With more users, partners, accounts, and platforms, password automation is becoming a necessity. We tested seven password-management products and granted our Tester's Choice to the one with outstanding policy creation and enforcement as well as extensive platform support.
Installation and Pricing
We asked vendors to price out a 5,000-user scenario based on our testing requirements. Some quoted a per-user or a flat fee, while some charge for each server. Pricing ranged from $35,000 to $284,850. Is the comparison a perfect case of apples to apples? Probably not. Quest, M-Tech and ASPG quote a per-user charge. ASPG offers price breaks at 1,500 and 3,500 users. Avatier charges for each system you intend to integrate with and per user. Avatier's and Courion's pricing are tailored to our test bed. Passlogix's v-GO is priced higher because it charges per seat for each module--nothing is bundled. ActivIdentity sets price based on an SSO implementation, not just as a password reset tool.
Who gives the most bang for your buck? M-Tech's P-Synch represents a good value. Although ASPG's ReACT and Quest's PRM cost less, their feature sets are lighter. And don't forget yearly maintenance: The vendors charge 20 percent of custom price for maintenance (version updates, patches, tech support and so on). Avatier offers a gold/silver/bronze maintenance pricing structure; 20 percent is for its silver maintenance plan.
It took us about a day to install each product and another day to configure in our test bed (more details on our test methodology can be found here). Basic installation was easy. Integration takes time--how much will vary greatly based on the number of systems included in your deployment. All the vendors offer professional services, and most will provide sample project-implementation scenarios. Our advice: Be upfront about all the systems you intend to integrate, and ask vendors for reference customers with comparable setups. If in doubt about needing professional services, all but the largest companies should budget for five days (or 40 hours), and be clear to the vendor about that limit.
The Great, and the Good
A password-management project should, at a minimum, provide self-service password reset, password synchronization and password-policy enforcement. These three key features can be found in point products, SSO tools and provisioning frameworks.
SSO tools, such as those from Passlogix and ActivIdentity, offer similar feature sets to password-management products but also log the user on to multiple back-end Windows, Web and host applications. Organizations granting customers or trusted business partners access to select network resources may find SSO optimal. However, the price per user is higher.
If you're not looking at provisioning now but it's tagged as a future directive, then what many consider to be point products can get you there. Avatier, Courion and M-Tech provide for account provisioning. If helpdesk automation is your goal, all the products we tested support ODBC connectivity, but Avatier's AIMS, Courion's EPS and M-Tech's P-Synch add tight integration with widely used helpdesk/ticketing systems to provide automated trouble tickets based on audit log entries.
Some vendors offer soup-to-nuts suites, while others partner up. Novell, for example, resells ActivIdentity's SecureLogin with additional features. RSA Security licenses Passlogix's v-GO SSO to support its Sign-On Manager. Citrix also partners with Passlogix to complete its identity-management suite.
Although the products from Avatier and Courion came close to taking the top spot, we awarded our Tester's Choice to M-Tech's P-Synch. It pushed ahead with its excellent built-in support of numerous OSs, directories, databases, applications, browsers and programming agents in addition to superb policy configuration options.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.