StrongDM Reviews

My main use case for StrongDM is privileged access management and infrastructure access that we cater to, as we were looking for alternatives and solutions to securely control and monitor our access to servers. We have been using different kinds of Kubernetes clusters, databases, cloud infrastructure, and internal applications. Instead of giving direct access to our employees, the idea was a VPN-heavy access with shared keys for better usage. This is how I used it during my Kafka experience about three years ago, and also in my current team at GitLab.

In one of those scenarios, my experience with StrongDM while working with Kubernetes in the Kafka team illustrates how we were initially looking for a better way to manage secure access to our infrastructure. Our teams scaled across different environments and regions, primarily Europe, including Sweden and India. Before using StrongDM, we relied on VPN access and manual permission handling, which became difficult to audit and maintain over time as our team grew. Our main use case was centralized privileged access management for Kubernetes clusters. We also considered using it for Linux servers on-premises for the same application but opted out at that time due to limited usage and some internal platforms running on AWS. We aimed for developers and operations teams to get the access they needed without exposing long-lived credentials.

StrongDM is instrumental in unifying access across different systems in our organization, alleviating the complications from separate tools. In the Kafka team, we had AWS infrastructure with Kubernetes clusters managing EC2 machines and internal services for different customers referring to our Kafka topics. StrongDM facilitated a centralized approach to access control, audit logging, and temporary authorization. For example, while working on the Kafka platform on EKS, developers and operations teams could utilize a unified access process across various environments, thus streamlining their work.

I find several best features in StrongDM, but our primary use case focuses on ensuring that we do not have long-lived credentials. The best features for us are the centralized access control and the detailed audit logging, which allow us to provide temporary privileged access without managing VPNs ourselves. I appreciate how well it integrates with Kubernetes and cloud environments on AWS. A significant advantage was simplifying onboarding and offboarding processes, taking away a lot of time and minimizing the risk of overlooking these tasks.

The audit logging feature significantly helps my team during troubleshooting and internal security reviews. With multiple teams accessing Kubernetes clusters in our production environments, it provides clear visibility into who accessed what and when. While we could use CloudTrail, fetching details from it requires complex SQL queries, making it challenging. StrongDM simplifies this, reducing manual tracking efforts and improving accountability, especially important for compliance with specific regulations we need to follow.

StrongDM positively impacts our organization in many ways, mainly in cost savings from the time saved. It has significantly improved both security and operational efficiency for us. Previously, access management across AWS and Kubernetes was manual and highly coordinated, relying on VPNs. With StrongDM, onboarding and temporary privileged access processes became much faster and more standardized, enhancing our security posture while maintaining necessary compliance.

I believe StrongDM can improve its initial setup and onboarding experience for larger enterprise environments like Scania, where we have a lot of processes. Integrating different teams, access policies, and existing identity workflows requires substantial planning. Additionally, I think the dashboard customization and reporting could be more flexible for operational teams, though new teams find it manageable. Once the platform is fully integrated, it provides significant value.

Apart from the onboarding experience, I would also mention that the templates for enterprise onboarding and policy setup could benefit from innovative thinking tailored to organizations managing large AWS and Kubernetes workloads. Enhanced customization in dashboards and reporting would further ease operations and provide better insights.

I have been using StrongDM for about five years.

StrongDM is very stable; I cannot recall experiencing a glitch. It has consistently performed well for us.

StrongDM's scalability is impressive; it is highly available, and we never perceived any latency issues. It operates almost autonomously without the need for our management.

I would rate customer support at StrongDM nine out of ten because we experienced exceptional support during both pre-sales and post-sales. They responded quickly to issues and were readily available for calls rather than waiting for email confirmations. I rate customer support a solid nine out of ten.

Before StrongDM, we explored different options but primarily relied on traditional VPN access and manual SSH key management, along with some AWS native workflows. Those methods worked initially but as our Kubernetes clusters expanded, they proved difficult to maintain consistently across teams, prompting us to seek alternative centralized access solutions.

Concerning pricing, setup cost, and licensing, our experience was very smooth as we chose not to go through the AWS Marketplace but arranged meetings directly with StrongDM. Their team was prompt, and I can say that the pricing and licensing appeared reasonable for complex cloud management. We needed a good product and solid sales service post-purchase, which they provided efficiently and adequately. We compared their offerings with other tools in the market, agreeing on an annual license basis. The setup cost was free, with technical staff aiding our onboarding, requiring us only to cover the license fee.

I have definitely observed a return on investment through the operational efficiency gains and streamlined access management. The onboarding of temporary privileged access accelerated significantly, allowing us to release consultants much faster than before, saving considerable money. We also reduced reliance on manual VPN workflows, cutting high network costs linked to repetitive approval processes. While it is challenging to quantify with a single figure, the time savings and reduced operational overhead were certainly impactful.

Concerning pricing, setup cost, and licensing, our experience was very smooth as we chose not to go through the AWS Marketplace but arranged meetings directly with StrongDM. Their team was prompt, and I can say that the pricing and licensing appeared reasonable for complex cloud management. We needed a good product and solid sales service post-purchase, which they provided efficiently and adequately. We compared their offerings with other tools in the market, agreeing on an annual license basis. The setup cost was free, with technical staff aiding our onboarding, requiring us only to cover the license fee.

I evaluated other options, including Teleport for centralized access management and AWS native tools like Session Manager and CloudShell using AWS Vaults. However, they were mainly services without the complete product offerings needed at an enterprise level. StrongDM distinguished itself by providing a simpler user experience, robust auditability, and alignment with our enterprise requirements.

Continuous authorization is significantly more important for us; periodic checks alone might not suffice. In AWS and Kubernetes environments, access needs fluctuate rapidly due to various incidents or operational tasks. Periodic checks only offer visibility at specific points in time, while continuous authorization ensures we retain real-time control, diminish unnecessary standing access, and improve overall security posture.

StrongDM's credential-less access control was a primary reason for our choice, as managing credentials for various employees and moving consultants was increasingly challenging. The credential-less approach reduces the need to distribute or manage long-lived credentials, enhancing security and operational simplicity. Its integration with existing secrets managers in AWS was particularly beneficial, aligning securely with our centralized authentication and governance processes, matching our zero-trust practices.

My advice for others considering StrongDM is that it greatly depends on individual use cases; however, for enterprise organizations seeking end-to-end identity solutions, this is an excellent tool. Many options in the market may lack certain features that StrongDM provides as a comprehensive package. StrongDM excels in compliance management and identity management, so I recommend considering them. I would rate this review as an eight point five overall.

Public Cloud

Amazon Web Services (AWS)

StrongDM eliminates our weekend outages by providing reliable infrastructure access and improving our user experience. Our engineers can use their preferred SQL clients like MySQL Workbench and MS-SQL. The platform simplifies our compliance by providing detailed session logs and query capture to SOC 2 and ISO 27001 audits, enabling seamless migration and allowing engineers to connect directly to internal resources without exposing the entire network or using cumbersome VPN.

StrongDM offers just-in-time access by automatically granting users temporary or time-bound access to privileged systems and revoking it when the task is complete, enforcing the principle of least privilege. StrongDM replaces our legacy PAM solution with a modern, lightweight platform that simplifies access management, enhances the user experience, and ensures robust security. It enables role-based access control, automates our workflows, eliminates the need for old license rotations, captures every query and keystroke, and ensures compliance following standard frameworks like SOC 2 and ISO 27001. Furthermore, it features an agentless architecture that supports users' preferred tools, reduces friction, and boosts productivity. It also enables centralized multi-cloud access, accelerates growth, eliminates VPN pain with zero-trust security, and secures and streamlines our database access.

StrongDM provides just-in-time access by automatically granting users temporary or time-bound access; for example, if someone wants to use it for four hours or eight hours, it will specify that to the privileged system and revoke access when the task is complete. Another great feature is total session visibility, as StrongDM acts as a protocol-aware proxy that captures every query, keystroke, and server interaction, creating a comprehensive audit trail required for standard frameworks like SOC 2 and HIPAA. StrongDM eliminates credential sprawl by separating end-user authentication, typically via SSO, from the database's native credentials, so users never need to know or manage raw passwords.

By adopting StrongDM, we have achieved benefits such as eliminating our weekend outages, streamlining ongoing on-call workflows, enabling seamless migration with POC transitions directly into production with minimal effort, allowing our engineers to use their preferred SQL clients like MySQL, PostgreSQL, and Workbench, and facilitating compliance through detailed session logs and query capture for SOC 2 and ISO audits.

StrongDM connects a user to a database or server, but once the session is established, it treats the runtime as a black box and cannot natively enforce fine-grained or attribute-based access control, such as restricting raw column visibility. For a generic TCP resource, StrongDM only records metadata — who, when, and what — instead of capturing the actual commands or payloads executed within the session.

StrongDM connects a user to a database or server, but once the session is established, it treats the runtime as a black box and cannot natively enforce fine-grained or attribute-based access control, such as restricting raw column visibility. For a generic TCP resource, StrongDM only records metadata — who, when, and what — instead of capturing the actual commands or payloads executed within the session.

StrongDM's continuous authorization is important for our organization; its scalability, role-based access management, and robust audit capabilities enable us to automate access workflows, retire shared SSH keys, and enhance security. Developers gain self-service access to scrubbed, production-like databases, simplifying testing and development. This is a great feature.

Our impression of StrongDM's credential-less access control and its integration with existing vaults and secret managers is positive. We are integrated with AWS, have an integration team that captures all the configuration, and have added their process, exposing sensitive data while our AI agents help configure these things automatically, making it very easy to deploy.

StrongDM unifies access across different systems in our organization by providing various policies that can trigger step-up multi-factor authentications or automated manager approvals when a user attempts to execute a risky operation. It builds and handles non-deterministic AI agents, logging every query, keystroke, and response to provide complete, searchable records satisfying compliance and governance. Whenever our engineers need access, administrators or our team admin can remove their standing access entirely, and users can request temporary access for a defined period via the StrongDM portal or apps like Slack, which automatically expires once the time limit is reached.

StrongDM does not support multi-port and distributed clusters, as the raw TCP resource type is strictly single-port and cannot handle protocols requiring multiple concurrent ports or distributed brokers like Kafka. Third-party client compatibility is another area for improvement, as StrongDM is designed to work with the standard Microsoft Remote Desktop Connection on Windows but may not fully support alternative RDP clients like the Windows Store Remote Desktop.

Additionally, StrongDM has limited MFA and passwordless options, relying heavily on time-based one-time passwords (OTP) or Duo, lacking support for true passwordless setups like biometrics or hardware YubiKeys, and it does not support per-session MFA. These are the drawbacks that need improvement for StrongDM.

I have been using StrongDM for the last nine months.

StrongDM is stable.

StrongDM has very large and good scalability, capable of providing a million data in a second, showcasing its great scalability.

Customer support is very good; whenever there is a query or issue, they provide support as needed. They also have very good documentation, where they often ask us to refer to a particular document but can provide excellent on-call support.

We need fewer employees now because StrongDM saves our time by eliminating manual work. While it is costly, the return on investment for this product is good overall.

The pricing for StrongDM is moderate, but the setup cost and licensing are costly.

I have evaluated other options including Teleport, a strong competitor to StrongDM, but we chose StrongDM for its completeness of offering in terms of identity lifecycle management and context-based policies, not requiring installation on servers, providing multiple and concurrent vault support, very high availability, a high rate for disaster recovery, and actionable reporting. StrongDM provides greater features for unused privileged access, sensitive resource agents' access, and access reviews in terms of security.

I would recommend using StrongDM when comparing it to Teleport because it provides features including completeness of offering, lifecycle management, and context-based policies, along with great ease of use in installation and multiple vault support. I encourage other clients to choose StrongDM over Teleport.

StrongDM uses AI in primary ways, including building and testing its security software with autonomous agents and controlling system access through AI agents. StrongDM has pioneered a unique software development pipeline in its software factory, where AI agents write, test, and deploy production software without human intervention. StrongDM also utilizes a digital twin universe, building virtual behavioral clones of third-party servers such as Okta, Jira, and Slack, allowing it to simulate thousands of customer edge cases and test system failure without risking the production environment. Regarding the guardians of agentics, it involves AI as a client, and there are AI access policies, ensuring the system watches what AI agents do in real time, instantly blocking or allowing their attempts to read files, connect to services, or make network calls based on human-readable policies.

The accuracy of StrongDM's output is good, and for reliability, it allows attempts to read files, connect to services, or make network calls based on human-readable policies, which makes the reliability very good.

I have provided a review rating of eight out of ten for StrongDM.

Private Cloud

Amazon Web Services (AWS)

My use case for StrongDM is Privileged Access Management. I have privileged accounts because I am working for the Identity and Access Management team at my company. As an engineer, I have really privileged or elevated accounts for which I need my account onboarded to StrongDM, so I have to regularly use it.

The best features in StrongDM are the password rotation capabilities, which I think are pretty cool, and also how you can literally log in to any of the privileged servers through a single platform. You just copy-paste the IP and the port number and log in over there through RDP, so I think that's pretty cool. I have used CyberArk before, but I think StrongDM as a product has pretty good potential.

My impression of the credential-less access control is that it's pretty good because it reduces the attack surface. Basically, if you cannot see the password and everything, even the privileged users cannot see the password. It's a password-less system where you just log in to the servers without knowing your password, and even if you know your password, it's probably going to be rotated after a while. So, I think that's a pretty good use case for reducing the attack surface and maintaining zero trust throughout an identity perimeter.

StrongDM helps with runtime features in a twenty-four-seven dynamic environment. Whenever I try to access at maybe two a.m. or three a.m. at night and I have a production issue on a server located in a different continent, I can access it right at that moment. I think the application works pretty much like a charm. It's readily available, and I think the runtime feature is pretty cool, although the application sometimes crashes when it's downloaded locally on your machine.

Regarding pricing, I find StrongDM to be definitely cost-efficient. We used to use CyberArk before, but StrongDM is more cost-effective, which is why we are using it. Our director is a board member at StrongDM, allowing us to utilize the product and the flexibility it provides, which tailor-suits our needs based on the organization and is something we do not get from other PAM products.

StrongDM regularly requires patches and maintenance, but I think that's a good question for the PAM architects in our organization.

If you guys could offer only a cloud-native solution, you would likely cater to different organizations. That could grow the product more.

I have been using StrongDM for the last one or one and a half years.

I think the stability of StrongDM is about four to five due to the occasional crashes that I mentioned. The gateway sometimes crashes, and you are unable to retrieve passwords, which I hope they address in the future as the product evolves.

Regarding scalability, it's difficult for me to assess because we are a mid-sized organization. Although we have many users, we only have a limited number of privileged accounts that StrongDM caters to. If a larger organization such as Microsoft or Dell adopted it, there would be more privileged accounts, showing the product's potential to grow if issues in maintenance and crashing are resolved.

I would rate the technical support seven to eight, for sure.

Positive

We have used CyberArk before. While CyberArk has a lot of fine-grain solutions, the problem is it lacks flexibility. CyberArk is fantastic and has been around for a long time, but it doesn't offer the tailored solution that different organizations need because every organization behaves in different ways. StrongDM provides that flexibility, as it is still growing and works on feedback to help integrate with your environment.

I would assess StrongDM's ability to unify access across different systems in my organization as pretty good, despite sometimes facing issues using the platform, probably because of maintenance. Sometimes you are not able to retrieve the password, so it has happened. I'm not going to say that it's a perfect product, but I think they're slowly getting better, and as I said, in the future, this product has potential for hybrid solutions in my company, especially after they got acquired by Delinea.

Regarding the continuous runtime authorization feature, I haven't utilized that feature in the product myself, but someone else in the organization has. I mostly work with StrongDM as an end user who has privileged accounts onboarded.

I believe the importance of continuous authorization versus periodic checks is significant. Automatic credential rotation means we do not have to worry about manual checks repeatedly. It is a good solution for continuous authorization, although the challenge remains about how it will support larger organizations with many enterprise privileged accounts.

I would definitely recommend StrongDM, especially for mid-sized to small organizations. If it's a large organization, I would suggest having them view a demo to see if they are ready to adopt it as a product. My overall review rating for StrongDM is seven out of ten.

At this point, we are using StrongDM solely as a PAM solution. We are looking into ways to expand that and to use other features of the product to meet other demands we have in security, but that is a work in progress.

I absolutely would say that the best features of StrongDM and what I appreciate about the solution is that time to onboard is absolutely minimal. The timeframe it takes from no StrongDM to having StrongDM in the organization was swift. The product is very intuitive and easy to use for developers, which was one of the criteria that we felt was really important. The security features, as in the expected features of StrongDM, work flawlessly. Just-in-Time Access is the primary feature that works well and makes life easier for us here at LivePerson.

The impression of the credential-less access control is positive. It is painless, positive, and fast, but mainly it has reduced our time to onboard developers and to maintain any credentials to a minimum. Previously we had to issue a bunch of tickets and grant access, which was IT work and could take days. Now it is instantaneous.

With StrongDM, I think there are areas that may have room for improvement. That is a tough position because I have never had a vendor that I had so little feedback on. They are truly good. The only thing is with recent happenings, they have been acquired by a company, but nothing changed for the worse. I cannot provide any feedback to improve on anything.

I have been using StrongDM for two years.

Regarding stability, I would rate it a nine.

StrongDM is a scalable solution, and it depends on the deployment. For scalability from zero to ten, I would rate it a seven.

From one to ten, I rate their technical support as an eight.

In comparing StrongDM with other solutions, the only other points of reference I have are CyberArk and SailPoint. SailPoint is not a PAM solution, so we will not include that. Compared to CyberArk, StrongDM is far more modern. It is far less clunky. It requires less maintenance of infrastructure. I would say it is plain better. I am also very biased against CyberArk because I absolutely dislike that product.

The initial setup was on Google Cloud Platform. The deployment was straightforward and easy. As with any deployment, you do have some minor quirks here and there, but compared to whatever we had before, that was an absolute breeze. Mean time to deployment is negligible.

We are a customer.

When it comes to return on investment, questions of that nature are really difficult to quantify. I have not done a dollar to time saved assessment. I can definitely say that it saved us time, and a lot of it. Probably months worth of time in engineering and IT support. Return of investment in two years, we perhaps broke even.

My thoughts on the pricing of StrongDM is that it is expensive. Coming from knowing the landscape of the market, it is not that they are not competitive. They are still very expensive. That does not mean they are not expensive. Their pricing model is per seat, so that is per user, and it is pretty steep. I do not think that it is any different from any other PAM provider of this caliber.

My advice for others looking into StrongDM is to do incredibly thorough due diligence on use cases and scenarios for your own internal use before you begin a proof of concept. You need to be crystal clear about what you want to achieve, how you want to achieve it, and when. Additionally, communication with your own engineers is critical, because that is a major overhaul to how engineers access their infrastructure. I cannot overstate this enough: you need to communicate with your own engineers to understand their needs before you do a proof of concept with StrongDM or any other PAM solution. I would rate this product an eight overall.

Public Cloud

Google

My use case involves a company I'm working in that wants to secure the connectivity between the DevOps team and the backend server in the company.

The best features in StrongDM are that it is the easiest product in the market for this situation with easy access. The DevOps team only needs to log in through StrongDM with credentials, and then I can control everything after this, including what they are doing inside our servers, their movements, their actions, and everything I can see. One of the most powerful tools in StrongDM is audit logging. I can handle everything and see all that happened inside their movement on the backend server in our company.

In StrongDM, I think the installation was hard, and they want to be more flexible in the initial setup. I think they want to add more features like traditional PAM. It is difficult to find documentation or materials to review how it works, and there is less product material available in the market.

I have been using the solution for seven months.

I rate the stability of the product five out of ten because crashes sometimes happen when we are working on it.

I rate scalability five as well.

I rate technical support seven out of ten because their response takes much more time than usual. However, at the end, they can help. I think they want to reduce their support staff.

The deployment is neither easy nor complex; I think it is in the middle.

I am not deploying it, as someone deployed it for me, but I think they put it in the default credential access.

I compare StrongDM with other vendors like CyberArk or Okta, and I think CyberArk is a heavy PAM. If all my product is on-premises and not cloud and premises, CyberArk will be good for that. However, with StrongDM, I think it is better to work on cloud and on-premises at the same time. I recommend CyberArk if your environment is all on-premises.

I am not using the continuous runtime authorization feature, as I think it is not enabled.

I have my servers on-premises and on AWS.

For now, I think it is about 53 or 54 users who use the solution.

StrongDM requires maintenance. In terms of maintenance, it is easy. I think it is easy to maintain, but it is hard to know how to do it because the materials are less than anything in the market. Other vendors' materials are available in the market, but StrongDM materials are not as readily available.

I rate StrongDM overall six out of ten because I think it is the only product that can mix or be hybrid between on-premises and cloud on the market. I think it is a stable product on the market.

Hybrid Cloud

Amazon Web Services (AWS)

My main use case for StrongDM is to provide access to database credentials. I wanted to give users access to the database and also to the applications that I have built for testing. Providing privileged access to users through StrongDM is the core use case I implemented.

StrongDM positively impacts my organization by helping with compliance and audit functions. Audits and compliance are areas where this tool helps significantly because it maintains records in such a way that whenever an investigation is needed on something particular or an incident occurs in the organization, it helps in obtaining information regarding the access given to users. This is one of the positive things, and the outcome it brings could lead to better usage of the product and a better running of the organization in giving access and managing licenses.

If something goes wrong, such as when a user performs an action on a server they have been given access to that should not have been done, checking is easier because the session will be recorded by StrongDM. The session recording feature is useful for the audit and compliance team to investigate issues and rectify them in time so that they will not affect other users.

The best features that StrongDM offers include centralized access management, which I would say is the best feature provided.

Centralized access management helps me by giving users access all in one place where they can easily access resources such as databases, internal applications, and VPN access. All of these resources can be managed at one centralized platform, giving unified access to users. Centralized access management is something I appreciate about StrongDM.

I would not say ease of use and integration are features to criticize because ease of use is something taken on by the user, so it is actually considerable. Integration, however, is something which admins configure with StrongDM, and in that area, it can be improved. Sometimes, if there is an architecture or infrastructure that is more complex, it would take extra time for integrations.

I think something can be improved in AI, such as using AI for certain functions within StrongDM. Enhancing features with AI can help StrongDM grow significantly in its domain.

I would say that reports can now be generated from the data StrongDM stores. For instance, if one user accessed a database or Kubernetes cluster a long time ago and is not using it now, applying intelligence to that data can better inform the admin. The system could indicate that a particular user has accessed that resource in the past but is not using it currently. Better addressing least privilege access by removing unnecessary access would be valuable. Those AI capabilities that provide insights to admins regarding access could be very helpful.

I have already mentioned that AI capabilities can be improved, and the remaining aspects such as recording queries, sessions, and SSH keys are already being managed well by StrongDM. I believe AI capabilities could be enhanced, and I would also suggest improvement in reporting and dashboard generation with the data available in StrongDM.

There are no challenges because I already had knowledge in this area from using similar types of products other than StrongDM. The unique approach that StrongDM offers is centralized access where I can provide user access to all types of resources such as internal applications, which could be databases or Kubernetes clusters. This is one of the features that StrongDM has, and it represents the unique value and the approach I have experienced while using StrongDM.

I would assess StrongDM's effectiveness in closing breach paths in real-time as easy and effective, although I have not encountered this type of situation in my test case.

Continuous authorization is more valuable than periodic checks from my perspective because if something goes wrong during the period of a periodic check, it could be a loss for the organization. Continuous authorization is better.

My advice for others looking into using StrongDM is to plan everything before integrating it into their organization. It is not suitable for very small startups with fewer resources. It is more useful for organizations that have adopted Kubernetes, VPN access, databases, and manual applications for granting access. These resources can better benefit from StrongDM based on my experience.

I have rated this review with a score of seven.

I was part of the team managing the infrastructure for a small startup company. We used StrongDM to provide access to cloud private networks, control user access to databases, hosts through SSH, and Kubernetes resources.

StrongDM was able to replace the combination of different products we previously used for accessing resources on private networks. It provided a simple interface that allowed a few people to manage many resources and securely handle access management needs efficiently.

We primarily used StrongDM for access to resources on private networks like EC2 machines, Kubernetes clusters, and various databases. StrongDM facilitated secure access to these, helped with managing access securely via AWS Secrets Manager, and ensured no passwords were circulated within systems or documentation.

It would be beneficial to have better control and alignment between frequent updates and improved communication regarding possible negative effects on existing customer bases. Also, documentation sometimes lags behind the new features which can be a problem.

I have been using StrongDM for a year and a half.

StrongDM is stable and performs well as expected. We did not encounter stability issues with it.

Our environment was small, so we didn't face any scalability issues. However, based on the architecture and provided features, I believe it can scale both vertically and horizontally if needed.

The technical support is responsive and knowledgeable. We have a ticketing system and didn't need much direct contact with sales engineers because the support handled our needs well.

Positive

We used a client VPN for accessing resources and tools like KeyPass for password management. StrongDM replaced the puzzle of different solutions with one single product, which made managing resources more efficient.

The initial setup was simple due to clear communication and knowledgeable sales engineers who provided necessary help immediately.

Our team consisted of five members, with one person primarily responsible for the system. Two others, including myself, supported the configuration in specific areas like databases and SSH access.

The leadership chose StrongDM after comparative research, which suggests economic benefits. It was mentioned that while the product is rapidly gaining features, it might become cost-prohibitive for wider usage.

I was not part of the evaluation process; another person was running the POC.

The communication is sufficient for implementing StrongDM from scratch. Sales and sales engineers are knowledgeable, providing helpful resources.

I'd rate the solution nine out of ten.

Public Cloud

Amazon Web Services (AWS)

We use it for zero-trust privileged access.

Any time we have a new resource, we can have it automatically picked up and provisioned based on tags to give the right people access to the right resources.

I don't have to think about giving anyone access to anything. All of the logging is handled for us, including for auditing purposes. Looking through the audit logs is not a painful experience. Everything is in one place if we need to go back and look at what happened.

I like the easiness of integrating it with all of our existing data sources. We've also found a few other use cases where we've been able to grant access to third-party resources that require IP-level whitelisting in addition to authentication for remote workers.

We started to use it as a client-side or split tunnel VPN. We are unable to overwrite the endpoints and direct traffic that way, but that's a technical limitation, and I understand why it's there.

I have been using it for about four years. 

We've had a few issues in the past, but those have all been resolved based on interactions with StrongDM and the addition of some new features to the product. For example, the egress routing functionality solved a fair amount of our problems. So, I don't think there are any outstanding issues that we're aware of or have complained about.

I would rate the stability a nine out of ten. The only reason it's not a ten is that there's some automated patching that happens in the background. This was years ago, but we had some issues where that were causing us problems, and we had no way of scheduling it at different times.

We haven't run into any issues with scalability at this point. 

The only issues we've encountered are when you have a very large amount of data sources, we're talking above 2000. Then, the routing algorithm for directing traffic on the StrongDM backend takes a little bit of time to figure out where to route traffic whenever you bring up and down relays or gateways.

We do not have any issues with StrongDM's scalability at the size of our organization right now.

That's how we got some of those feature requests in. We've only contacted support one or two times without a feature request. The support interactions have been minimal because of how good the documentation is.

The initial setup was fairly straightforward as we run everything in Docker. From that side, there wasn't much effort required from StrongDM. However, integrating it into our environment was completely on us.

The licensing is per user per month.  It's pretty close to the same or in line with all of the other pricing for tools that do similar things.

A first-time definitely needs to have some background experience with setting up services to run, but it's no different than onboarding any other service.

My recommendation: Do not change the gateway or relay names, and everything will be great. But that's only really a problem if you deploy within Kubernetes and use a deployment rather than a stateful set.

Overall, I would rate it a nine out of ten.