The challenge with the product is pricing since it's expensive. It also needs to improve the customization. We encountered some stability issues as well. 

The implementation is hard. For example, the on-prem implementation specifically is really hard to deploy. 

The solution does not scale well on-premises. 

This is an expensive product.

It's hard to get help from support if you are not certified. 

There was a situation when one of our presidents had an issue, but I can't recall the specifics.

Password management for all the endpoints needs improvement.

CyberArk can handle password management for Windows, Linux, databases, and network devices. However, there are solutions like Tenable or Skybox, Palo Alto, and other security devices for which we cannot provide password rotations on CyberArk. CyberArk should look into development for those particular plugins. I heard they had developed them, but they are not widely available. So if, for example, a customer requires CPM's password management plugin for Tenable, they need to send a request to CyberArk themselves so that the CyberArk team will then sell it to the customer. It does not come with an implementation license. It's a separate thing that a customer needs to purchase. CyberArk will assign it to that particular customer ID, and that plugin will not be supported for other customers. But those are their business tactics. They will not reveal all their plugins, only the basic ones.

There is a little bit of confusion in the implementation part, especially when one tries to understand the actual working of the product. The ones involved in the implementation of the product did not show the people in our company how they work on the product. The aforementioned area can be considered for improvement.

CyberArk Enterprise Password Vault's GUI has certain shortcomings that need improvement.

We require IAM (identify and access management) capability at the administrator level because we need more identification.

The tool needs to improve its usage and interface. They need to have a modern and useful interface. I want the product to improve its integration capabilities as well since some of the integration features do not work always.

CyberArk is complicated and costly to deploy for Windows servers compared to a few other vendors. It would be helpful if they combined all the components on a single server. Also, they should release a version specific to small businesses with two servers installation architecture.

CyberArk is not friendly in terms of having a Community Edition. It's enterprise software. They could maybe give a Community Edition that you can just play around with and see how the software is. It's a very, very costly app. 

Therefore, they can definitely give a demo version or some sort of a Community Edition with partial features at least to help potential users understand its capabilities. 

The initial setup can get complex. 

CyberArk Enterprise Password Vault can improve the distributive vault feature. Distributing the vault in multiple areas and multiple data centers should improve.

The tool's UI has bugs and lags. It needs to be improved. The deployment process can be complex due to multiple components for various functionalities, each requiring separate infrastructure management. To simplify this process, consolidating all these components into a single platform could be beneficial. The product's pricing could be cheaper. 

Some folks would like to have keystroke tracking and some would not. I guess if they could make that an option that might be interesting for certain organizations.

• Implementation documentation could use some improvement in a few areas. LDAP integration would be one area.

• Providing a way to group accounts by application would be nice.

User friendliness and reporting: While the PVWA (Password Vault Web Access) provides a web console for the end user and administrator to access the solution, there is room for improvement. (E.g.: show tips when the mouse hovers over.) Reportingprovides very detailed information; however, it requires customization before it is presentable.

The architecture needs to be improved. For example, the whole solution can come within a single software bundle instead of the distributed components we have for the on-premise deployments. I think there's room for improvements in that area because the competitors within that space have appliances and software that are just a single software. You don't have to split functionality across several servers like the current deployment.

What needs to be improved in CyberArk Enterprise Password Vault is their customer support, because as administrative engineers, since we're not experts in the solution, we have to rely on customer support.

Their customer support needs improvement in terms of being responsive and being understanding. They are knowledgeable, but responding and willingness to come and help knowing that it's their tool, rather than relying on the engineers from the customer side, e.g. our side, to do all the technical things.

The initial setup and upgrade process for CyberArk Enterprise Password Vault is complex and can only be done by CyberArk, so this is another area for improvement.

The installation process could be simplified.

I would like to see a simplification of the product.

I think they can add a new feature for the account onboarding like I've seen for another PAM tool: for instance they should give to the CyberArk administrator the chance to upload the accounts via the PVWA using a txt or an xls file.

CyberArk has two disadvantages; the first is that it's insanely expensive and the other is it's very complex. 

That's the downside because CyberArk was not built organically. It was built systematically.

They're not built into the product. You have to shoehorn things in. You have to create programmatic interfaces to make things work, but that's why I said it's the most complex product.

CyberArk is still in the model of managing accounts and passwords. When you're logged in as a domain admin, you're leaving footprints everywhere you go. These footprints can be picked up and replicated. So, I think CyberArk is behind the curve in that area.

Customers are already having an issue with the cost of CyberArk and then you have to add another $100,000.00 to the bill for other application accounts.

I would like to see a more streamlined and built-in programmatic onboarding and offboarding process. Something a little bit less complex than what they're currently doing.

The price is the problem and also the architecture can be daunting because CyberArk really strongly encourages having hardware vaults. Most corporations are totally virtualized.

I use virtualized vaults on everything including the high availability configuration.

With regards to potential improvements for the CyberArk product, I find the product quite expensive and I would like to see the cost reduced. 

The initial setup could be simpler but it may not be as effective.

The session monitoring and recording feature is also a good feature feature, but we're currently experiencing an issue with session monitoring not working correctly. We're working with CyberArk to resolve it.

We aren't able to view active sessions or historical recordings of sessions.

It is complex, which is something I know CyberArk is working on. They're trying to simplify certain administration tasks because a common critique is the level of complexity. But overall, we can do everything we need with it.

So, CyberArk could still focus on making it more user-friendly.

CyberArk Enterprise Password Vault must incorporate connectors for password and session managers in the marketplace.

The solution is too complicated to use and should be simplified. It took me a long time to understand how to use it. There is a lot that the solution can improve for the future.

I'd like it to be a little more granular. I want a little bit more control over exactly what we do. I know if you do that, you add more knobs and dials to deal with, but that's just my personal approach: granular access.

The price is high compared to Azure Key Vault. It's the most expensive solution. 

CyberArk Enterprise Password Vault's deployment is complex for resources with little experience. Tech support needs to be improved as well based on quality and knowledge. 

The interface could be improved it is not user-friendly, but they have improved but it could still improve. In the policies configuration, it would be a benefit to have more details.

Small things such as resizing pop-ups but mainly the reporting possibilities: These are quite poor in my honest opinion. If you really want custom reports you actually need to export data to an Access database and create your own queries and reports. The default reports are just that.

The reporting functionality is currently limited to default reports, listings and overviews. For more detailed and in-depth reports, you need to export the data to an external app such as Access or MS SQL. For example, if you need a report listing all safes, owners, members and accounts (like we do), you need to create a bespoke report. Ideally, in 2016, perhaps a graphic drag & drop reporting interface would be ideal.

I don't see any problems because it's highly secure and very flexible. It gives us all types of storage options and it gives us a high level of security. From my experience, overall, I don't see many problems that need to be rectified.

The only problem involves granting access to people who are authorized to view it. This user management area is the most critical. We have to constantly check on that area and we have to review and give proper access. Nobody should have more access than they are authorized for.

The pricing is too expensive and should be reduced. This is our only concern. When a small industry wants to invest in these kinds of tools, they don't have the budget to spend a lot of money on security. If the price were more reasonable then many other small businesses would consider using it.

The installation process should be easier and more user-friendly so that you don't need to hire a third party to deploy it. Instead, an in-house administrator could do it.

• Enhanced PSM support for Java based applications.
• Easier to use bulk uploader tools (which are already being worked on).

I think there can be improvement in providing information on how to develop connectors for various applications’ APIs.

Additionally, I think the user experience needs to improve. It's not very intuitive at the moment. An account could be more descriptive, and could have more attributes based on its functionality.

It is currently a robust product, but we should be able to join together small components. This will improve support and understanding.

This solution does not support the SQL Developer. We have to purchase separately from CyberArk and we have to ask them to develop it.

This solution is a bit complex compared to other solutions. The installation and administration are complex.

Some things can be done through the interface, but the whole installation process and upgrade process can be done with the installation script but it's complex.

This is too complex for some organizations that do not have a large scale.

In the next release, they could simplify the setup and I would like some tasks added like file sharing. When a client connects to CyberArk and wants to put a file on the server, they cannot.

I thought that the client would be able to drop a file onto the server and the file would be visible on the server.

I have to disable the connection to provide a copy and this is a security issue, and I closed this file to the client then he can't upload and files to us.

They need to come up with a way for the client to file share with CyberArk.

I would prefer that this is a fully-managed service, rather than have to manage the software ourselves and keep it up to date. A cloud-based deployment would ultimately be better for us than an on-premises appliance.

Upgrading the product is very difficult, so this could be an area for improvement.

I would like to see more integration with more tools, for more APIs. 

The interface and user experience could be improved. In comparison, in Fudo Security, items are very searchable and it's very comfortable to work with. CyberArk is not very good at that. It could be improved and it wouldn't be too complicated to do so. The solution is too big and complex for any business that is small or medium-sized. They should offer a more compact version or make a solution better suited to smaller businesses.

Having a cloud version would be very helpful. You have to invest a lot of money for the infrastructure hardware so the cloud version would help.

The deployment architecture, the ability to locate and change credentials and the stability need to be improved. They need to install or include an appliance-based option, which CyberArk does not have.

The technical support can improve on the time that it takes to get a callback.

The integration is great but needs to be a bit more user-friendly.

Also, a feature with the ability to create password sync.

In the next release, I would like to see the following:

• Availability on the cloud and the appliance.
• More documentation for the setup. 
• Simplify the deployment.
• Continuous operation with this solution.
• Simplify the infrastructure for better stability.
• Increase the support for applications.
• Invest in local on the ground staff in various regions.
• The ability to search by the activities, especially for Windows Servers.
• Improve the auditing capabilities for their searches.

The initial setup could be simplified. Right now, in comparison to its nearest competitors, it's quite complex.

The product documentation could be a little more precise in certain aspects with clearer explanations for functionality limitations. New functionalities or discovered bugs take a little longer to patch. We would greatly appreciate quicker development of security patches and bug corrections.

Error messages are useless; better documentation of error codes would be helpful.