What is our primary use case?
Because we are dealing with personal health information, we have had to setup up a security broker for admin access in and out of the accounts.
They wanted to have a break-glass solution in case there was a problem with the multi-factor authentication or any other issues.
We chose to use CyberArk for their failover abilities. If the Multi-factor authentication fails then you can still log in and it has a second factor that authenticates.
It gives them the break glass option that they needed.
What is most valuable?
The most valuable feature is that it does lifecycle management and that it will change to whatever the end target is. For example, you can go into Azure AD, a backup directory, or a set of Google cloud platforms.
It will do lifecycle management on the keys. It makes it so that you won't have to ever have a standard key.
It's generating dynamically keys and you can enforce policy easier.
As you start adjusting your key lengths and everything further, you can adjust them all in a single day.
What needs improvement?
It's an old product and has many areas that can be improved.
They are having to purchase Centrify to get a Linux client session that is authenticated against Active Directory.
If you wanted to log in and use your ID credentials into Linux boxes, the solution that worked was not CyberArk, it was Centrify. They had to purchase two different products to do the same thing.
The interface is not great, but good.
In the next release, I would like to see a Linux Client added.
For how long have I used the solution?
I have been using CyberArk Endpoint Privilege Manager, since the early 2000s.
We are using the latest version.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
CyberArk Endpoint Privilege Management is scalable.
We have 1200 users in our organization.
How are customer service and technical support?
Technical support is fine, they are better than what they used to be.
How was the initial setup?
The initial setup is complex because you are dealing with federated credentials across multiple authentication protocols.
What about the implementation team?
We did not use a vendor or reseller. I am there as a consultant.
What's my experience with pricing, setup cost, and licensing?
I think that it was in the range of $200,000 that had to get approved. That may have been for the whole three to five years for the project length.
What other advice do I have?
I basically am trying to drive their digital transformation and do the overall build a mass data network for their data strategy. Building out different APIs and different things.
Building out a blockchain security framework to allow HIPAA compliance where you can go in at the portability of their data to pull in and out without creating an issue with the payers.
I would recommend this solution depending on what the business needs are. I'm a big proponent for keeping things simple and trying to avoid unneeded complexity.
The company demanded certain things and only wanted to do it one way, and the way they wanted to do is what we got stuck with.
The API mobilities are there, they exist and they are okay, but as a framework and in total is worrisome because it's not a stateless application.
It doesn't appear to be moving forward. It's still a type of software-oriented architecture instead of moving to microservices, where it could be stateless. If it were stateless, and it failed during a password change, you would see it as a failure and go back to the original password.
I think that they have a lot of work to do to get there.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?