02:40 PM
Connect Directly
Repost This

Review: Password Management: Grief Relief

With more users, partners, accounts, and platforms, password automation is becoming a necessity. We tested seven password-management products and granted our Tester's Choice to the one with outstanding policy creation and enforcement as well as extensive platform support.

Installation and Pricing

We asked vendors to price out a 5,000-user scenario based on our testing requirements. Some quoted a per-user or a flat fee, while some charge for each server. Pricing ranged from $35,000 to $284,850. Is the comparison a perfect case of apples to apples? Probably not. Quest, M-Tech and ASPG quote a per-user charge. ASPG offers price breaks at 1,500 and 3,500 users. Avatier charges for each system you intend to integrate with and per user. Avatier's and Courion's pricing are tailored to our test bed. Passlogix's v-GO is priced higher because it charges per seat for each module--nothing is bundled. ActivIdentity sets price based on an SSO implementation, not just as a password reset tool.

Who gives the most bang for your buck? M-Tech's P-Synch represents a good value. Although ASPG's ReACT and Quest's PRM cost less, their feature sets are lighter. And don't forget yearly maintenance: The vendors charge 20 percent of custom price for maintenance (version updates, patches, tech support and so on). Avatier offers a gold/silver/bronze maintenance pricing structure; 20 percent is for its silver maintenance plan.

It took us about a day to install each product and another day to configure in our test bed (more details on our test methodology can be found here). Basic installation was easy. Integration takes time--how much will vary greatly based on the number of systems included in your deployment. All the vendors offer professional services, and most will provide sample project-implementation scenarios. Our advice: Be upfront about all the systems you intend to integrate, and ask vendors for reference customers with comparable setups. If in doubt about needing professional services, all but the largest companies should budget for five days (or 40 hours), and be clear to the vendor about that limit.

The Great, and the Good

A password-management project should, at a minimum, provide self-service password reset, password synchronization and password-policy enforcement. These three key features can be found in point products, SSO tools and provisioning frameworks.

SSO tools, such as those from Passlogix and ActivIdentity, offer similar feature sets to password-management products but also log the user on to multiple back-end Windows, Web and host applications. Organizations granting customers or trusted business partners access to select network resources may find SSO optimal. However, the price per user is higher.

If you're not looking at provisioning now but it's tagged as a future directive, then what many consider to be point products can get you there. Avatier, Courion and M-Tech provide for account provisioning. If helpdesk automation is your goal, all the products we tested support ODBC connectivity, but Avatier's AIMS, Courion's EPS and M-Tech's P-Synch add tight integration with widely used helpdesk/ticketing systems to provide automated trouble tickets based on audit log entries.

Some vendors offer soup-to-nuts suites, while others partner up. Novell, for example, resells ActivIdentity's SecureLogin with additional features. RSA Security licenses Passlogix's v-GO SSO to support its Sign-On Manager. Citrix also partners with Passlogix to complete its identity-management suite.

Although the products from Avatier and Courion came close to taking the top spot, we awarded our Tester's Choice to M-Tech's P-Synch. It pushed ahead with its excellent built-in support of numerous OSs, directories, databases, applications, browsers and programming agents in addition to superb policy configuration options.

3 of 13
Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.