What do you like best?
Initially the ease of deploying the appliances. It has gotten more difficult due to our growing knowledge and desire for greater HA and redundancy. Rotating a password either manually or via scheduled job works as expected.
What do you dislike?
It doesn't integrate with all of our products and there is no agent for the Mainframe to allow for A2A to initiate from the mainframe to the mainframe or other distributed systems.
Recommendations to others considering the product:
Make sure you have buy in from the top. No solution for this is cheap and you must have CEO, CISO approval for such a product. They can help sell it to the other groups in the organization. If you don't have buy in, people will find back doors or reasons they can't use the solution. Remind them that this could (if implemented properly) eliminate audit findings!
What problems are you solving with the product? What benefits have you realized?
Our company had home-grown solutions for managing root on linux and admin on windows servers. They worked but were not designed with the strictest security in mind. Home grown solutions become a problem over time. The people that created them move on and people lose documentation on how to support it. It also can be difficult to upgrade as OS changes come about. We needed a more robust product that could be supported exclusively by the security team. We needed a better option for protecting privileged application IDs especially in our LINUX systems. We needed a product that could stand up to a SOX, PCI and/or HIPAA audit.
