If you were talking to someone whose organization is considering CyberArk Endpoint Privilege Manager, what would you say?
How would you rate it and why? Any other tips or advice?
I would advise poential users to instantly look for a solution in the cloud if they want to go with CyberArk. Don't get the on-premise version. I'm not satisfied with the EPM, and I'm just looking to see if there's any other solution that we can get. This is also because CyberArk is ending support for on-premise solutions in 2023. So, in our case, we will have to move to the cloud, and the cloud is much more expensive than just using the solution we have right now. On a scale from one to ten, I would give CyberArk Endpoint Privilege Manager a six.
We are resellers and an implementor of the solution. I'd rate the solution at a nine out of ten. Product-wise we don't face that many issues, and basic integration of users and assigning them the rules and other stuff like that is, compared to other options, very straightforward.
I basically am trying to drive their digital transformation and do the overall build a mass data network for their data strategy. Building out different APIs and different things. Building out a blockchain security framework to allow HIPAA compliance where you can go in at the portability of their data to pull in and out without creating an issue with the payers. I would recommend this solution depending on what the business needs are. I'm a big proponent for keeping things simple and trying to avoid unneeded complexity. The company demanded certain things and only wanted to do it one way, and the way they wanted to do is what we got stuck with. The API mobilities are there, they exist and they are okay, but as a framework and in total is worrisome because it's not a stateless application. It doesn't appear to be moving forward. It's still a type of software-oriented architecture instead of moving to microservices, where it could be stateless. If it were stateless, and it failed during a password change, you would see it as a failure and go back to the original password. I think that they have a lot of work to do to get there. I would rate this solution an eight out of ten.
If you're going to implement Endpoint Privilege Manager, don't just give everybody EPM and think you're done with it. Spend the time, engineer it, think about it from a project perspective, and deploy it with the concept of least privilege. Really spend the time to make sure it's deployed correctly and all the processes are established so it's smooth sailing from there on in. Overall, I would rate this product at 8.5 out of 10. The product does exactly what we need it to do. However, we do need a little bit more action and response time with regards to support. In terms of the effect working with CyberArk has had on my career, it has really put my name on the map with regards to the whole CSO world and IT security, as well as from our company-wide, holistic perspective. People come to me; they know me as the person who will solve problems. Usually, things are very difficult, but at the end of the day, we'll find a solution and implement it. From that perspective, it's giving me a lot more opportunities.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
We all know that it's important to conduct a trial and/or proof-of-concept as part of the buying process.
Do you have any advice for your peers about the best way to conduct a trial/POC?
How do you conduct a trial effectively? Are there any mistakes to avoid?