
There is already a feature for that. It is not too great to use. Instead of being Splunk, maybe have a feature built into the application.
How is customer service and technical support?
There have been no issues with CA technical support.
Which other solutions did I evaluate?
After doing a little bit of research in the PAM market, there are not too many PAM players out there. Obviously, there is CyberArk but the other big player is CA PAM. I took a look at CA PAM. CA's rep gave me every reason to pick CA PAM over CyberArk.
CyberArk is harder to set up. You need a stand up infrastructure to back up CyberArk. PAM, on the other hand, is much more simple to use, and you do not need as many Windows servers to back it up as far as I know.
- According to the users who have actually used CyberArk and CA PAM, they have said that CA PAM is ten times easier to use and manage.
- Also, according to the users, CyberArk is only in the Windows area. They only control passwords in the Windows area. I am not sure how true that is, but that is a huge thing.
What other advice do I have?
If your company has Windows, Unix, and Linux, and has accounts all over the place and you need to management it, look into CA now.
I feel like I have to learn more about CA PAM, because there are a lot of questions I still have for the product and I do not know them yet.
Most important criteria when selecting a vendor: technical support. Always having someone there who knows a lot about the product, but at the same time, they will be straight up with you about the difficulties. I really do like when people tell me, this is not working, and tell you straight off the bat. I really like that straightforwardness.