One Identity adds new Approval Anywhere management to Safeguard PAM solution

While this is still mainly a direct play, the channel component has been growing, and One Identity is actively trying to grow its channel business around Safeguard.

One Identity, one of the four business units in Quest since it was spun back out of Dell EMC last fall, has announced the 2.0 version of its next-generation One Identity Safeguard privileged access management [PAM] solution. While it features several upgrades, the big one is what One Identity is calling “Approval Anywhere,” a cloud-based workflow to securely approve session or password requests from any device.

Safeguard is the second generation of a venerable product, TPAM, which Quest acquired in February 2011 with e-DMZ, before its own acquisition by Dell.

“e-DMZ was the first company to release a PAM,” said Jackson Shaw, VP of Product Management at One Identity. “It was a mature product at the time it acquired, and it was the star in our portfolio. Safeguard is the next generation product, which replaces it. We have been at work on this for close to 24 months. It’s a complete re-architecturing and rewrite of the old product – basically a brand new product with brand new user design, and modern techniques for things like cluster failover.”

In addition to a completely new user interface, Safeguard 2.0 adds several new features.

“We’ve thrown in the latest engineering capabilities,” Shaw said. “Approval Anywhere” is an industry first, which lets admins use a cloud-based workflow to approve session or password requests from any device. It’s a big step up from sending an email to someone to approve this.

“Approval Anywhere has two-factor authentication, which customers will soon expect in these kinds of products,” Shaw added. “Being able to support cloud based apps, as this does, is also becoming extremely important for products like this.”

At this point in time, Safeguard 2.0 is available in one form factor, a hardened appliance. Shaw said that given the nature of PAM, making this hardware-specific is an asset rather than a limitation.

“By shipping this with a preconfigured secure appliance form factor, we can have a customer up in four hours and completely operational in a day or two,” he said. “With a software PAM deployment, they have to manually configure and patch things and it takes much, much longer.”

At some point, alternative form factors will be available for customers who want that, Shaw stated.

“While we don’t have virtual or cloud options today, we are looking at both eventually – especially virtual,” he said. “They are on the road map, not close, but about 12 to 18 months away. While management is easier in the hardware appliance, some organizations think they can manage security well. and want this in virtual – and we do want to cater to them.”

The appliance clustering uses a unique deployment model in which the clustered appliances communicate with each other, providing full redundancy and ensuring 24/7 uptime.

“Any appliance in the cluster can respond to password requests, which means that the appliance closest to the user will respond,” Shaw said. “This ensures very fast response time.”

Safeguard 2.0 is now available in 11 different languages.

Privileged access management has historically been a direct play until fairly recently, among the vast majority of companies who sell it, not just One Identity. Shaw said that while Safeguard is still proportionately a direct play, the channel composition has been growing and continues to increase.

“This particular product set is about 75 per cent direct and 25 per cent channel,” he said. “However, it is our objective is to increase revenue based on channel sales. We recently had 250 partners on a webcast, and there is a lot of interest in this from both reseller partners and MSPs.”

One Identity Safeguard 2.0 is available now.