StrongDM addresses the uncontrolled privileged access to our infrastructure servers, database, and Kubernetes clusters, which was becoming a real audit and security concern. My primary use case was eliminating the shared credentials and untracked admin access across the hybrid infrastructures. Before StrongDM, engineers were connecting to the production servers using shared SSH keys stored in a shared drive, and the database passwords were passed over Slack messages. There was no audit trail, no time-bound access, and offboarding was always a fire drill. I used StrongDM especially for SSH and RDP access to the Linux and Windows servers, database access governance for MySQL and PostgreSQL production instances, Kubernetes cluster access controls, contract and vendor temporary access, centralized session logging for SOC and audit purposes, and rapid access revocation during offboarding.

StrongDM changed the way my team works day-to-day. In one incident, we had a third-party vendor engineer who required emergency access to the production database during critical outages at around 2:00 AM. Previously, that would have meant sharing the root credentials over the call or email, which is a serious security risk. With StrongDM, our on-call engineers provisioned time-bound database sessions within minutes. The vendor connected and resolved the issues, and the access was automatically removed after the session. The next morning, when I reviewed the SOC dashboard, I had a full session log, exactly what queries were run, the timestamp, and duration. No credentials were exposed. That single incident justified the entire investment for me.

Shared credentials and untracked admin access across our hybrid infrastructures impacted us in multiple ways: security, compliance, and operational. From a security standpoint, when multiple engineers share the same SSH keys or database passwords, you lose the ability to trace who did what. If something goes wrong in production, such as misconfiguration, data deletion, or a suspicious query, we cannot pinpoint which individual was responsible for that particular incident. I had a situation where a developer who recently resigned still had valid credentials for nearly two weeks after their last working day because nobody had a centralized view of who had access to what. This is a serious insider threat window. From a compliance standpoint, during our ISO 27001 audit preparations, one of the first things the auditor asked for was the privileged access logs: who accessed which server and when, and what they did. We genuinely could not produce that evidence cleanly; it was scattered across individual machines, creating a finding we had to remediate urgently. The combination of no individual accountability, audit evidence gaps, and slow offboarding was what made us seriously evaluate solutions.

My day-to-day usage with StrongDM includes auditing privileged session logs, managing role-based access policies, checking for stale or over-privileged access, and pulling audit evidence for compliance reviews, as well as supporting incident investigations during the session replay logs.

StrongDM's best feature is the session logging and audit trail, which is the single most valuable feature for me from a SOC perspective. When we investigate a security incident involving admin activity, having a full replay of what an engineer or vendor did during the privileged session is something that traditional VPN or jump box setups simply cannot provide. Other features I value are no credential exposure, just-in-time access, centralized resource management, fast offboarding, and strong SSO and MFA integration.

Session logging and the audit trail help me during investigations because when investigating a security incident involving admin activity, having a full replay of what an engineer or vendor did during the privileged session is something traditional VPN or jump box setups cannot provide. StrongDM has positively impacted our organization since deployment. Access provisioning time dropped by around 40%. Offboarding that used to take hours now completes in under 10 minutes. We have also eliminated all shared credentials usage across the production environment. Additionally, audit evidence collection for privileged access reduced from days to hours, and there have been zero credentials-related incidents since deployment.

StrongDM can improve in change management, reporting customization, and the initial setup complexity because mapping all our resources correctly at the start requires dedicated time and planning. Additionally, pricing is very noticeable for smaller security teams or startups.

The reporting needs customizations because executive-level people want reports. If StrongDM works on this improvement, they would be sufficient.

Change management is one of the major improvements they can make because engineers are used to a traditional VPN workflow, and whenever required, time to adapt is essential. If they develop a change management feature, they will be competitive with their competitors.

I have been using StrongDM for closely around 14 months.

StrongDM is stable, and I have not seen any major issues with it during operation.

StrongDM has very good scalability.

Customer support has been responsive over the call, and the onboarding assistance was helpful during the initial resources mapping. I would rate them 8 out of 10.

Previously, I used a combination of VPN, bastion host, shared SSH key files, and manual spreadsheet-based access tracking, which gave neither real visibility nor control.

StrongDM changed my team's productivity and daily workflow; access provisioning dropped around 40%. An engineer would raise a request, someone from the infra team would manually create a user account, generate an SSH key or share database credentials, and update the relevant access spreadsheet. Then that is notified to the engineer. Depending on workload and time zones, that entire cycle could take anywhere from 4 to 8 hours in a normal day. During busy sprint periods, it sometimes stretched to the next day. Those delays had real consequences. For on-call incidents, when an engineer required emergency access to investigate production issues at odd hours, that wait time was simply not acceptable. People started keeping personal copies of the credentials to handle this, which defeated the entire purpose of access control and created its own security risks. For new joiner onboarding, getting a fresh engineer productive used to take almost half of the day for setup, and multiplied that across multiple joiners in a month added up significantly in lost productivity.

After StrongDM, access provisioning became a role-based approval workflow. Once the request came in, the approver reviewed it in the StrongDM console and granted access in minutes. The engineer connected immediately without any manual credentials hand-off. The entire process that used to take hours was now consistently under 30 minutes for a standard request. That 40% reduction sounds as a number on paper, but what it actually meant was faster incident response, smoother onboarding, and engineers spend time on actual work instead of waiting on access tickets. From my SOC perspective, especially faster provisioning with the proper controls is always better than slow provisioning that pushes people toward workarounds; workarounds are where the security gaps live.

I was not part of the call regarding pricing, but I know it offers the best return on investment because it is clear and quick. When we calculate the risk cost of a single credential-related breach or a failed audit finding versus the annual licensing cost, it was justified within the first quarter itself. I have seen a return on investment, which becomes very clear when calculating the risk cost of single credentials or breaches.

Before choosing StrongDM, we evaluated BeyondTrust, Teleport, and CyberArk.

Continuous authorization is very important for our organization because when multiple engineers share the same SSH key or database passwords, it creates serious security risks. I consider business risk versus licensing cost comparison as a key metric. StrongDM's credential-less access control works with our existing vaults or secret managers, including HashiCorp Vault or AWS Secrets Manager. It has changed things quite significantly, and that is one of the most underrated aspects of StrongDM that people do not talk about enough. Before StrongDM, credentials were everywhere, with SSH keys sitting on personal laptops, database passwords copied and pasted into Slack messages or emails, and shared root accounts known to five different engineers. When a credential is shared, it is no longer a credential; it turns into a liability. We do not know who has a copy of it, and other team members do not know if someone saved it in their personal notes app or email drafts, creating a risk of leakage. StrongDM has achieved this fundamental change.

StrongDM unified access for my team across systems such as databases, servers, or Kubernetes clusters. I advise starting with the highest risk resources first, such as the production database, cloud admin accounts, and external vendor access, as you will see the security value immediately. This strategy helps build internal confidence for a broader rollout. If anyone is evaluating StrongDM, I suggest starting with the highest risk resources first, preparing for the production database, cloud admin accounts, and external vendor access. This approach will demonstrate security value immediately, and you should build internal confidence for broader rollouts.

My final thoughts about StrongDM are that it genuinely revolutionizes privileged access management. Organizations that still rely on shared credentials, jump boxes, or VPN-only admin access should seriously evaluate StrongDM. It brings visibility, control, and auditability to one of the riskiest areas in any security program. I would give this product an overall rating of 8.5 out of 10.

My use case for StrongDM is Privileged Access Management. I have privileged accounts because I am working for the Identity and Access Management team at my company. As an engineer, I have really privileged or elevated accounts for which I need my account onboarded to StrongDM, so I have to regularly use it.

The best features in StrongDM are the password rotation capabilities, which I think are pretty cool, and also how you can literally log in to any of the privileged servers through a single platform. You just copy-paste the IP and the port number and log in over there through RDP, so I think that's pretty cool. I have used CyberArk before, but I think StrongDM as a product has pretty good potential.

My impression of the credential-less access control is that it's pretty good because it reduces the attack surface. Basically, if you cannot see the password and everything, even the privileged users cannot see the password. It's a password-less system where you just log in to the servers without knowing your password, and even if you know your password, it's probably going to be rotated after a while. So, I think that's a pretty good use case for reducing the attack surface and maintaining zero trust throughout an identity perimeter.

StrongDM helps with runtime features in a twenty-four-seven dynamic environment. Whenever I try to access at maybe two a.m. or three a.m. at night and I have a production issue on a server located in a different continent, I can access it right at that moment. I think the application works pretty much like a charm. It's readily available, and I think the runtime feature is pretty cool, although the application sometimes crashes when it's downloaded locally on your machine.

Regarding pricing, I find StrongDM to be definitely cost-efficient. We used to use CyberArk before, but StrongDM is more cost-effective, which is why we are using it. Our director is a board member at StrongDM, allowing us to utilize the product and the flexibility it provides, which tailor-suits our needs based on the organization and is something we do not get from other PAM products.

StrongDM regularly requires patches and maintenance, but I think that's a good question for the PAM architects in our organization.

If you guys could offer only a cloud-native solution, you would likely cater to different organizations. That could grow the product more.

I have been using StrongDM for the last one or one and a half years.

I think the stability of StrongDM is about four to five due to the occasional crashes that I mentioned. The gateway sometimes crashes, and you are unable to retrieve passwords, which I hope they address in the future as the product evolves.

Regarding scalability, it's difficult for me to assess because we are a mid-sized organization. Although we have many users, we only have a limited number of privileged accounts that StrongDM caters to. If a larger organization such as Microsoft or Dell adopted it, there would be more privileged accounts, showing the product's potential to grow if issues in maintenance and crashing are resolved.

I would rate the technical support seven to eight, for sure.

We have used CyberArk before. While CyberArk has a lot of fine-grain solutions, the problem is it lacks flexibility. CyberArk is fantastic and has been around for a long time, but it doesn't offer the tailored solution that different organizations need because every organization behaves in different ways. StrongDM provides that flexibility, as it is still growing and works on feedback to help integrate with your environment.

I would assess StrongDM's ability to unify access across different systems in my organization as pretty good, despite sometimes facing issues using the platform, probably because of maintenance. Sometimes you are not able to retrieve the password, so it has happened. I'm not going to say that it's a perfect product, but I think they're slowly getting better, and as I said, in the future, this product has potential for hybrid solutions in my company, especially after they got acquired by Delinea.

Regarding the continuous runtime authorization feature, I haven't utilized that feature in the product myself, but someone else in the organization has. I mostly work with StrongDM as an end user who has privileged accounts onboarded.

I believe the importance of continuous authorization versus periodic checks is significant. Automatic credential rotation means we do not have to worry about manual checks repeatedly. It is a good solution for continuous authorization, although the challenge remains about how it will support larger organizations with many enterprise privileged accounts.

I would definitely recommend StrongDM, especially for mid-sized to small organizations. If it's a large organization, I would suggest having them view a demo to see if they are ready to adopt it as a product. My overall review rating for StrongDM is seven out of ten.