What is our primary use case?
The primary use case is for password credential management of privileged accounts. The product has performed very well, and we will continue to invest in this space because the CyberArk tools are working well for us.
We are using it to manage infrastructure and applications in the cloud, rotating credentials which are used for operating system logins and cloud console credentials.
How has it helped my organization?
We have a lot of privileged accounts with a lot of administrators. The only way to have a good handle on the inventory of accounts, and have some type of controls around who has access to the accounts, is to have a tool like CyberArk.
The key aspects of privileged access management are being able rotate passwords, make sure someone is accountable, and tie it back to a user (when the system is being used). This helps our security posture. We also look at other privileged accounts, which are used by overlooked applications, and this provides a benefit to the company.
What is most valuable?
The most valuable features would be:
- Ease of installation
- Support for every use case that we have come across.
- Application credentials: We have been able to manage them in CyberArk, whether they come as a custom plugin or straight out-of-the-box.
What needs improvement?
Some of the additional features that we are looking at are in the Conjur product. So, CyberArk has some of the features we want covered either by utilizing Conjur's features or by integrating Conjur directing into the CyberArk tool. I am specifically discussing key management, API Keys, and things for connecting applications in the CI/CD pipelines.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
Stability is great, especially as the product matures. I have been using CyberArk since version 4. We currently are using version 9 in our production environment, and are looking to deploy version 10. Version 9 is very stable compared to the previous versions.
What do I think about the scalability of the solution?
Scalability is great. We have no problems.
We have a very large, diverse, global environment, and we have not run into any scalability issues.
How is customer service and technical support?
Technical support is very good. We have had a technical account manager (TAM) in the past, and have worked directly with her as our primary source. However, we also contact other people in the support environment, and they know the product well and are always willing to help out.
How was the initial setup?
I did an initial installation at another company. It was pretty straightforward.
What about the implementation team?
CyberArk offered to help with designing the architecture. Once we got all those pieces sorted out, the implementation was easy.
What was our ROI?
I don't know if anyone has done a true number analysis, but we do see the following:
- The amount of time that people used to spend maintaining credentials;
- The amount of time that used to be utilized for audit purposes and who had which accounts at any point in time.
There is ROI on the actions above because the amount of time that it took to do these tasks has been significantly cut.
What other advice do I have?
If you are starting from scratch with the product, you should take a good inventory of your accounts to know what is in the scope. Start off with the password management aspect of it, but also look into things that provide session management, SSH key, and rotation. These are some of the basic things a new company using privileged access should look for.
CyberArk is always willing to take feedback from the customer and are looking for ways to improve. There are all types of programs within CyberArk to take that feedback and incorporate it into their product.
I have experience using quite a few of the plugins, but I am not familiar with the new generator utility plugin.
The most important criteria when selecting a vendor: They need to understand our environment. We have a very complex environment at a very large scale. They need to show that they have a product which can meet the needs of a large organization like ours, and find solutions from old legacy environments to everything through the cloud.
Which version of this solution are you currently using?