Axiad Conductor Reviews

Our use case is credential management for one of the business units. Axiad provides credential management for those users, including the creation of new credentials and life cycle management of them. When credentials expire, users can self-serve and perform updates.

We were looking for a way for users to self-serve and increase productivity. Before Axiad Cloud, every time a user was locked out they would have to call the help desk and wait for someone to call back and help them recover their accounts. Now users can do it themselves and cut down on the time they are down with an expired credential. That was the primary driver for why we looked at using this solution.

The biggest benefit is that Axiad Cloud has increased the productivity of the business unit where it has been deployed. Before, we had anywhere between 10 and 15 percent of our users that were, at any given time, not able to sign into their systems because of expired credentials. With the introduction of the solution for that business unit, that number went down. That's a measurable advantage. Users also say it is much easier to use but that is not something that we can measure.

The life cycle management of credentials is the aspect that we have found to be the most useful. The solution does other things such as act as a certificate of authority, but we don't really use any of them because we already had a certificate of authority in place. The differentiator that Axiad provided was the ability to provide users a way to self-serve the updating of their credentials on their private keys. That was the feature we were most interested in and Axiad does an excellent job of it.

I have been using Axiad Cloud for four years.

It's pretty stable. We're talking about a solution used for credential management and that involves login and access to systems. Those processes have high visibility so if anything were to go wrong with that, we would know about it.

As far as I know, for however long we have used the solution, there have not been any unplanned outages. There have been planned outages during which they were upgrading systems, but it has never gone out so that we were unable to use it.

The way it's designed, it's supposed to be very scalable. I did speak to them about the possibility of rolling it out enterprise-wide, which would have meant 80,000 to 100,000 users. They told me they could leverage the same deployment we have today without having to add to it. It would just be a matter of purchasing additional licenses. They explained that the architecture behind it, like any other cloud deployment nowadays, has the ability to scale up and down on demand. That indicated to me that it's pretty scalable.

We started with about 5,000 users and, over the last few years, it's grown to between 7,000 to 8,000 users, maybe even more.

However, with their licensing model, it becomes hard to scale. For example, we couldn't roll it out enterprise-wide because if you scale it across more than 100,000 users, the cost becomes too exorbitant. That's one area where, if they structure the pricing differently, similar to other products, it would be easy to adapt enterprise-wide.

Before using Axiad, users were logging into the system in a different way. We switched over to security keys and we needed a way to manage the certificates on those keys. We didn't have anything like Axiad before we introduced it.

Prior to that, users would call the help desk and try to resolve their access issues. It was a manual, traditional way of resolving access issues.

They deployed a dedicated instance for us that we renew every year. It's all cloud. The on-prem components are not Axiad, per se. The solution is 100 percent on the cloud.

I was involved in the deployment from an architectural perspective. I helped in defining what we needed, in looking at the marketplace for solutions, and then I worked with the delivery and engineering teams to implement and deploy it.

The deployment was very straightforward, partly because Axiad was there to help with every aspect of it. There were only two complicated parts. The first was that we are in a very regulated industry, so there are a lot of requirements that the vendor has to meet. It was the very first time they were deploying in our type of environment, so it was a little bit challenging to get Axiad through all those checks and requirements.

Secondly, to connect Axiad Cloud to our internal environment, there were a number of requirements that we had to ensure were met. The logistics of going through the checks that were needed to make it happen, because Axiad at that time was a small company and hadn't done many other larger integrations, was the hardest part.

If we were deploying it today, perhaps it would be different because they've been around for a while now, but at that time it was a little bit challenging.

There is no maintenance of the solution on our side. They provide the service to us and we consume that service. We don't deal with any maintenance of the solution.

Axiad had four people involved in different roles, including two engineers who were hands-on and dedicated to working with our team. On our side, both the networking team, with one person dedicated to this project, and the Active Directory/Certificates team, with another two or three people, were involved.

We did some calculations to determine how much it costs when a user calls the help desk to have an issue resolved. We tried to estimate how much time was wasted while they were waiting to be helped and how much we paid the help desk agent who was helping them. We came up with a figure of around $120 per user, per incident. The licensing for Axiad, per user, was less than that. 

In terms of return on investment, we estimate it at somewhere between 10 and 15 percent savings per user.

As part of our due diligence we did review other solutions, but that was four or five years ago. We initially looked at three solutions, narrowed it down to two, and, after speaking with both, chose Axiad.

You have to understand the number of users and the number of devices that are going to use the solution. I'm saying that because of my experience with the licensing part. That's my one gripe. If you approach it the way we did, starting with one business unit and you then want to scale it across the enterprise, the cost can go much higher really quickly. It's not something you'd easily scale from a licensing perspective without significant additional budget increases. Scope it accordingly, because licensing can become an issue.

Also, look at your certificate authority because one of the things we did was go with another certificate authority, not believing that the Axiad solution would be sufficient. We ended up paying for another vendor to provide the CA capabilities when we could have gotten that as part of the package from Axiad. Do some analysis on the things that you already have and see what you could eliminate, things that Axiad, as a package, is going to provide. It may end up saving you money. That's the one mistake we made because we had already signed contracts with the other vendor. At the time, either Axiad didn't explain this aspect well enough or we didn't understand that they were offering CA as part of the package, so we missed out on that.

For the one use case that we specifically wanted to solve for that one business unit, it has performed perfectly. I haven't seen anything that I do not like. During presales, they said it was going to do this specific functionality and, when they deployed it, it did exactly what they said it was going to do. You rarely see that nowadays where you get a capability and you don't have to play around to make it work the way you want it to. But that wasn't the case with Axiad Cloud.

The main use case is to register and manage smart cards for all of our users. We have investigated using Axiad for other forms of multi-factor, but haven't had the time to implement those projects yet.

A great example of how it has helped our organization is as a result of our partnership with them and implementing multi-factor authentication for all of our users. Eight months after implementation, we started to see a decline in help desk calls for security issues, to the point that the number of calls about our multi-factor solution is less than our historical number of password-related calls.

We've enabled all of our users, except for our administrative users, to enroll through self-service tools, all the way up to our executives. We felt so comfortable with the solution that they're enrolling themselves and re-enrolling their tokens when they expire.

Another benefit is that it has definitely saved us a lot of time. The money savings come into play through the reduction of risk and having a simpler method for our users to authenticate. There is no more changing of passwords, there are no more expiring passwords, and we no longer have to rely on users for the security of our authentication tokens by forcing them to choose appropriate passwords.

What I have found most valuable is the overall way Axiad listened to our problems and helped us solve them. They provided guidance and expertise, with their experience, that enabled us to be successful in a very challenging space.

Also, our users required almost zero training once they were in the Axiad portal.

We are using Axiad for workstation, cloud, as well as our web single sign-on and our VPN access. They've covered everything.

We've sat down with them multiple times to discuss things they could do better, and they've done them. I'm looking forward to seeing how they move to FIDO U2F as their primary authentication method across all of their solutions.

We have been using Axiad Cloud for just over four years.

The stability is excellent; no issues.

The scalability is also excellent.

We have in the neighborhood of 20,000 users, from clerks through to our CEO. It's used by the entire organization. The only increase in use will be through growth.

The technical support is very good. We haven't had a lot of problems, but when we have had something, we have gotten engagement from them. 

If it's a large problem, we typically see a very short turnaround. If it's a problem that is more of an inconvenience or we're looking for a report, we usually see that taken care of in the normal lifecycle of the product, in the next upgrade or a future version.

Positive

We had a number of different point solutions for multi-factor, and we've now consolidated on Axiad's solution.

We are an older organization and we had always relied on usernames and passwords. The move to MFA not only required changes to technology, but the solution had to be robust enough to remove friction that might be caused by requiring our users to change behavior.

Since we're on-premises, the setup was really complex. We had to build infrastructure underneath. The Axiad part of the solution was implementing the credential management, and that was relatively straightforward, but the overall integration was complex. Having their expertise engaged was really how we got through it. 

We have a specific flow, a manual process, when it comes to authentication, following the NIST standard for identifying our users. We force them to show government credentials to identify themselves before we'll issue credentials. My team takes care of that for our users.

But I've walked through the deployment of Axiad Cloud, and it's a very different experience. That infrastructure isn't required, the certificate authority and the hardware HSMs aren't necessary. It takes a lot of the complexity out of the equation when you just use their native cloud offering.

The deployment of the technology for us, being on-premises, took about four months. We took a risk-based approach. We started with the users with the most access and ended up rolling out to the entire organization over about a two-year period.

The deployment was done by a team of four within our organization and maintenance is about half of one FTE.

Any multi-factor implementation involves a complex set of technologies. The Axiad solution made it easier, but it really was due to their help in implementing it that we were able to solve a lot of difficult problems. Without them, our project timeline would have been much longer.

Their professional services had a guide and we worked with them to follow that, implementing things based on available standards. When we were done with the implementation, a second representative from Axiad came in and audited the work of his peer from Axiad, along with our team's work, to ensure that we met the requirements that we documented before the start of the project and that we followed best practices and written standards.

ROI in the security space is always a challenge. I would liken security programs to insurance policies, so a set ROI is probably not achievable. It would not fully recognize the value of reducing risk in the org. We could quantify how many fewer tickets and how much less help desk time we're using, but that would ignore that reduction in risk.

The overall risk reduction and ease-of-use have been our two, longer-term returns on our investment.

We have a rigorous supplier process that we have to follow, and we put out a request for proposal. Axiad won that and we then went through the implementation with them.

Axiad's price was very competitive and the solution they proposed was based directly on our requirements and customized to our needs. The other vendors were all selling something of a turnkey, "Here's what you get and make it work" type of solution. Axiad was the opposite: "We're going to make it work for you," which was awesome.

The only con is that they are a small, but growing, organization. For a large enterprise, sometimes the viability of an organization is a concern. But it was about five years ago that we started talking with them, and four years ago when we started implementing. They've shown that they have some staying power.

It's really about ease of use and focusing on your users. Security is always paramount, but if you give people something that is secure yet hard to use, they're going to find ways around it. With the solution we have been able to give our users, I see a lot of happy users, and our adoption is such that I don't see users trying to circumvent our processes.

If someone were to tell me they've deployed multi-factor authentication for most of their use cases but not all of them, I would say that multi-factor is the best control to stop initial access in the attacker lifecycle. If done correctly, the long-term impact to users becomes a positive. If people are hesitating based on the concern that users won't like it or it's hard to use or implement, what we have found is that as long as you have support from management, you can get it done and you can prove to users that you can do it in a way that it's useful to them.

The Axiad Cloud Airlock feature wasn't available when we first implemented the solution, but we're investigating its use. Our main use case for it would be to do some additional programming on our security tokens when the users first register them.

The solution is a critical security control for our organization. It has visibility at the board level and is visible to every one of our users, yet it is very unusual for me to hear a negative about the Axiad solution that we've implemented.

I work with very few vendors that I don't have some kind of suggestion for on how they could improve, but Axiad is one that just provides a great solution. And they continue to grow that solution to do more, but they covered all of our use cases.

Using Axiad, I have learned that there are organizations out there that are engaged in helping their customers be successful on this journey. The proposal they gave us was really built around our requirements and not just, "Here's a solution." That was key to our being successful: understanding our business, understanding our use cases, and catering to those aspects. I have really seen success in this space, one that some of my peers have found it very difficult to be successful in.

We are using it for PKI and multi-factor authentication through push notifications and OTP tokens.

The added security has helped us mitigate quite a few breach attempts since the system was implemented.

We are able to realize the effectiveness of our SOC using the platform. Through their analytics, we have found indicators of attempted compromise. The fact that they weren't able to get in because multi-factor was enforced has definitely been advantageous.

At this time, we have not fully deployed a passwordless platform. We are still partnering with them to do this on the actual individual endpoints. However, for our external access, it does help enable passwordless authentication quite well for everyone and every use case, including workstation logon, VPN, and cloud applications. It is very well-received by our users. This is important for us because that is what we are moving towards. 

It enables users to self issue their authenticators and manage them over time in a single pane of glass in a simplified platform.

The most valuable feature is the overhead management of the platform. There is less for my team to worry about. The day-to-day tasks, running the servers, and making sure that everything is patched is all handled by the platform. We just consume the service and work with them to refine it, making it even more valuable.

Aside from Active Directory, anything that is a multi-factor platform is handled through Axiad Cloud. It is critical for helping to enforce usage of authentication devices across our organization. One of our requirements to continue some of our contracts is to have multi-factor authentication across all devices accessing the network.

It is extremely easy to enroll a user with “One Click Issuance”. I have had very few calls to the service desk regarding enrollment. It takes a couple of minutes to enroll a user with "One Click Issuance".

Deploying and managing authenticators is very easy, either done by a mobile application or enrollment of an OTP token. It is very simple. This is important to my userbase, which makes it important to me.

Functionality-wise, it is pretty solid.

I would like a more modern look to the portal. 

I have been using Axiad Cloud for four years.

It is very stable. In the past four years, we may have experienced a total of 60 minutes of downtime, which is not much.

It scales seamlessly. In the mornings, when we have our highest user load, the system scales by itself in the back-end to handle the increased user load. Then, during the day, it scales back down to save resources.

We are at 35,000 to 40,000 users. The solution is used and heavily integrated with all our multi-factor authentication entryways. We have plans to expand it to other devices and other platforms as well.

The tech support is top-notch. They really know their stuff. The customer service is just as good. They are very polite and pleasant to deal with.

The tech support is very solid. Whenever we have had an issue, whether it is connectivity or other issues, they are pretty proactive in reaching back out to us. This is sometimes before we even know that there is an issue, letting us know that it might be something on our end or that they are working on something on their end that is unexpected. Therefore, they are very proactive.

Positive

Before Axiad Cloud, it used to take 10 or 15 minutes to enroll a user using the HID platform.

We have a long-standing relationship with Axiad. They helped us deploy the original HID solution. Then, we wanted something that was easier to use. That solution was all on-prem. We wanted something cloud-based that had higher resiliency and less administrative overhead. That is where we made the switch to Axiad Cloud.

Anything multi-factor being integrated into an existing environment is complex. However, working with Axiad, it was relatively easy for my team to partner with them and get this deployed in a little over a month for about 30,000 users.

We used Axiad’s service and customer care for the deployment. They were fantastic. They know the regulations just as well as we do. When you are speaking the same language, it just makes everything that much easier.

We have gotten the value that we were looking for with a simplified user experience. It took us three months from the beginning of the deployment to see this value.

It has driven down the number of our calls. This, in turn, saves labor hours on both our service desk and on the users. At this point, our calls to the service desk for multi-factor have dropped by about 35%.

The pricing is very competitive for what is offered at the level that we need. They are right there with what the industry standards are. They tend to be a little bit less, in terms of cost, when we are talking about security at government standards. So, I would say that they have a slight advantage on cost compared to the industry average. They are the lower cost solution and the best bargain out on the market today.

There is just the regular purchasing of new hardware tokens, if we run out.

We looked at other options for PKI issuance with some of the other big players, Duo and Okta. However, we just felt that the level of security provided by Axiad was superior.

Don't think twice about it. It really is a solid platform and well worth the money you spend. The technical expertise behind the team is top-notch. I would recommend them in a heartbeat.

I would tell someone who has deployed multi-factor authentication (MFA) for most of their use cases, but not all of them, "Hurry up and finish."

We have not deployed MyCircle yet.

I would rate this solution as 10 out of 10.

We use it for internal employees and our contingent or contractor workforce. We extend it, additionally, to vendors who are entities that are completely offsite but not full-time contractors and who still need periodic access to the environment. 

Our primary use case is for multi-factor authentication through VPN, as well as for local endpoint access and VDI. A more limited use case is for additional digital signatures or encryption, code signing and digital signatures for documents and for email, and for email encryption.

We use the solution for managing the cryptographic credentials for everyone on staff. Authentication is a process that the credentials are used for. Axiad is not controlling our authentication, they escrow and provide the certificates to support authentication.

They run the backend in a cloud. It's extended to us via a lockdown connection. They do all the administration and we're the front-end user. From a usability perspective, we load keys onto their smart cards or onto YubiKeys, which are something like a USB version of a smart card.

The really slick part of smart card authentication is that it's native. All too many of these modern authentication systems require additional software in your authentication environment. What attracted me to smart cards is that it's flat-out native. It just works. It's built into the operating system. You're not having to worry about compatibility issues when Microsoft runs an update or when the vendor runs an update. It's built-in yet very easy to use.

It's also a fast solution. Everyone has been in the position where they have had to type their username and then type their password, and that password is likely rotating and rather long and cumbersome. Because of all those factors just typing in a user password might take someone 20 to 30 seconds. Whereas because of the way a smart card is built and how the credential works, we're able to simplify that to a PIN . When you insert your card and you have to type your PIN, it's a completely numeric PIN that is much easier to remember. And it doesn't rotate as often because you don't have the issue of storing a password hash or the issue of having that password hash become compromised. There is no way to get the PIN off the card. It doesn't exist there. So we don't have to rotate PINs at all. It can be a lot weaker and just be numeric. Inserting your card and typing your PIN may take 10 seconds, and five if you're fast. When we rolled this out six or six and a half years ago, it was applauded by the users because it drastically reduced authentication time.

The solution has also saved us time by having end-users troubleshoot issues through the MyCircle feature, and has definitely reduced the efforts of our administrators. It is saving us five to 10 minutes per incident.

We have some self-imposed restrictions. We want to make sure a card is being issued to the right person so they go through a lot of validation steps. We don't want something as secure as a smart card being issued in one click. But the number of steps is as minimal as it can be and as easy to use as you would hope it would be, but it's certainly more than one click. Still, it takes seconds to enroll a user. It's quite quick. You select the user and say "enroll." But then there's the other side of that, which is the user activating their credential. Generating the certificates for the user is incredibly easy, but deploying those users' certificates requires a little more involvement because you want to make sure it's the correct user pulling the credential loading it into the card. Overall, it's intuitive and simple.

It's rare for me not to have a lot to say about room for improvement in products we use, but with Axiad Cloud there isn't a lot to say. However, macOS is notoriously ever-evolving and it's difficult to keep pace with it as it pertains to certain kinds of crypto authentication. That's really not even on Axiad. That's a decision by Apple, but it makes it a moving target.

I've been using Axiad Cloud for between six and six and a half years.

It's been flawless since we've had it.

Having used it in other environments, I can tell you it scales globally and to several million. It's incredibly scalable.

We currently have between 10,000 and 12,000 users, covering every single internal employee and contractor.

We didn't have a full-scale previous solution. We used RSA SecurID on a limited basis. We switched because we needed multi-factor for all users, and we wanted to consolidate physical and virtual access into one token.

The initial setup was incredibly straightforward. We went from proof of concept to production deployment in 45 days.

Our implementation strategy was to have all local and VPN users off within six months.

For maintenance of the solution, there's the printing of the cards which is a periodic task for one person. The facilitation of the issuance and backend management, et cetera, is a part-time role. But to provide resilience, we have three or four people involved, part-time.

We used Axiad’s service and customer care for deployment. Their support for our deployment and for helping us to comply with compliance and security requirements were outstanding.

There are a lot of design parameters to consider when looking at certificates and they were very thorough in outlining the pros and cons of each design parameter. They helped us step through things and made recommendations to try to simplify it. They provided recommendations on configuration features for the endpoints themselves. It was clear they had done this numerous times before and were able to share any potential wins that we could anticipate.

Overall, it was very seamless and they were very knowledgeable in simplifying the process.

With any security technology, I don't know if there is ever a return on investment. It's more a matter of risk reduction through investment. You're not going to make any more money because you're more secure. But you're not going to lose money because you are not secure. By that calculus, we have absolutely easily recovered our investment costs based on how we've reduced our risk posture.

This is the first multi-factor solution that we have leveraged so it hasn't saved us money, but it is incredibly low-cost for what we're getting. 

It's very cheap on a per-year basis. The cards themselves last about three years and the license is on the order of double-digit dollars per user, and not hundreds of dollars per user, per year.

We looked at a number of options for how we could do user credentials. At the time, there was a NIST guide, 863 or 863-2, that had different levels of authentication. Username and password were level one. Username and password, plus an RSA soft or hard token that required no additional authentication were level two. At the time, smart cards and one other technology were alone at the highest level of reliance. Axiad Cloud was really standing alone as one of the most secure options for providing a credential at time of authentication.

One of the other solutions we looked at was an inferior card type. Rather than being certificate-based, it was RFID, which has no security and the software flatly did not work.

My advice would be to read up on how public key infrastructure works and then look at extended use cases for going through that process, where you inherit digital signatures and person-to-person encryption.

The only device we have from Axiad is the card technology. The solution's life cycle is really transparent. They run impeccable security with highly restricted access and the access management from their side is incredibly tight as well, particularly based on their growth through the Department of Defense. A card stock is a card stock and its life cycle is about three or four years.

Axiad Cloud helps enable passwordless authentication for every use case, including workstation login, VPN, and cloud applications. The cloud does more than what we leverage. We use it for certificate-based authentication purposes. They do support push notification as well, we just don't leverage it. Our use cases are local and VPN, and it's all certificate-based.

The biggest lesson I've learned from using the solution is that security doesn't have to be difficult.

It's a key part of our security posture. It's incredibly important.

Our primary use case, and the reason we initially bought the solution, was to migrate our on-premises PKI environment into Axiad Cloud, and move all of our certificate management.

We have about 3,200 smart cards in the form of E-tokens, which have a PKI certificate on them. We have been managing them through our own PKI but we're moving that to Axiad. We have another 4,500 machine certificates for desktops, laptops, and servers, that we are also moving to Axiad.

Axiad is a private instance in a public cloud.

There are so many ways it has improved the way our organization functions. One is the fact that it has allowed us to enable a self-service password reset. Typically, our biggest service desk volume, about one-third of our calls, was related to authentication-specific issues with expired certificates or not being able to provide a challenge-response, or forgetting passwords. A lot of that stuff is now automated and democratized in the product so that users can do those things themselves.

The last time we did a token refresh, we literally had to provision 3,200 E-tokens. We had someone sitting at a desk all day every day for about three weeks to provision all of them. And then we had to take a high-touch approach to send somebody out with a box full of tokens and hand them out to people, sit them down and have them change their password for the first time. Now, our approach is much different. We send blank tokens to people with instructions. They log in and do it on their own. It's a complete change from a full, high-touch IT involvement to a much more cost-effective and resource-effective, low-touch self-enrollment.

Axiad has saved us time, for sure. Just in the provisioning process it has saved us at least 200 hours, and that's a conservative estimate for one person and one part of the life cycle.

And while I'm a little reluctant to use words that have big meanings, like "every use case," Axiad overwhelmingly helps enable passwordless authentication for workstation log on, VPN, and cloud applications.

One of the things that we find the most valuable is not actually a feature, but it's the fact that we are not managing the environment ourselves. Because it is a managed solution in the cloud, it takes away a lot of the drudgery of having to run our own PKI environment.

And the product has proven itself to be incredibly flexible and has been able to address all of our pain points. That's why we bought it. And even while we've been going through it, new pain points or challenges keep coming up, and Axiad has been able to deal with all of them. It was very impressive in terms of its utility right from the get-go, and has shown its ongoing utility when we have reached these catch points, issues it has been able to resolve.

And when it comes to enrolling a user, it's super easy with One Click Issuance. It's far easier than the solution we replaced. I haven't put a stopwatch on it, but I'm sure it takes less than a minute with Axiad, whereas before it was taking three to five minutes. It's so easy now that we can offload the process to our clients who can self-enroll. Previously, we would have to do the enrollment process because it was so complicated.

In addition, it's super simple for deploying and managing authentication devices. Our IT department is rather small, so all the incremental wins that we can get are hugely important to us.

We would prefer that the solution be hosted in Canada because we're a Canadian entity. That would be nice to have. It's not a feature, as such, but it would really make us a lot happier if it could be located in Canada.

We've been in a relationship with Axiad for about 18 months.

I haven't heard of any stability challenges.

I believe it's scalable, absolutely. We're relatively small in the grand scheme of things. Even our biggest use case is probably really small compared to other agencies, but I have no concerns.

At this point we're about one-sixth of the way through our deployment of the Axiad Cloud solution. That means we're not at a point where we can say we've eliminated or even greatly reduced the issues that it's addressing, because of the small deployment numbers. But we certainly see the ease of use at this point. We expect to get to 100 percent deployment, and we are looking for future use cases to help amalgamate platforms.

From what I have heard, the support has been outstanding.

Positive

Our old solution was SafeNet Authentication Manager and the way it was architected and built wasn't very good to begin with. It wasn't ever a very modern product, even when we first bought it. We also made the switch because SafeNet was end-of-life and because the vendor was getting out of that space. We were never really thrilled with them, but we didn't have a lot of choice, so we stuck with them.

Whereas Axiad is built with the most modern approaches and it works super fast because it's well designed.

Our old solution was cumbersome and inflexible. There were a lot of problems that we just had to live with because there was no way to address them. We were using it largely because 90 percent of services like ours in Ontario were doing the same thing. It was a necessary evil and we adopted it because there was no better option seven or eight years ago when we bought that solution.

The initial setup of Axiad was very straightforward. It's a very guided process. Everything is there for you out-of-the-box. I believe it was set up in one day. There's not a lot of complexity to it. PKI is a complex thing to begin with, but what's great about Axiad Cloud is that the complexity has been hidden behind the beauty of the software.

Our implementation strategy was to first stand it up in a proof of concept, but we stood it up in the same way that we would eventually migrate it to production. We played around with it, played with the features, and simulated workflows. Then we slowly started to roll people into it. We then adopted that PoC environment as our full, final production environment.

Ongoing maintenance has been relatively low so far and I don't expect it to grow very much. Because it's a managed solution, it requires a fractional FTE.

I think we used a little bit of Axiad’s customer care for deployment, but it was so simple that even that engagement wasn't very long.

We have seen a soft return on investment in the reduction in staff time and complexity.

Aside from the pricing of a solution, people need to look at the true costs of running their own PKI. Don't just focus on the hardware or software costs of acquiring a solution, but look at it from the perspective that so much of what it takes to run a PKI environment has to do with the people who are running it. Consider how big a challenge that is and how much time and complexity there is, and the room for error. In short, look at the total cost of ownership and not just the cost of acquisition.

We looked at a few options, including doing things ourselves by running our own PKI, but that is costly and very complex. We couldn't find any solutions that met our needs other than Axiad.

The biggest lesson I've learned using Axiad Cloud is that it has really helped to highlight some of the mistakes we made in the past. In particular, we made the mistake of deciding to do PKI ourselves, rather than outsourcing it and doing it this way via a managed service.

These days, anyone who is not using multifactor authentication likely cannot demonstrate due diligence or due care in their cyber program. Everyone needs to be doing multifactor.

It's been so good that even the new challenges that we've had have already been addressed by the product. It seems to be very well thought out. Are we going to encounter something where it could be better? Probably. But as of right now, it has been able to handle any problem that we have thrown at it.

We're using it to back a multifactor authentication project. We are using it for the PKI on smart cards as well as YubiKeys.

We're still in the beginning stages of the rollout, but Axiad Cloud will make us more compliant and secure. We need to use it to comply with certain regulations.

The solution helps enable passwordless authentication for everyone, in every use case, including workstation log on, VPN, and cloud applications, and that is a big driver for what we're doing. Our associates are very happy not to need their password for most situations anymore.

It also empowers users to self-issue their authenticators and manage them over time and that's important to our organization. We don't want a help desk ticket every time somebody needs to issue a new authenticator or change one. The more that the users can do themselves, the better.

The self-service capabilities are certainly an aspect that will assist in saving time and money, and the Airlock feature will do so in the future. Along those lines, the MyCircle feature is one we'll roll out as well, to save time.

It's very user-friendly. We're issuing YubiKeys for our corporate users and they just plug it in, go to the Axiad Cloud portal, and click the issue button. It's a couple of steps.

It is also the single platform to manage all the authentication requirements for our staff for smart cards and YubiKeys. And we're also going to extend it over the next couple of months to back our entire PKI. We have an internal one today, but we liked how Axiad worked with the multifactor project, so we're going to move our entire internal platform over to them as well for certificate-backing.

Axiad also does a great job with device lifecycle management. It seems to be as good as it could be.

There are just some minor tweaks that could be made on the front end. It would be cool to have nicknames for authenticator devices. If you have more than one, it's hard to discern what you have.

Overall we've been very satisfied. I don't really have many critiques for the product at this point.

I've been using Axiad Cloud for about six months.

The stability is great. We haven't had any issues with the stability. It's always been up.

The scalability seems very good. That's more of a to-be-determined issue as we scale our user side, but we haven't had any issues so far.

Right now, we have about 50 users on it. By the end of the year, we hope to have about 30,000 users on it. We are going to rapidly increase usage over the next few months.

Technical support has been very responsive. Their CEO will actually personally reach out to me every couple of weeks and ask how things are going or if we need anything. I haven't experienced something like that in my 10 or so years in IT, where a CEO will get so involved in ensuring that a rollout is a success.

The company, Axiad, is a great partner. If we have any issues or if we want a feature, they're usually pretty good about getting it. Our SSO provider is PingFederate and we asked, "Hey, can you guys do an integration with Ping?" They said, "Yeah," and it was done about two months later. And then we asked them to integrate with Venafi, which is a PKI certificate provider and they said, "Okay, we'll do that too." They're very flexible and accommodating to the use cases that we have as a company.

Overall, I would rate their tech support a nine out of 10. I take one point off because sometimes it has taken them a while to figure out what's going on and fix it. But they're great otherwise, extremely responsive.

Positive

The initial setup was about what we thought it would be. It's not extremely simple, but it's also not extremely complex. It's in the middle.

There is some configuration that you have to do on your Active Directory. We followed all of their instructions and we still weren't able to get it to work. We had to involve some Microsoft support folks and we were finally able to get it working. Looking at what was needed, it should have been fairly obvious to us, to get it set up immediately. It's not super-simple but it shouldn't be complex.

The deployment took a couple of months to get everything set up and rolling. We still haven't scaled it. If you really had all your ducks in a row, it could be done in under a month.

Getting users enrolled with the One Click Issuance is fairly straightforward. The tricky part is getting all of the software prerequisites installed, but that's on the IT side of the house, for us to make sure that stuff is there before the user wants to issue a certificate. But once all of the software prerequisites are installed, it is truly a One Click Issuance and very straightforward. The actual One Click process takes about 30 seconds. It's very quick.

For maintenance of the solution you need one person, if that. There's not much work there on our side.

We used Axiad’s service and customer care for deployment and they were awesome. That was one of my favorite parts. We had a guy named Doug who was our contact for the rollout and we were on calls with him and emailed with him every day. He's been really awesome.

They charge you to use their virtual private cloud. That's a set cost per year, and they charge you a licensing fee per user on top of that.

We haven't purchased any other solution but we went through a long process to find the best player out there for our needs. We've tested other platforms but Axiad was certainly the best one that we tested.

One we tested was HID, but they didn't have the feature set we were looking for. We wanted a cloud provider but HID was mostly on-premises. They do have a very early-on cloud offering, but it's not nearly as feature-rich as Axiad. The European solution that we tested was Nexus Group PKI. They had the capabilities, but their user experience wasn't as good. Axiad was the best of both worlds, with the features and the user experience we wanted.

When it comes to the One Click Issuance, those other solutions took slightly longer. Once you have the software on the devices, it's between 30 seconds and a minute for any of those solutions. It's a matter of how you get the users there and what their experience is like through that process. Axiad does that very well.

In terms of pricing, HID came in quite low because they were trying to get our business. They're just starting off in the cloud space and they're trying to attract customers. Axiad's pricing was what we were expecting. It was at the right spot. They were competitive.

Axiad has been great. Make sure you take a look at it if you're looking for a cloud PKI provider or for cloud certificate management.

If someone has deployed multifactor authentication for most of their use cases but not all of them, I think it may be hard to switch. In that situation they should certainly take a look at Axiad, but they need to be careful because it might be more to bite off than they want or than they can handle.

We haven't really had any major issues with Axiad so far, and they've provided anything that we've wanted. They have honestly been one of the best vendors we've worked with. We've had a great experience with them so far and they've really exceeded expectations.