One Identity Safeguard Reviews

I work for a bank, and we use Safeguard to manage access to our Internet banking services. We use Safeguard for two things: identity and access management and detection recording. We have our services onboarded on SysTrack doing RDP directly to the servers or station, and we use virtual appliances for collection. The solution covers around 150 users at this organization. 

I like Safeguard's snapshot feature that enables us to review the last time an application was opened and by whom. If there are any issues, we can look behind the scenes to see what has been done. We can suspend a user's access or close off a server. 

We've had issues managing accounts and access to some data saved on the servers. Accounts are granted a new working certificate daily. We have an account to do it on APIs online and sync it with that. If the path changes at some point or someone changes the password, I don't know if it's from the Active Directory or what. 

I have used Safeguard for one year.

Safeguard is stable. 

It's scalable, depending on the solution case. I don't know if it's domain-based because it was not restricted. We're gradually moving to the Azure cloud.

One Identity support is okay. 

Deploying Safeguard was straightforward.

I rate One Identity Safeguard eight out of 10.

We use this solution to control the access of privileged users, such as application administrators, to the internal network. This solution allows us to record and log user sessions.

We use virtual appliances on the VMware platform. The virtualization of such services allows us to flexibly scale our hardware configuration and gives significantly more opportunities for building a stable structure. 

This solution allowed us to provide remote access to the company's internal infrastructure in the context of the COVID-19 pandemic. It made this access more transparent and controlled for information security departments.

We easily integrated this product with our SIEM system for collecting events. Thanks to this integration, we were able to build convenient, regular reports on privileged user connections. Therefore, our information security units can better see who is connecting to the remote infrastructure.

The most valuable feature is the logging sessions with their visualization, which is video recording. This functionality allows us to restore the actions of a user in the event of any incidents.

The solution transparently integrates into the infrastructure and users do not notice it. I would give this feature the highest rating.

While the "transparent mode" feature did not affect the monitoring in any way, it led to an increase in the convenience of connecting users.

This solution visualizes RDP sessions and logs SSH sessions.

I would like to see support for RDP over HTTPS so this product can be used in conjunction with the Microsoft terminal.

I would like to visualize SSH sessions.

I would like built-in traffic balancing mechanisms with the built-in load balancing mechanism when using several instances.

About four years.

Over four years of use, we have not encountered a single system crash or failure. The product is stable.

When increasing the number of users, we can rather easily add to virtual appliances processors and memory, or disks for storing records, which is more difficult to do on a hardware (physical) appliance.

We have two administrators involved in the deployment, configuration, and maintenance of this solution. During the peak of the pandemic, we had up to 3,000 users connected through the solution and able to work from home.

We have used One Identity’s tech support. I would rate it as excellent. They answer all the questions asked of them quickly and efficiently.

We did not previously use a different solution.

The virtual appliance is deployed from the delivered image without any problems. The setup takes about 15 to 20 minutes, including initial setup and configuration. It also is available to any admin user with Unix competencies.

We use the “transparent mode” function to connect administrative users via SSH to the Unix servers. We did not encounter any problems when setting up this feature, as everything was easy. The solution is well-documented and quite understandable when setting up.

It took about one or two working days to administer the solution, read the documentation and settings, and test various configuration options. It was not very difficult. For our users, there were no special nuances since the connection is transparent. They do not understand nor see that they are connecting through the One Identity Safeguard space.

Our implementation strategy was to use this solution to control remote sessions of privileged users, first with our IT support staff. Now, we use the product for this purpose. In general, the strategy was a success.

There has been a lack of losses, since controlling the actions of privileged users is primarily to minimize risks and create an absence of losses.

Licensing and pricing are quite straightforward. The number of recording channel licenses depends on the needs of the customer. I would suggest estimating the number of concurrent sessions per unit of time and proceed from there when purchasing a license.

We evaluated Safeguard and another product. We ultimately chose Safeguard.

Safeguard is an external (in relation to controlled systems) solution which allows you to record sessions. Its competitor was an agent solution that was put on target servers. With the competitor's solution, there was a risk of disconnecting of a privileged user's recording.

Clearly assess your needs and formulate the necessary requirements, then proceed from there with the selection of an appropriate solution. In our case, One Identity Safeguard became this solution. However, this solution is not a panacea for all ills. It is possibly you’ll find that a different solution is more suitable.

I would rate the solution as a nine (out of 10). In order to rate it as a 10, it should have what I would like to see in its coming new releases.

Foreign Language: (Russian)

Как и для чего вы используете этот продукт?

Мы используем это решение для контроля доступа привилегированных пользователей, таких как администраторы приложений, к внутренней сети. Это решение позволяет нам записывать и регистрировать пользовательские сессии.

Мы используем виртуальные устройства на платформе VMware. Виртуализация таких сервисов позволяет нам гибко масштабировать конфигурацию нашего оборудования и предоставляет значительно больше возможностей для построения стабильной структуры.

Как это помогло моей организации?

Это решение позволило нам обеспечить удаленный доступ к внутренней инфраструктуре компании в контексте пандемии COVID-19. Это сделало этот доступ более прозрачным и контролируемым для отделов информационной безопасности.

Мы легко интегрировали этот продукт с нашей системой SIEM для сбора событий. Благодаря этой интеграции мы смогли создавать подходящие регулярные отчеты о привилегированных пользовательских соединениях. Поэтому наши подразделения информационной безопасности могут лучше видеть, кто подключается к удаленной инфраструктуре.

Какие функции вы нашли наиболее ценными?

Наиболее ценной функцией является регистрация сеансов с их визуализацией, то есть запись видео. Эта функциональность позволяет нам восстанавливать действия пользователя в случае каких-либо инцидентов.

Решение прозрачно интегрируется в инфраструктуру, и пользователи этого не замечают. Я бы дал этой функции самый высокий рейтинг.

Хотя функция «прозрачного режима» никак не повлияла на мониторинг, она привела к увеличению удобства подключения пользователей.

Это решение визуализирует сеансы RDP и регистрирует сеансы SSH.

Что нуждается в улучшении?

Я хотел бы видеть поддержку RDP через HTTPS, чтобы этот продукт можно было использовать вместе с терминалом Microsoft.

Я хотел бы визуализировать сессии SSH.

Я хотел бы использовать встроенные механизмы балансировки трафика со встроенным механизмом балансировки нагрузки при использовании нескольких экземпляров.

Как долго я использую этот продукт/решение?

Около четырех лет.

Что я думаю о стабильности этого продукта/решения?

За четыре года использования мы не встретили ни одного сбоя или сбоя системы. Продукт стабилен.

Что я думаю о масштабируемости решения?

Увеличивая количество пользователей, мы можем довольно легко добавить к виртуальным устройствам процессоры и память или диски для хранения записей, что труднее сделать на аппаратном (физическом) устройстве.

У нас есть два администратора, участвующих в развертывании, настройке и обслуживании этого решения. В разгар пандемии у нас было до 3000 пользователей, подключенных через решение и способных работать из дома.

Как бы вы оценили техническую поддержку этого продукта/решения?

Мы использовали техническую поддержку One Identity. Я бы оценил это как превосходное. Они отвечают на все заданные вопросы быстро и качественно.

Какое решение я использовал ранее и почему я переключился?

Ранее мы не использовали другое решение.

Как прошла начальная настройка?

Виртуальное устройство развертывается из доставленного образа без каких-либо проблем. Настройка занимает от 15 до 20 минут, включая первоначальную установку и настройку. Он также доступен для любого администратора с компетенцией Unix.

Мы используем функцию «прозрачного режима» для подключения административных пользователей через SSH к серверам Unix. При настройке этой функции проблем не возникало, так как все было просто. Решение хорошо документировано и вполне понятно при настройке.

Потребовалось около одного или двух рабочих дней для администрирования решения, ознакомления с документацией и настройками, а также для тестирования различных вариантов конфигурации. Это было не очень сложно. Для наших пользователей особых нюансов не было, так как подключение прозрачно. Они не понимают и не видят, что они соединяются через пространство One Identity Safeguard.

Наша стратегия внедрения заключалась в том, чтобы использовать это решение для управления удаленными сеансами привилегированных пользователей, в первую очередь с нашей службой поддержки Информационных Технологий. Теперь мы используем продукт для этой цели. В целом стратегия имела успех.

Какой была была ваша прибыль на инвестиции в One Identity Safeguard?

Мы не испытали никаких потерь, поскольку контроль действий привилегированных пользователей в первую очередь сводит к минимуму риска и создает отсутствие потерь.

Какой у меня опыт работы с ценами, стоимостью установки и лицензированием?

Лицензирование и ценообразование довольно просты. Количество каналов регистрации лицензий зависит от потребностей заказчика. Я бы посоветовал оценить количество одновременных сеансов за единицу времени и перейти оттуда к покупке лицензии.

Прежде чем выбрать этот продукт, вы оценивали другие варианты?

Мы оценили Safeguard и другой продукт. В конечном итоге мы выбрали Safeguard.

Safeguard - это внешнее (по отношению к управляемым системам) решение, которое позволяет вам записывать сессии. Его конкурентом было агентское решение, которое было размещено на целевых серверах. С решением конкурента был риск отключения записи привилегированного пользователя.

Какой еще у меня совет?

Четко оцените свои потребности и сформулируйте необходимые требования, а затем приступайте к выбору подходящего решения. В нашем случае One Identity Safeguard стал таким решением. Однако это решение не является панацеей от всех болезней. Возможно, вы обнаружите, что другое решение более подходит.

Я бы оценил решение как девять (из 10). Чтобы оценить его как 10, у него должно быть то, что я хотел бы видеть в его будущих новых выпусках.

We use Safeguard for managing privileged passwords only, using physical appliances.

So far, I haven't seen any type of improvement from using this solution when compared with other products in the identity and access management space. It has been neutral.

I like the discovery functionality and the change password feature through the check-in. I also like the bulk import with the help of templates that come with it out of the box. With the help of these few features, my tasks are made easier.

We also use the Secure Remote Access feature for privileged users. Access is based on group membership and with that membership they connect to the remote machine. It's an easy process to manage. 

The main thing that needs improvement is the slowness. Apart from that, the change password check-in feature also needs improvement because it is not working perfectly accurately.

I have been using One Identity Safeguard for the last two and a half years. I work as an implementer and provide support operations to our clients.

It's not a stable solution, but it's not bad. It's neutral in terms of stability.

It's not scalable.

We are not using their Premier Support, but I am okay with the vendor's regular support. But if the product is running on an unsupported version, that is a very negative point. They should support unsupported versions as well so that their customers are not stuck somewhere in between.

Neutral

As an organization, we are using other PAM solutions for other projects, but I'm not sure which other solutions are in use.

The initial setup for Safeguard is straightforward. Because it was deployed a long time ago in our organization, before my tenure, my expertise is based on adding to clusters. If we are going to add clients within a cluster, it depends on the speed, meaning how the network connectivity is between the cluster and the target device.

In terms of the effect of deployment on users, they are provisioned, with the help of group membership, into Safeguard. Once they are assigned to a particular group, they can follow the previous sites. Based on the previous site, they can log in and check out the password of their privileged account.

As for the amount of training needed, it depends on the solution. If the solution is only for privileged passwords, about three weeks' training is required to understand the solution. And if the server for privileges is also integrated with the solution, it will take a month or as much as 45 days.

We have an implementation team and an operations team. Between them, there are a total of five or six people required for this solution to deploy and maintain it.

I'm not aware of the product cost, but if it's going to cost more, first they have to maintain and stabilize the product.

My impression of the form factor of the Safeguard physical appliance is not good and not bad. It's neutral. Similarly, feedback about the usability and functionality is neutral.

My advice, if you have the budget, is to buy other products, like CyberArk Privileged Access Manager or BeyondTrust Endpoint Privilege Management. If you don't have that kind of budget you can use this product.

We primarily use the solution to manage passwords and use for the RDP access. 

Our infrastructure is three SPPs and two SPSs. This is across 1,000 users and approximately 500 targets. 

Safeguard can define and update processes and procedures into the security framework of a company, including mobile. It allows us to change the policies and configurations on a mass scale in regards to security.

The most interesting thing about this product is it is very easy to implement and configure as well as its usability. Also, for the final user, the work experience doesn't change when using the SPS for the Linux administrator, which is fantastic. You change only a little bit of the connection. Everything else is really easy.

I just received a question from a customer in regards to a connection with Oracle OID. I tried to integrate Safeguard with the Oracle YAML as well as something else to manage the groups and users from a different system, like AD or LDAP. This one feature could be better. At this moment, the platform system can only use the integration with LDAP or AD. The software for research and development to create a connector to a YAML platform can be very complicated.

I started using it two years ago.

It is a very stable system. There are no problems when using the platform.

The scalability is fantastic. It is very easy to connect and use the solution, if you need it.

There are two different supports: one for SPS and another for SPP. The technical preparation of the support is very high. They have very quickly given me the solution for a couple of issues that I have seen.

We switched from CyberArk to Safeguard. In order to manage CyberArk, it is a very big effort. The platform is very complex. The management system of Safeguard is very easy. Also, the configuration for the targeted user is easier in Safeguard rather than CyberArk. Lastly, the cost of CyberArk's licensing is very expensive.

We try to understand what the customer needs in order to fit the solution for what they want, then we plan all the activities based on that.

We can deploy the system in a couple of days, then the system is up and running. The next step is importing the whole system. The time frame of this depends on many targets the customer has, but it doesn't take too long.

I work at a system integrator, designing and implementing the solution for our customers. I think our customers see a return of the investment using this solution.

Safeguard is cheaper than CyberArk.

It is a good solution. There is no limit to its usage in a company, e.g., IT or financial.

Check the basic rules in the documentation because the solution is easy to use.

I would rate the solution as 10 out of 10.

The primary use case for our One Identity Safeguard solution is to optimize security across private accounts, accounts which can be secured upstream and downstream. The solution enables us to implement encryption protocols across channels. It is designed so that depending on the cryptographic case, different policies can be applied in correlation. 

I don't think it's improved our organization internally. I've had to suspend workflows and focus my time and attention on creating technical, instructional, documentation regarding user procedures and practices.

The majority of the features offered with this solution are the same as with other similar systems. The most unique and valuable features are the upstream and downstream throughput capacities; the Safeguard platform provides agile integration.

In actuality, all the features are valuable. They're good and user-friendly.

The technical support for this solution needs to be immediate, intuitive, and responsive especially as it refers to supporting ticket submissions and processing.

Furthermore, we've had trouble understanding how certain policy framework applies. I would like to see clearly laid out policies or better support and explanations around policy dynamics.

The stability and downtime of the solution could also be upgraded to include a messaging function which would give users a clear understanding of what's happening without having to navigate to a particular section of the page.

Lastly, I would also like to see the price reduced.

It's very stable. There are about 150 users, mostly administration, currently using this solution in our company. We don't encounter many problems with the system.

I am encountering issues when it comes to the scalability of the solution.

Our experience with technical support has been disappointing. We require more prompt and faster response times. We require answers to our questions right away but we haven't received that level of support.

The initial setup was very easy. We followed the given instruction protocol. We also used white papers when necessary for clarification and better understanding. It only took us one month to implement.

We used an integrator for the deployment. It was a good experience. 

Setup cost, pricing and licensing are all very expensive.

We are very pleased with the Safeguard platform feature. You can't find this technology anywhere else.

On a scale from one to ten, one being the worst and ten being the best, I would give this product a nine rating. If the technical support was better I'd give it a 10 out of 10.

We introduce One Identity Safeguard to customers, primarily Italian customers who need to partner with solutions that protect their target resources.

What I like about One Identity Safeguard is its interface, which is easy to understand, even for people new to the product. I also like that the solution collects data without any access to the machine, plus it has a feature that lets people explore access to machines within a network.

Regarding the usability and functionality of One Identity Safeguard, the most common feedback I receive from users is that the solution is easy to use and can easily move data.

I also like that One Identity Safeguard lets you configure the maximum number of connections to the target, a configuration I didn't find in its competitor.

My customers use the transparent mode for privileged sessions in One Identity Safeguard, and it is easy to use, though it may be more difficult to configure. I haven't received any customer complaints about that feature, so it's not that difficult to use.

To start using One Identity Safeguard in terms of training for people who manage the solution and the end-users, my colleague and I took a course from One Identity. That training was enough for the basic features, but for some other features, my colleague and I had to create some tickets, though he and I know the database and processes. For users, it is easy because my company provides them with a two-page resource manual with screenshots. Then, I spent some time with the managers to show how One Identity Safeguard works, which is very easy because I've used the solution before. 

The analytics interface of One Identity Safeguard is also easy to understand.

A feature I found in a competitor would make One Identity Safeguard better, and that is the ability to load balance the traffic in the target. For example, in two machines with some applications, I would like to balance traffic between the two machines with the help of One Identity Safeguard. It would be great if the solution allowed users to add some applications to a cluster and balance the traffic between the applications.

I've been working with One Identity Safeguard for customers for six months.

Stability-wise, One Identity Safeguard is okay. It's been running for almost one year, and there's no problem with its stability, so, in terms of stability, it's a seven out of ten for me.

The scalability, including the clustering for One Identity Safeguard, could be improved. It is fair right now, scalability-wise, and from an engineering perspective, it may not be as easy to do that because the appliance would have to be encrypted, and there's a security requirement. Still, it would be nicer if scalability could be improved in One Identity Safeguard.

Support for One Identity Safeguard could be improved because sometimes the support team doesn't have an answer or solution for some bugs. Support-wise, it's an eight out of ten for me.

Positive

I used a different solution previously, but One Identity Safeguard could limit the maximum number of connections to a target. The other solution, on the other hand, could not do that but has a load-balancing feature.

My company deploys One Identity Safeguard for customers, and I found the process easy.

My customers use the One Identity Safeguard virtual appliances.

I have not used the Cloud Assistant feature of the solution.

I have not used the Remote Access feature for privileged users in One Identity Safeguard.

My company does not integrate the solution with any other parts of the business, such as development, operations, and RPA. It was just tested but not rolled out in production.

In terms of how the deployment of One Identity Safeguard affects privileged users may be a complex question because the customer didn't have a previous infrastructure. The customer is now building the infrastructure, so it's a dynamic environment. The customer doesn't have an old environment.

I'm a One Identity Safeguard integrator, and my company also resells it.

Regarding maintenance, usually, it's not required. Still, sometimes a user could complain about not being able to access passwords in One Identity Safeguard or that there is some misconfiguration I need to analyze, and in the end, the issue is with the target appliance and not One Identity Safeguard.

My rating for One Identity Safeguard is eight out of ten overall.

We use it to link our virtual systems. We have Windows and Linux, and we have some applications. We use One Identity Safeguard to connect to them. We also use Password Vault, and we do session monitoring.

I am one version behind the latest version. I usually wait before doing an update to make sure that there are no problems with the new release.

One Identity Safeguard helps with accountability. We now know which person is accessing which machine. It also helps to make sure that they are secured, and that everyone knows what changes they need.

We have used the transparent mode and non-transparent mode for privileged sessions. The transparent mode is more difficult than the normal mode, but with the help of the documentation, we figured out how to do the necessary configuration and use this mode. Generally, we use the normal mode. We do not use the transparent mode. 

We use the Secure Remote Access feature for privileged users. It was very easy to manage remote access for privileged users by using this feature. When our users cannot be physically present at our place, they can access the resources using the Starling account. It is easy.

The Secure Remote Access feature does not make use of a VPN. This is very important for us because there are some problems with using VPN, so it is easier to use something like Starling. We can be sure that our users can access the network even from home and that the sessions are secure.

I have worked with other One Identity solutions. I have used One Identity Defender, One Identity SPP, and One Identity SPS. They worked very well for our users. We also use the authentication service to control the Linux machines with Active Directory accounts. They work well with each other. I have also used Safeguard Remote Access. I tried its features with Safeguard to allow our users to connect to the sessions by using the cloud so that they do not need to log in to the company servers.

One of the most important aspects is that it is very easy to use and install. It is also agentless, so all of the operations happen more smoothly than any other product. Our end-users find it easy. They have a web application. They only need to enter the credentials, and they can access the Safeguard session. They can use it very fast without any problems. Its learning curve is very low.

We can discover Windows and Linux machines, but we would also like to discover databases. It is very important for us. I have heard that in the new version, we can discover databases, but I have not tried it yet, so I am not sure if the new version does it properly or still needs some work. 

We would like to have the option of importing assets by using the CSV file. It was available in the earlier versions, but it is not available now.

I have been using this solution for about two years.

It is very stable. They always release new updates if there are any issues. For example, for the Log4j issue that happened a couple of months ago, they released an update to solve the issue and make sure that no user is affected by it. It is based on the Linux machine, so it is very stable.

I did not face any problems. It is very scalable, and it can be used for a small company or a big company without any problems.

Currently, there are about 20 users who are using it.

We have used their regular support, not the premier support. When we have any problems related to it, we open a ticket. They always help us. We might have to provide them with additional things so that they are able to troubleshoot better, but they are always helpful. I would rate their support a 9 out of 10.

Positive

We did not use any other solution.

The initial setup is straightforward. We have two installation types. We have Safeguard for Privileged Passwords and Safeguard for Privileged Sessions. For Safeguard for Privileged Passwords, we just need to import and the whole organization will be done. The process for Safeguard for Privileged Sessions is also simple. There are no problems.

The deployment duration depends on the number of systems, the number of users, and the number of applications. In a small company, it might take about two weeks or three weeks.

The deployment did not affect our privileged users. We just needed some time to get used to it. We were not using any PAM product before, so it took some time to get used to using it. It is more restrictive than the Active Directory system, but it is for the best.

For managing and deploying the solution, I took technical training. It was about five-day training with One Identity. After that, I started its deployment. In case of any problem, we could check several resources. We could check the administration guide or forums. We could also open a support ticket with One Identity. For the end-users, I gave the training, and it took one or two days at the most.

I deployed it myself.

We checked out a couple of solutions, but I was not a part of the selection process.

It is a very easy solution. In case of any problem, you can contact the distributor or the vendor, and they will help you.

I have worked with physical and virtual appliances. We went for virtual appliances because they are easy for us. We have servers in our company, so we have the space and resources to install them.

I would rate One Identity Safeguard a 10 out of 10. I have used it for some time, and I enjoyed working with it.

We use it primarily for our IT team, so they can access our production and pre-production environments, to have better accountability. They have to create a ticket, check it out, and then they have to get approval from our approvers group. So there's accountability from beginning to end, and we also record the sessions.

The time frame to get sessions rolling has been cut to a third. From a productivity standpoint that's tremendous.

In addition to that, the ease of use is fantastic because our IT team is able to check out sessions very quickly because it's so intuitive and easy to work with. They're pleased with it and it allows them to do their jobs much faster. That's probably the largest way it has improved things for us.

Finally, because of the intuitiveness and ease of use for end-users it has been really simple to train on. This product has worked flawlessly for us.

There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time, resulting in an increase in productivity and a decrease in issues and errors and interface problems. It increases redundancy and gives us a much easier interface to use.

We're using virtual appliances for Safeguard because of the flexibility of virtual appliances. We can snapshot them, we can restore them quickly. There's a lot more flexibility with virtual.

We use the solution’s Approval Anywhere feature, and it allows a group of five individuals to receive notifications on their phones, through Starling, and review a request and approve it with one click.

We also use the solution’s “transparent mode” feature for privileged sessions. We record them and we also review them. That way, if there are problems with any configurations they did, we can go back and review them. Also, for mentoring, teams utilize it to help individuals deploy code better or to make changes to configurations. There are a lot of positives with that feature. It was very easy to start using this feature. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with. The rollout of "transparent mode" was seamless for our users. We sent out picture instructions on how to do it and offered to get on a call with people to discuss it with us, but nobody had any questions. In terms of the monitoring itself, it doesn't affect things any differently than the previous solution. It's pretty much the same. Obviously, using the tools is easier, but we were monitoring the same type of information as before.

There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product. Because we don't tie it to an RDP session, you actually have to click the download button and then open the RDP session from there, versus just clicking the launch button and it automatically opening RDP.

Before Safeguard we used TPAM, which is one identity's product as well. We upgraded but we've been using the overall product since 2016.

Overall the solution is very stable. We have not had any major issues on it. It's a nice system.

The only issue I have run into was with our failover two our redundant. There was a pointer to the One Identity platform, it's called an SPP, and it wasn't pointing correctly. But we were able to resolve it. There have really been no issues besides that. Otherwise, everything is very seamless when doing failover and full redundancy.

We can continue to add more VMs to support thresholds. We can certainly scale up with it. It's being used on about 300 servers right now and we have plans to expand to about 200 more.

We have 50-plus people using safeguard right now and they're all in IT. For deployment and maintenance we have one to two people.

We haven't had to use technical support. It's been a solid platform so far.

Previous to this, we were using TPAM and, while it worked, it was horrible to work with. When we saw and got a demo of Safeguard and saw that we would be able to approve things from our phones, saw the user interface which was so much nicer — more intuitive, a lot easier to configure — we went from our teams complaining about the old product every day to not hearing one complaint at all. As a matter of fact, I hear compliments about how much they love Safeguard.

The feedback I have had from users has been a lot of compliments about how much they enjoy working in the interface. It's so much easier to use. It's quick. They can get to the point of checking out a server and of being compliant with security requirements, while at the same time being able to troubleshoot an issue much faster than they used to be able to.

The initial setup was a little complex.

We worked with an integrator, Rallypoint Solutions, to accomplish it because we hadn't accomplished it before with Safeguard specifically. The integrator was tremendous. I have nothing but good things to say about Rallypoint. They helped integrate the whole thing. They really had a great understanding of it. We worked with them throughout the entire setup. We were the hands and they were guiding us. Overall, it was very easy to get up and running.

It did take about a week, eight hours a day — so 40 hours — to get fully up and running and everything imported from the old system into the new one, and to make sure all testing and redundancy were done.

The deployment was not disruptive to our privileged users at all. We ran both the old system and the new system in parallel and allowed them to migrate over after a period of two weeks. However, we had most people on it the first week and they loved it. They were eager to get off the old system.

It required no training. I provided step-by-step picture instructions that we had written out and that was it. They were good to go. We did have a strategy in place, if we needed to work with our teams from a training standpoint. We had sessions set up and ready to go where a live person could walk them through it. But none of our IT users seemed to need that. It was very intuitive.

We have seen ROI using Safeguard. For example, configuring a session in the old version used to take them 10 or 15 minutes, or more. Not only that, but the live person who was the approver had to be logged into the system. So the requester could actually wait a couple of hours before somebody would be able to log in and approve the session. With Safeguard, it's approved within less than a minute because approvers get the notifications on their phones and are able to review the tickets effectively. They understand what's being accomplished and know that it has a ticket number with more detailed information that they can verify, and they can approve the session right there. The individual gets that approval immediately. We went from an average of from anywhere between 15 minutes and two hours down to less than a minute or two. That's tremendous.

They offer a fair price for a robust solution.

In addition to the standard licensing fees there are costs for Starling, but they're very minimal annually. You need Starling to use the mobile Approval Anywhere feature that is so convenient. So it's worth every dime. That extra cost is so small that it's not really even noticeable.

There are integration costs if you aren't looking to do it yourself. I highly recommend their integrators. They are a little expensive but certainly worth the money.

We did evaluate other solutions, but this is the best choice. We went with Safeguard because of the flexibility, the interface, and a more seamless migration from the old system to the new system. And costs were a consideration, obviously.

If you're looking for something that is easy to use with a very intuitive interface — even the administrator interface is very intuitive — I would highly recommend Safeguard. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with.

The biggest lesson I have learned from using Safeguard is to make sure you have enough accounts available for individuals' sessions so that they can check out. The way Safeguard works, an account is created just for Safeguard. Individuals go in as themselves and then they have to check out this account in order for that account to be able to remote to the server. That account would be the only one allowed to remote to the server. But if multiple people have the account checked out for multiple hours, that presents an issue. So keep your session times as minimal as possible. Even for timeout, allow them to change it if they think they're going to use it longer. But the important thing is to make sure that you either have enough accounts or have your session timeouts limited.

We do use the solution's behavior analytics feature, but I wouldn't say that it's too useful at this point for us because we know what their usage is because it has to be done through tickets. For how long they're using it, what kind of configurations they're doing, and what they're doing, the analytics piece of it is more expected for us, as a result. It does help us to identify risky actions without having to create a set of rules or policies, and without any effort on our part. But in our environment, if users don't put in a ticket and provide effective comments, then our approvals group doesn't approve it. There's no automatic approval set up. An individual reviews every request, so malicious use would not be possible.