What is our primary use case?
It is nothing but privileged access management. Most companies have servers, and for each server, they identify a generic ID to login. For example, if someone is an administrator, they will be using that ID to log in. So, we need to manage those IDs in a common repository, and that is why we have CyberArk PAM. CyberArk PAM is nothing but a common repository used to store passwords and manage them.
Managing passwords is a pain area in any organization. By using this tool, we have a set of policies and emerging technology where we manage these passwords.
How has it helped my organization?
It is a central repository. Therefore, if someone needs to access a server, then they go through CyberArk PAM. It provides a secure way to do this and CyberArk PAM records everything. For example, if you are connecting to a Linux server, then once you get into the Linux server and if it is integrated with CyberArk, it will automatically start recording everything that is being done. In most banks, seeing the recordings is very useful. If there are any gaps or something has happened which shouldn't have happened, then we can check the logs and videos. So, it gives security, in a robust manner, to the organization.
We have connected all the endpoints in our organization's servers. This has been an improvement. We are trying to connect any new servers being added into the organization to CyberArk PAM.
What is most valuable?
When it comes to PAM, it is always about compliance. It has a feature that enables you to access the password in a very secure way using encryption. You also need multiple approvals. For example, if you have access to CyberArk, it doesn't mean that you have access to the server. So, whenever you try to access that server, a request will go to your manager. Once he approves the request, only then will you be able to access the server. These are a few of the features that I like about this solution.
CyberArk PAM provides ease of access based on how they have designed it. It is clearly defined where you have to go and what you have to do. If you are an end user, it is very easy to use and provides a comfort level.
What needs improvement?
CyberArk PAM is able to find all pending servers that can be integrated, but we cannot get this as a report. We can only see the list of servers on CyberArk PAM. This is a problem that could be improved.
If you are an administrator or architect, then the solution is kind of complicated, as it is mostly focused on the end user. So, they need to also focus on the people who are implementing it.
For how long have I used the solution?
I started using CyberArk PAM in 2016, so it has been almost six to seven years. I started with version 9, and now it is currently on version 12. So, I have used multiple versions of CyberArk.
What do I think about the scalability of the solution?
Its scalability is good. It is available on-premise and they started having a cloud three or four years back.
Our environment is very small. We are managing around 2,000 users. Whereas, I have seen it managing users of 10,000 to 15,000 servers. We have around 30,000 users, and I have seen that kind of environment, though what I am currently managing is much less. When it comes to the Middle East, it is always regionally focused, it is not international. Our organization is specific to one country and not international.
How are customer service and support?
The technical support is from the US. The only problem is that they reply during their own time zone. It has been a bit difficult to reach them, but we get the answers, they are just a bit delayed.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously had Hitachi ID PAM. We switched to CyberArk because of the features and interface, where there is a bit of distinct difference between the two solutions. Though, the architecture is the same.
How was the initial setup?
When you do an implementation, it is always challenging internally. While the setup is very easy because they give you tools for installation, you have certain things that you need to keep in mind when you implement it in an organization. These things become a kind of a roadblock. Every time that something comes up that you need to enable from the organization's side, e.g., if you have to unlock a few things on the organization's side, you must go through a process and some teams might not allow you to go ahead with it.
The deployment took three to six months.
What about the implementation team?
For the deployment, we needed a solution architect, two consultants, and two people to work on the BAU. While it depends on your organization's size, we needed around five to 10 people to implement it.
What was our ROI?
The ROI depends upon a company's capability to maximize the usage of this application. If you buy something, it is your responsibility to use it at an optimal level.
What's my experience with pricing, setup cost, and licensing?
Previously, the pricing was very meager. They started publicizing and advertising the solution, growing CyberArk, as an organization. They also changed their pricing with that growth, e.g., the pricier the product, the more people who will purchase it.
Which other solutions did I evaluate?
Bomgar was one of its competitors, now it is called BeyondTrust. Another competitor was Thycotic.
While CyberArk PAM has survived, it needs to be more flexible. They are currently focusing on the solution's GUI, but rather than the GUI, they need to focus on the solution's internal aspects, e.g., making the steps a bit easier. There are too many things to focus on and be aware of. So, they need to streamline it in a way where it is more compact.
What other advice do I have?
You need to know the sizing of your company and not randomly use it, thinking you may need to use this solution in the future. You need to use most of the features, e.g., if you have 10 features, then your company should use at least seven features of CyberArk. If you are not going to use seven or more features, i.e., if it is below seven, you should not go for this tool.
We were using Secrets Manager for managing a few SSH files, but we are not using it anymore.
I would rate this solution as eight out of 10. CyberArk is a solution to problems being faced by multiple companies and organizations. It removes security threats and vulnerabilities from an organization in a secure way, and your credentials are handled in a secure way. Therefore, it solves this pain area in a company, and that is why I think they are one of the top tools.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.