The ability to create custom connector components is the most valuable feature of the product. Once the organisation matures in their privileged access strategy, CyberArk’s customisation capability allows you to target application-level access (e.g., web-based management consoles) as opposed to just the underlying operating system. The API allows operational efficiency improvements, through being able to programmatically provision accounts into the Vault.
Improvements to My Organization
It has improved our organization by being able to consolidate several privileged access technologies into a unified tool. Session recording and auditing capability, and approval workflows allow a high degree of control over the organisation’s privileged access requirements for compliance purposes.
Room for Improvement
- Authentication to the solution: Authentication to the PVWA utilises integration to IIS. Therefore, it is not as strong as desired.
- Reporting capability and customisation: Reporting utilises predefined templates with limited customisation capability.
Use of Solution
I have used it for 15 months; approximately nine months in a large enterprise.
I have not encountered any stability issues.
I have not encountered any scalability issues. The solution is fairly scalable. All presentation-level components are operable in highly available configurations.
Customer Service and Technical Support
Technical support is 8/10; level of engagement depends on severity of problem.
I did not previously use a different solution.
Initial configuration is quite complex and takes a considerable amount of time. However, this depends on the management requirements of the organisation. An example of this is connectors to mainframes, which might require a degree of customisation and knowledge of how the password manager functions (and relevant training). Setup regarding installation is straightforward, as the provided guides are quite expansive and include several installation possibilities (e.g., standalone, HA, DR, etc.)
Pricing, Setup Cost and Licensing
Appropriately scope the organisation’s requirements to ensure licenses are not over-provisioned.
Other Solutions Considered
I was not part of the selection process.
If an organisation has not utilised a PAM tool before, it is a large cultural change fundamentally in how a user works, and should be taken into consideration accordingly. The solution is complex depending on the requirements; therefore, the implementation should not be rushed and it should be tested appropriately.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sep 19 2016