StrongDM: The Dynamic Access Management Platform

My main use case for StrongDM  is privileged access management and infrastructure access that we cater to, as we were looking for alternatives and solutions to securely control and monitor our access to servers. We have been using different kinds of Kubernetes  clusters, databases, cloud infrastructure, and internal applications. Instead of giving direct access to our employees, the idea was a VPN-heavy access with shared keys for better usage. This is how I used it during my Kafka experience about three years ago, and also in my current team at GitLab .

In one of those scenarios, my experience with StrongDM  while working with Kubernetes  in the Kafka team illustrates how we were initially looking for a better way to manage secure access to our infrastructure. Our teams scaled across different environments and regions, primarily Europe, including Sweden and India. Before using StrongDM, we relied on VPN access and manual permission handling, which became difficult to audit and maintain over time as our team grew. Our main use case was centralized privileged access management for Kubernetes clusters. We also considered using it for Linux servers on-premises for the same application but opted out at that time due to limited usage and some internal platforms running on AWS . We aimed for developers and operations teams to get the access they needed without exposing long-lived credentials.

StrongDM is instrumental in unifying access across different systems in our organization, alleviating the complications from separate tools. In the Kafka team, we had AWS  infrastructure with Kubernetes clusters managing EC2  machines and internal services for different customers referring to our Kafka topics. StrongDM facilitated a centralized approach to access control, audit logging, and temporary authorization. For example, while working on the Kafka platform on EKS, developers and operations teams could utilize a unified access process across various environments, thus streamlining their work.

I find several best features in StrongDM, but our primary use case focuses on ensuring that we do not have long-lived credentials. The best features for us are the centralized access control and the detailed audit logging, which allow us to provide temporary privileged access without managing VPNs ourselves. I appreciate how well it integrates with Kubernetes and cloud environments on AWS. A significant advantage was simplifying onboarding and offboarding processes, taking away a lot of time and minimizing the risk of overlooking these tasks.

The audit logging feature significantly helps my team during troubleshooting and internal security reviews. With multiple teams accessing Kubernetes clusters in our production environments, it provides clear visibility into who accessed what and when. While we could use CloudTrail , fetching details from it requires complex SQL queries, making it challenging. StrongDM simplifies this, reducing manual tracking efforts and improving accountability, especially important for compliance with specific regulations we need to follow.

StrongDM positively impacts our organization in many ways, mainly in cost savings from the time saved. It has significantly improved both security and operational efficiency for us. Previously, access management across AWS and Kubernetes was manual and highly coordinated, relying on VPNs. With StrongDM, onboarding and temporary privileged access processes became much faster and more standardized, enhancing our security posture while maintaining necessary compliance.

I believe StrongDM can improve its initial setup and onboarding experience for larger enterprise environments like Scania, where we have a lot of processes. Integrating different teams, access policies, and existing identity workflows requires substantial planning. Additionally, I think the dashboard customization and reporting could be more flexible for operational teams, though new teams find it manageable. Once the platform is fully integrated, it provides significant value.

Apart from the onboarding experience, I would also mention that the templates for enterprise onboarding and policy setup could benefit from innovative thinking tailored to organizations managing large AWS and Kubernetes workloads. Enhanced customization in dashboards and reporting would further ease operations and provide better insights.

I have been using StrongDM for about five years.

StrongDM is very stable; I cannot recall experiencing a glitch. It has consistently performed well for us.

StrongDM's scalability is impressive; it is highly available, and we never perceived any latency issues. It operates almost autonomously without the need for our management.

I would rate customer support at StrongDM nine out of ten because we experienced exceptional support during both pre-sales and post-sales. They responded quickly to issues and were readily available for calls rather than waiting for email confirmations. I rate customer support a solid nine out of ten.

Before StrongDM, we explored different options but primarily relied on traditional VPN access and manual SSH key management, along with some AWS native workflows. Those methods worked initially but as our Kubernetes clusters expanded, they proved difficult to maintain consistently across teams, prompting us to seek alternative centralized access solutions.

Concerning pricing, setup cost, and licensing, our experience was very smooth as we chose not to go through the AWS Marketplace  but arranged meetings directly with StrongDM. Their team was prompt, and I can say that the pricing and licensing appeared reasonable for complex cloud management. We needed a good product and solid sales service post-purchase, which they provided efficiently and adequately. We compared their offerings with other tools in the market, agreeing on an annual license basis. The setup cost was free, with technical staff aiding our onboarding, requiring us only to cover the license fee.

I have definitely observed a return on investment through the operational efficiency gains and streamlined access management. The onboarding of temporary privileged access accelerated significantly, allowing us to release consultants much faster than before, saving considerable money. We also reduced reliance on manual VPN workflows, cutting high network costs linked to repetitive approval processes. While it is challenging to quantify with a single figure, the time savings and reduced operational overhead were certainly impactful.

Concerning pricing, setup cost, and licensing, our experience was very smooth as we chose not to go through the AWS Marketplace  but arranged meetings directly with StrongDM. Their team was prompt, and I can say that the pricing and licensing appeared reasonable for complex cloud management. We needed a good product and solid sales service post-purchase, which they provided efficiently and adequately. We compared their offerings with other tools in the market, agreeing on an annual license basis. The setup cost was free, with technical staff aiding our onboarding, requiring us only to cover the license fee.

I evaluated other options, including Teleport  for centralized access management and AWS native tools like Session Manager and CloudShell  using AWS Vaults. However, they were mainly services without the complete product offerings needed at an enterprise level. StrongDM distinguished itself by providing a simpler user experience, robust auditability, and alignment with our enterprise requirements.

Continuous authorization is significantly more important for us; periodic checks alone might not suffice. In AWS and Kubernetes environments, access needs fluctuate rapidly due to various incidents or operational tasks. Periodic checks only offer visibility at specific points in time, while continuous authorization ensures we retain real-time control, diminish unnecessary standing access, and improve overall security posture.

StrongDM's credential-less access control was a primary reason for our choice, as managing credentials for various employees and moving consultants was increasingly challenging. The credential-less approach reduces the need to distribute or manage long-lived credentials, enhancing security and operational simplicity. Its integration with existing secrets managers in AWS was particularly beneficial, aligning securely with our centralized authentication and governance processes, matching our zero-trust practices.

My advice for others considering StrongDM is that it greatly depends on individual use cases; however, for enterprise organizations seeking end-to-end identity solutions, this is an excellent tool. Many options in the market may lack certain features that StrongDM provides as a comprehensive package. StrongDM excels in compliance management and identity management, so I recommend considering them. I would rate this review as an eight point five overall.

My use case involves a company I'm working in that wants to secure the connectivity between the DevOps team and the backend server in the company.

The best features in StrongDM  are that it is the easiest product in the market for this situation with easy access. The DevOps team only needs to log in through StrongDM  with credentials, and then I can control everything after this, including what they are doing inside our servers, their movements, their actions, and everything I can see. One of the most powerful tools in StrongDM is audit logging. I can handle everything and see all that happened inside their movement on the backend server in our company.

In StrongDM, I think the installation was hard, and they want to be more flexible in the initial setup. I think they want to add more features like traditional PAM. It is difficult to find documentation or materials to review how it works, and there is less product material available in the market.

I have been using the solution for seven months.

I rate the stability of the product five out of ten because crashes sometimes happen when we are working on it.

I rate scalability five as well.

I rate technical support seven out of ten because their response takes much more time than usual. However, at the end, they can help. I think they want to reduce their support staff.

The deployment is neither easy nor complex; I think it is in the middle.

I am not deploying it, as someone deployed it for me, but I think they put it in the default credential access.

I compare StrongDM with other vendors like CyberArk or Okta, and I think CyberArk is a heavy PAM. If all my product is on-premises and not cloud and premises, CyberArk will be good for that. However, with StrongDM, I think it is better to work on cloud and on-premises at the same time. I recommend CyberArk if your environment is all on-premises.

I am not using the continuous runtime authorization feature, as I think it is not enabled.

I have my servers on-premises and on AWS .

For now, I think it is about 53 or 54 users who use the solution.

StrongDM requires maintenance. In terms of maintenance, it is easy. I think it is easy to maintain, but it is hard to know how to do it because the materials are less than anything in the market. Other vendors' materials are available in the market, but StrongDM materials are not as readily available.

I rate StrongDM overall six out of ten because I think it is the only product that can mix or be hybrid between on-premises and cloud on the market. I think it is a stable product on the market.