Hitachi ID Privileged Access Manager
Strengths: Solid system with many integration options.
Weaknesses: A bit pricey due to the need for included devices and software.
Verdict: Fine product overall, but don’t forget that a platform and a backend database are required and need to be considered in the lifecycle cost of ownership.
The Hitachi ID Privileged Access Manager is a more traditional privileged account manager product with some really great features and functionality. This tool allows administrators to easily schedule the randomizing of privileged account passwords across many different systems, including Windows, Linux, UNIX, network devices and applications. Once passwords are randomized, they are stored in an encrypted vault and can be accessed by users or groups depending on assigned policy.
This product is a software-based install and requires a server, either physical or virtual, on which to be installed. Also required is access to a SQL server instance to install the backend password database. Setup and installation are wizard driven and straightforward. Once installation is complete, the product is managed via a simple web-based management interface. We found the interface to be easy to navigate with an intuitive layout. Also, users and groups can be managed directly within Active Directory allowing for seamless integration with the already existing infrastructure.
From a user perspective, this solution allows for access into systems using native or browser-based clients for access flexibility depending on need. Its true standout functionality is its ability to manage pretty much anything with a privileged credential. The Privileged Access Manager includes native connectors for dozens of systems and applications, including the ability to be injected directly into application code to manage service accounts or application accounts. Customers can also create custom connectors for almost any application.
User access to systems can include access through a terminal client, such as Terminal Services or Putty, copying and pasting a password without being able to see it, having the users account temporarily and automatically placed in a security group, temporarily append SSH keys, or directly display the password to the user. All access methods can be assigned based on user or security group within Active Directory. From an auditing and logging perspective, this product offers detailed logging of session activity, including fully recorded sessions and full audit trail. Along with the detailed logging, this offering has ties into the Hitachi ID Identity Manager suite, which allows for greater granularity and integration with user accounts and access policies. Further, Privileged Access Manager can directly integrate with several ticketing systems which would require a ticket be generated before a user could access specific systems, and ticket workflow could require specific conditions be met before the user can carry out their request.
Documentation included installation and user guides in PDF format. Both include detailed configuration and usage instructions along with many screen shots and step-by-step examples. Both were also easy to follow and well-organized.
Hitachi offers phone- and email-based technical support as part of an annual maintenance subscription. This also includes full updates and product upgrades as long as it is active. Customers also get access to a web-based support portal, which includes many resources, such as a knowledge base, technical documentation, custom connector packages and training materials.
The Hitachi ID Privilege Access Management suite is easy to deploy and easy to use and includes granular configuration options. At a price of about $52,000 for a 1,000-endpoint license, we find this product to be a good value for the money. However, server and SQL software also are required and are not part of the price.