CyberArk PAS Review

Helps control use of shared passwords and the practice of sharing passwords disappeared completely

What is our primary use case?

The main purpose of getting CyberArk was to control the use of the shared passwords. 

Secondly, we needed to take out the secrets from the applications' source code (database connection strings). 

Thirdly, we wanted to improve the network segmentation and reduce the number of firewall exceptions. We're doing that by assigning a PSM per network zone and limiting the exceptions to its connections.

How has it helped my organization?

The practice of sharing passwords disappeared completely and the most sensitive application is using the AIM to retrieve database passwords for all its users.

We're still struggling with the use of RDP through PSMs.

What is most valuable?

The most valuable features for us are the AIM and PSM because they helped us by reducing the number of secrets floating around.

What needs improvement?

The AIM providers registration process could be easier and could allow re-registration. Also, some sort of policies for assigning access rights and safe ownership would be useful for deployment automation. We're seeing difficulties with hosts requiring 2FA, and we need to better cover them with PSM and PSMP.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I am very impressed with the stability, but I still need to convince some colleagues.

What do I think about the scalability of the solution?

Scalability is rather good, we haven't reached any technical limitations yet.

How is customer service and technical support?

The support is always very responsive, accurate, and complete in their solutions. I've always had a personal contact that would know our setup and was able to concentrate on our specifics instead of pointing to a generic document on the support site.

Which solutions did we use previously?

No, we haven't used any other solution.

How was the initial setup?

The initial setup was straightforward because its entire complexity was hidden by the CyberArk expert who guided the whole process.

What about the implementation team?

Our vendor's implementation team was stellar.

What was our ROI?

We haven't yet calculated the ROI.

What's my experience with pricing, setup cost, and licensing?

Attempt to minimize the AIM deployments as the license is expensive. Take a license for a test instance even if it might cost extra.

Which other solutions did I evaluate?

I cannot tell what other options were evaluated.

What other advice do I have?

Keep an eye on the cloud integrations and be ready for Conjur.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email