Item: IBM Security Verify
Rating: 10
Author: Marcus Oetjen

Use Cases and Deployment Scope

We use IBM Security Verify for authentication and authorization of brokers and employees, as a reverse proxy for various applications, and for automated provisioning of permissions.The main issues were a completely secure product as it is the gateway to the Internet, very flexible customization options, and the ability to fully automate the provisioning of our authorizations.

Pros and Cons

An extremely secure reverse proxy for now 15 years
Very flexible customization options, e.g. from JWT generation, easy TOTP inclusion, cloud integration with OIDC, SAML, etc.
Fully automated provisioning of all necessary identites into various target systems

The biggest criticism concerns the staging of changes between installation levels (from development to test to production). This is only possible manually and not automated (at least partially)
The possibilities for VAIT evaluations were difficult for a long time but are improving steadily

Return on Investment

The most positive effect is security, as we have not yet had any successful attacks.
Of course, the high degree of automation ensures that we do not need any additional staff to provision identities.
The ROI is difficult to quantify, but security is priceless in our environment

Support Rating

So far, we have always been able to count on IBM's support and we have also used it for many extensions and customizations. The support always worked in a solution-oriented manner, was usually available at very short notice and always took our concerns seriously. The billing was always fair despite the high hourly rates. The scaling of the support was excellent, as it was always possible to hand over any part of the work to IBM.

Key Insights

Do you think IBM Security Verify delivers good value for the price?

Yes

Are you happy with IBM Security Verify's feature set?

Yes

Did IBM Security Verify live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of IBM Security Verify go as expected?

Yes

Would you buy IBM Security Verify again?

Yes

Usability

The usability has always been very good so far. Most steps are self-explanatory and the product makes a tidy impression. Since so many functions are on board, training is a good idea, and we were happy to take advantage of it. It is also good that we were able to ask the support via email for short questions.

Professional Services

In the case of adjustments, we were often able to carry them out completely on our own and only used professional services for new requirements. Particularly in the case of access management, it is very positive that we usually needed IBM for a task in less than an hour and then developed the solution further on our own.

Likelihood to Recommend

So far, we have been able to use the product over the last 15 years to implement all the requirements placed on us by the various departments. This applies to both access and identity management. The reverse proxy stands out, as I am not aware of any successful attacks over the years. In addition, the high degree of automation for provisioning identities is unique.

No-frills access and identity management, open for all eventualities

Software Version

Overall Satisfaction with IBM Security Verify