(ISC)2 ran a Security Briefings webcast that focused on this subject that you can find here - https://www.isc2.org/en/News-and-Events/Webinars/Security-Briefing?commid=225465

Additionally, we ran an E-Symposium on "Getting to Know You - Consumers and The Identities" in August (you can find here) - https://live.blueskybroadcast.com/bsb/client/CL_DEFAULT.asp?Client=411114&PCAT=7540&CAT=10703 (Note: have to be an (ISC)2 member to access).

And we have an upcoming webinar on December 7th on the topic - Privileged Access Management in a DevOps Environment - https://www.isc2.org/en/News-and-Events/Webinars/Security-Briefing?commid=282043

Looking at the topic now. My advice is make sure your processes are really solid or it will only be big hinderance to getting work done. Also for segementation reasons I am leaning towards vendors that can offer me a device to put in my data center.

I think there are a few items that you need to focus on when you are looking at a privilege access management (PAM) solution. 

1. Scope of the project (what problems exist today and tomorrow that you are trying to resolve)
1. Is this a solution for window, database, UNIX/Linux, on-prem or cloud offering (public or private).
2. Timeline
3. Executive backing (this is critical,  introducing change is typically challenging and without executive backing you will stall in your deployment).
4. Are you looking for best in breed technology or one product to do everything.
2. What are the integration points within your environment
1. What is your identity source: AD, IDM, LDAP, etc?
2. Will this solution be required to integrate with your event management solution or SIEM solution?
3. Should the product offer an API interface for integration with ticketing system, etc?
3. Beware of ala cart vendors (vendors that offer low price to get in the door but then nickel and dime you to death for each and every feature they offer)