CyberArk Certificate Manager Reviews

My use cases for Venafi were for the Venafi Trust Protection Platform, managing infrastructure PKI and certificates.

Venafi's automation capabilities are very good, which is why we used it. Venafi's ability to stay updated on the most current certification renewals was also very good. Venafi's ability to safeguard my financial services infrastructure was good; we had no problems with that. Venafi's ability to help with compliance and regulatory requirements, including SOX and Swift, was great. This is a major selling point.

In terms of areas for improvement, one thing that we did not appreciate about Venafi was having agents on everything. An agent needed to be installed everywhere to handle the certificate management. Having the agents everywhere is not ideal and is always problematic. Having the agent everywhere is not the best for security, which was our other significant concern.

I have been using Venafi for about two years in my career. I am not currently using it at my current job, but rather at my previous position.

I have no issues about Venafi's stability; it demonstrated good stability.

Venafi's scalability was good as well.

I have contacted Venafi's technical support and customer support. We worked with their consulting group during implementation. I went through the whole implementation phase and they were very effective. For Venafi's support, I would rate them eight or nine out of ten.

I have not used any alternatives to Venafi; nothing at that scale of management.

It took me about six months to a year to fully deploy Venafi across the entire enterprise.

The implementation involved a whole team operation with approximately five or six people in total, including myself, several colleagues, and consultants.

The mean time to respond was significantly reduced with Venafi.

When I was working with Venafi, I was working in financial services as a user of the product and not a partner of Venafi. On a scale from 1 to 10, I would rate Venafi overall for everything an eight.

We are using Venafi as a certificate lifecycle management tool and for notifications, specifically certificate expiry notifications. Currently, we are working on automation by using Venafi for automatically installing the certificates on different key stores.

By using Venafi, we have reduced our potential risk significantly due to certificate expiry, as all teams are getting emails before 60 days and 90 days, which is helpful.

It has reduced our manual efforts significantly. Earlier, if it took us 10 minutes to issue one certificate, by using Venafi, we are now issuing it in 5 minutes, which is a 50% time saving. 

We are actively monitoring every certificate within our organization. It allows us to know which specific part or server each certificate is being used for. Through our monitoring efforts, we can provide detailed information about each certificate, ensuring our organization is well-informed.

It has improved our operational efficiency by 70% to 80%.

Venafi is a versatile tool, providing many services beyond the tools present in the market. The best feature is that Venafi automatically discovers certificates in the environment and onboards them in the dashboard. Using Venafi, we can automate and install certificates on target machines without human intervention, making it an excellent tool for automation and certificate lifecycle management.

Certification renewal is the fundamental aspect of Venafi, and it meets current market standards, setting the benchmark. We are monitoring each certificate, so our organization is aware of which server uses that certificate, and based on the monitoring, we can access all certificate details, which provides great help.

The solution's ease of use is moderate, and I suggest that the documentation by Venafi should be more linear or simpler because when new associates or trainees try to learn the tool, the documentation is difficult to understand.

Integrating Venafi into existing systems is quite easy; however, the documentation should be improved as we have to conduct analysis from our end, and the documentation hasn't presented information in a proper or linear fashion.

The support from Venafi needs improvement based on my experience. The response time needs improvement, and it takes too long to resolve or provide solutions for some tickets.

I have been working with Venafi for three years.

It's stable. I would assess the stability as eight out of ten. 

It's scalable. Scalability is rated an eight out of ten.

In our organization, we currently have around 15 members working on Venafi, with more than 300 to 400 people having read access to the dashboard to view their certificates.

The support from Venafi needs improvement. I would rate the technical support a seven out of ten.

Neutral

The initial setup process can be a bit complex, but I would classify it as medium-level difficulty. One area for improvement is the documentation, as clearer guidelines would facilitate more effective automation. Based on the current documentation, it typically takes us four to five weeks to deploy any updates or changes. Unfortunately, we've encountered difficulties in locating the necessary information.

We perform maintenance on a quarterly or semi-annual basis to ensure everything runs smoothly.

It brings value from day one; deploying this solution definitely provides beneficial value.

Venafi is versatile, providing numerous features compared to other tools in the market. If I were to recommend a tool to anyone, I would choose Venafi over others.

For certificate-related tasks, we can work on the PCI and DSS components, but regarding Venafi specifically, there isn't a need for PCI and DSS compliance. If we want to install private keys, we need to consider compliance issues, but if we are not installing private keys, there is no need to comply with current governance rules.

I would rate Venafi an eight out of ten, as it has versatility and offers many features compared to tools available in the market for certificate lifecycle management.

We use Venafi for PKI certificates.

Venafi's overall installation could be made easier. You have to install the client, then go to the console and push the certificate.

I have been using Venafi for three to four months.

More than 10,000 users are using Venafi in our organization.

Venafi was deployed in less than 30 minutes. I did Venafi's deployment by myself, but we had to go through some processes to get the PKI certificate for the enterprise side. Then, they create the certificate, and we deploy it.

Venafi has some additional functionalities for managing PKI certificates compared to other certificate deployment products. I would recommend Venafi to other users.

Overall, I rate Venafi an eight out of ten.

We use this product for our clients' server authentication and application ID certificate. We create the certificate so that when a user tries to access an application, it looks for that specific certificate based on the volume information and it authenticates on that basis. I'm a lead system operation engineer and we are customers of Venafi. 

If you want to automate anything, renew the certificate and apply to whatever environment you need, whether it is on-premise or cloud, automation is possible. You just need to have your integration set up. Venafi takes care of automatically renewing and deploying your certificate so that you don't need to worry when it expires. It also minimizes downtime and has good integration. 

For Java applications, we currently convert the certificate in JKS manually. It would be helpful to have the capability to download certificates in JKS automatically. Venafi only provides CER and no other format. They provide an option for JKS, but that certificate doesn't work because of some configuration issues. 

I've been using this solution for six years. 

The solution is stable.

We didn't test the scalability but I believe it has that capacity. We have 500 users. 

The customer support was great. 

Positive

I previously used the Microsoft SSL ADMIN tool. The difference between the two is that with Venafi, if you have access to policy, you can create, delete, import and export anything within the tool. With SSL ADMIN, unless you own the certificate, you can't make any changes to that specific activity. If you've been designated as the 'owner' and you leave the company, it's hard to change ownership. Venafi is much more flexible because it allows you to add a group instead of individuals. Even if someone leaves the group, it doesn't affect the system.

The initial setup is straightforward although it does require some security training to gain access. 

I rate this solution nine out of 10. 

In terms of how Venafi has improved our customers' organizations, the most important thing is that it reduces the risk of the outage of some of their IT systems. Sometimes these systems would be directly connected to the revenue generating activities that the client may have. So that risk reduction that can be directly calculated into money for our clients. If their IT system that is connected to production is down one day, they will know exactly how much it would cost them. So, from the perspective of risk reduction, it can be directly quantified in the value for the customer. If I was going to single out the most important feature, that would be probably be it.

The feature that I have found most valuable is their certificate discovery.

The user interface could be always improved. But I am a technologist, so I don't care so much about user interface, but the importance that it is user friendly is always appreciated by customers.

In terms of additional features I would like to see included in the next release of Venafi, I would say integration with the cloud HSM's, Hardware Security Module. Additionally, I would say other cloud services, because it is not only cloud that's essential. If you have a customer that has a lot of their IT moved into cloud, integration with different cloud services is always an area to improve.

I haven't heard negative things about the stability.

In terms of scalability, given that we were in the situation where it was on-prem, there were certain limitations there. But I guess on the cloud they should not have limitations.

To my knowledge, it began with the initial proto-concept. After that, there were some professional services needed to fine tune and integrate with everything that the customer wanted.

From the top of my head, I think it took less than two months, maybe 6, 7, or 8 weeks, but about two months or less.

The technical team needed for the installation really depends on the customer's prior knowledge. If they have a good technical team, then the things are much easier. If they don't have... 

The technical team includes engineers, architects, managers, and administrators for different stages. I guess the architects and system administrators are also involved in the process of purchasing and evaluating if it's a good fit for them. Then the architects are not necessarily needed anymore, but you would have system administrators involved given that certain privileges must be given to this system in order to operate correctly. And then you would have your general IT security administrators for ongoing monitoring of what the Venafi system provides you. This can be taught. You don't have to have a PhD in cryptography to understand this, just be a regular IT business person who has specialized a little bit on security issues. I think they can comfortably master this.

As I mentioned, there is the risk reduction. If they see the risk reduction, then I think they should go for Venafi or a similar solution. Of course, as products improve and prices go down, even more so. But it is way better to have this kind of solution compared to not having anything, because I see from the IT security business that I have been working in almost 30 years now, if they are not running this or a similar type of solution, they are just asking for trouble. It's more a question of when an outage will happen, than if. So, coming back to the risk reduction, depending of course on the size of the company and their revenues and what type of critical systems they have, they all need to make their decision. But at the end of the day, the vast majority of the customers will see a return on investment if they value the risk reduction.

Our customers need to pay for a license, and understanding the pricing and how it might develop in the future is a bit of a pain point. But, it is not too complex either. Sometimes people ask the vendors to predict the future, whereas they themselves cannot provide enough of the information to the vendor in order to be able to estimate correctly. So it kind of goes both ways. I would say the price is fairly good. Is it perfect? No. Is it the worst I've ever seen? Absolutely not.

I would say Venafi is definitely among the three most important vendors in this area.

On a scale of one to ten, I would give Venafi a seven.