1) Make it All About You – Focus on Use Cases, Not FeaturesWhether you’re implementing privileged password management for the first time or replacing an existing solution, focus on what problems you need to solve, instead of the feature set. The privileged password management market is maturing, so there’s a lot of similarities between solutions. The big differences often lie in how they approach the problem. As you outline your use cases, be sure to consider integrations with threat analytics, SIEM, identity and access management, and any other IT security solutions already deployed in your enterprise. These integrations should save your IT admins time, not add more administrative burden.
2) Flip Through That Reports CatalogReporting and analytics are often overlooked in the evaluation, but it’s one of the main outputs that you will need to share with your organization. Key questions to ask:
- How many reports come standard?
- What are the most common?
- Can you integrate data from your other security solutions into your analytics and reporting?
- How easy is it to customize reports to suit your organizations’ changing requirements?
3) See the Solution in Action: Use Proof of Concept and Bake-offsWhen you’ve narrowed your solution vendor list to a manageable few options, ensure you know what you’re buying by scheduling proof of concept (POC) or bake-off sessions with the vendors. POC’s and bake-offs give you an opportunity to see the solution implemented in real-time. It also provides insight into the level of effort that your solution will require. Ask questions like:
- How many professional services engineers does it take to get the solution up and running?
- Can you make changes to parameters on the fly, or will you be forever reliant on the vendors’ professional services team?
4) Get Second Opinions from Trusted Advisors (Account Manager, Professional Services Engineer, Pre-Sales Engineer, Independent Industry Analysts)Your sales rep, pre-sales, and professional services engineers from the vendor should give you a glimpse into what it’s like to do business with the vendor. Key questions to ask:
- Are they knowledgeable and helpful?
- Is there documentation to explain the questions you have?
- If you’re working with a partner, what’s been their experience with the vendor?
5) Think About the Future – Request a Roadmap DiscussionSince your organization’s needs will likely change over time, it’s important to understand where the vendor’s solutions are headed. Asking for a roadmap will not only provide insight into their level of commitment to addressing your use cases today, but also help you gauge whether privileged password management is a top priority for their organization going forward. With all of the industry consolidation happening in the PAM market currently, this is very important. Every organization’s needs are unique, but the five tips I mentioned should apply to any buying situation. For more information on privileged access management, be sure to join us for our upcoming educational webinar: Migrating from Shared Accounts to the Dual Account Model to Manage Risk, Enforce Accountability and Facilitate Behavior Analytics for Privileged Account Activity. And, as always, contact us with any questions.
Sandi Green, Product Marketing Manager, BeyondTrust
Sandi Green is the Product Marketing Manager for PowerBroker Password Safe, PowerBroker for Windows, and PowerBroker Mac at BeyondTrust. She has over 20 years of sales and solutions marketing experience with technology companies that served a variety of industries ranging from life sciences, human capital management, consumer packaged goods and most recently IT security. When she’s not following the latest trends in Cybersecurity, she’s busy following college football and basketball. Follow her on Twitter at @SandiGreen3.