If you were talking to someone whose organization is considering BeyondTrust Password Safe, what would you say?
How would you rate it and why? Any other tips or advice?
You need to be very clear about how to implement vaulting or the session recording mechanism. If you don't go with an external partner to help you with that, it can very difficult to have a solid implementation of such solutions, whether it is CyberArk, Thycotic, BeyondTrust, or any other solution. Just because you installed these solutions doesn't mean that they would resolve 100% of your work. You need to have some processes for such applications, and you need to do some homework first. With the help of an external consulting company that knows how to implement such solutions, you can progress very fast. I would rate BeyondTrust Password Safe an eight out of ten.
BeyondTrust Password Safe is very robust and very powerful, very scalable, and very nimble. My advice is to first make sure all their use cases match your need. Then I recommend to engage with their salespeople, get a good sales presentation and understanding of the cost, and then to get a technical presentation followed by a demo. We have a client whose main use case is Rapid7 SIM with API integration. So far I have found that CyberArk is the only one that can do that. But CyberArk is too expensive for this client. You have to sit down with a client, find out what their use cases, business requirements, and technical requirements are because sometimes they may want you to integrate with ServiceNow, and it's not easy to do that. With CyberArk, Beyondtrust, Thycotic and Centrify it is. Actually BeyondTrust is really a leader. I call them the best kept secret. It's a great product. I like it because the administrative overhead is so much lower. Remember how I said that CyberArk requires a very high administration overhead but because of the dynamic rules and smart rules you basically create a boolean if and then, and you can segregate. If your system or your name ends with dash ADM you're an administrator and you can access these assets and these accounts dynamically. Just by joining the company, getting a username with a dash ADM on the end, which I don't recommend by the way. I recommend having something nondescript because a user account with a _ADM, just screams, "I'm an administrator come and get me." Come up with something else, like an A-3-D. Come up with a different naming convention that would make it discreet. On a scale of one to ten, I would rate it high. I would rate BeyondTrust Password Safe a 10 because the fruits of your labor during the implementation phase pay off for an extended period of time. Rather than the ongoing pretty stiff administration requirements of some tools.
It is a steep learning curve, but once automated, it makes your life a lot easier.
What do you like most about BeyondTrust Password Safe?
Thanks for sharing your thoughts with the community!