What is our primary use case?
We use CyberArk to assist with implementing security solutions that our auditors require. It also assists us in giving secure, monitored, audited access to non-technical people who, because of their jobs, or because of the application, require direct access to servers.
We are utilizing CyberArk's secure application credentials and endpoints.
It is performing very well.
We're not planning to utilize CyberArk's secure infrastructure or applications running in the cloud because our industry is, for the present, barred from using cloud resources. We don't yet have experience using the Plugin Generator Utility and we are not using any of the other integrations available through CyberArk marketplace.
How has it helped my organization?
Because we now have the ability to grant access to management utilities like DNS Manager, Sequel Studio, and MMC, in a secure fashion, without system admins being required to continually reenter various passwords that are stored who knows where, it has really made the system admin's job much easier. It has made the PSM's job much easier. It has made the auditor's job and the security team's job and the access manager's job significantly easier, because we're able to move much more quickly toward a role-based access management system, and that is really streamlining the whole onboarding/offboarding management process.
CyberArk is the key technology around which we have built our security management solution. We chose it four years ago to assist with password management, and it has grown to where it is managing the entire security posture of the company at this point.
What is most valuable?
Number one would be the company, CyberArk, itself. The support, the ongoing assistance that is there, the ongoing ideas that are out there from champions, and from the other community forums that are out there, is just phenomenal.
What needs improvement?
My list of enhancement requests on the portal is quite extensive.
My goal as a system administrator is to enable people to do their jobs more easily, more efficiently. So, I'm looking for ways to enable people to leverage the security posture in CyberArk, and still be able to do their jobs. Better yet, to be able to do their jobs more easily, and that's exactly what I've been finding. There are a lot of ways that CyberArk is able to be used to give people access to things that they normally wouldn't be able to access, in a secure fashion, but there are still some roadblocks in the way there. I would like to see better automation in granting access, better tools, more efficient tools, to be able to customize the solution that CyberArk provides.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It is very stable. We started off on version 7, moved to 8, to 9, and now we're moving to 10, and each revision has brought about an increase in confidence and stability.
What do I think about the scalability of the solution?
It is very scalable for an organization of our size, and I have talked with other CyberArk administrators running worldwide enterprises with CyberArk.
How is customer service and technical support?
The tech support for CyberArk is definitely one of the best I've used, and I've been in IT for 35 years.
How was the initial setup?
I wasn't involved in the initial setup but I am involved in upgrade processing. Now, it is very straightforward. When we did the first major upgrade, it was very complex and required Professional Services for two weeks. Since we made it to version 9, the upgrades have been as simple as you could possibly hope for.
What was our ROI?
The amount of time that the security team spends mitigating risk has gone down. The amount of time that the server team spends managing security issues, mitigating security issues, has gone down tremendously.
What other advice do I have?
My advice to a colleague would be: First, don't allow the security team to be the driving force. It has to be the server team that implements it, that is the driving force behind it, and the for that reason is there is always animosity between the people who are there to enforce security and the people who are there to get a job done.
When you are on the enforcement team, you are dictating to the people who are trying to get a job done, "Here is something that I'm going to put in your way to make it harder for you to get your job done." Regardless of what happens, that's the way it comes across. Going to the server team saying, 'I've got a solution that's going to make our lives easier, and oh, by the way, it's also going to be more secure," you have a much easier time selling it, much lower push-back, because you're one of them.
Second, you've got to have buy-in before you pull the trigger. You can't just force it on them: "Oh, we just took away all your admin rights." You have to give them a new solution, let them prove to themselves that this solution works, that it does exactly what they need, and that it really is easier. Now, when you revoke the rights that they've had for probably decades, there is much less push-back.
In terms of selecting or working with a vendor, our most important criterion is the ability to connect with a vendor that not only gives us the solution we need but can also work with us to customize exactly what we need.
I would rate CyberArk a nine out of 10 for two reasons:
- there is always room for growth
- there are still gaps in what the solution provides.
It's not complete across the board. If it were, it would be a 10. But I do see its potential to eventually reach that.