Sold by: CyberArk
Deployed on AWS
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
4.5
Overview
CyberArk Secure Cloud Access, part of the CyberArk Identity Security Platform, delivers Just-in-Time (JIT) access with zero standing privileges, allowing developers secure access across AWS, Azure, and GCP environments without interruption. Designed with a developer-friendly approach, CyberArk dynamically provisions access to reduce risk and maintain developer productivity.
The Critical Need for Developer Access Security With the rise of digital transformation, overprivileged developer identities are increasingly targeted in attacks, often leading to prolonged breaches and data theft. Traditional standing access in cloud environments opens paths for attackers to misuse credentials, creating risk. CyberArk mitigates this by enabling JIT access, reducing the attack surface and safeguarding organizations from long-term breaches.
Developer-Centric Access for Enhanced Efficiency CyberArk recognizes the operational demands developers face. Developers can launch sessions natively, using their own federated identity across cloud services, APIs, and infrastructure without jump servers or extensive approvals. This seamless approach enhances productivity while preserving security.
Key Benefits for Developers Zero Standing Privileges (ZSP): Developers get temporary, session-based access without standing permissions, reducing unauthorized access risk while maintaining workflow continuity. Time, Entitlement, Approval (TEA) Model: CyberArk's TEA model ensures developers receive access when needed, minimizing delays in time-sensitive situations and restoring functionality faster. Attribute-Based Access Control (ABAC): Permissions are granted based on identity, role, and context, aligning with security requirements without compromising developer efficiency. Prioritizing Developer Experience CyberArks approach offers:
Native Tool Access: Developers use familiar tools like SSH clients and web consoles directly, reducing fatigue and allowing agile response times. Fast Incident Resolution: On-demand access for critical scenarios helps minimize downtime, accelerating issue resolution. Centralized Access Across Clouds: With a unified platform, developers manage access to all environments consistently, boosting speed and productivity. Empowering Developer Velocity and Security CyberArk enables a frictionless experience by securely granting JIT access, preventing delays in high-pressure situations. By allowing developers native access to cloud consoles, CyberArk reduces credential management burdens and risk, supporting developer velocity and secure innovation.
Adaptive Controls for Multi-Cloud Security CyberArk's Insight to Action framework centralizes oversight of access rights across cloud environments. Integrated with AWS IAM, AWS IAM Identity Center, Slack, and ServiceNow, it simplifies privilege management, enhancing both security and operational efficiency.
Protecting Against Identity-Based Threats CyberArk's ZSP and JIT access model ensures no standing credentials, reducing credential exposure and unauthorized access. Layered, identity-based controls help secure developer access without hindering productivity, empowering continuous innovation.
Measurable Benefits with CyberArk Secure Cloud Access Accelerated Cloud Transformation: Provides developers secure, JIT access to SaaS, APIs, and infrastructure in a unified, compliant platform. Efficient Compliance Management: Detailed audit trails and ITSM tool integrations ensure secure scaling and compliance. Enhanced Developer Efficiency: JIT access via the TEA model streamlines access, reducing delays and improving user experience. CyberArk: Secure, Fast Developer Access for Innovation The CyberArk Identity Security Platform ensures secure, JIT access at cloud speed, offering the only identity security solution with Zero Standing Privileges. It reduces attack risks, drives operational efficiency, and supports developer innovation.
For custom pricing or offers, contact AWS-Marketplace@cyberark.com .
Highlights
- Provide Temporary Elevated Access, Just-in-Time with Zero Standing Privileges to Resources across your cloud estate
- Secure, Native access requiring no change in workflow, tooling or configuration for end users. This is provided to accelerate adoption
- Access workflows provide a rapid and clear route to elevated entitlements with close integration to ITSM and ChatOps tooling
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Secure Developer Users, Standard Edition, QTY 5 users | Secure Cloud Access - 5 users: Multi-cloud, zero SP, CLI/web, monitor | $2,400.00 |
Vendor refund policy
Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ >
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ > Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ >
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By CyberArk
By BeyondTrust Corporation
By Barracuda Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Just-in-Time Access Provisioning
Delivers temporary, session-based access to cloud resources across AWS, Azure, and GCP environments without standing privileges, dynamically provisioning permissions when needed.
Zero Standing Privileges Architecture
Eliminates permanent elevated access by implementing zero standing privileges model, reducing credential exposure and unauthorized access risks across multi-cloud environments.
Attribute-Based Access Control
Grants permissions based on identity, role, and contextual attributes, enabling fine-grained access control aligned with security requirements.
Multi-Cloud Integration
Integrates with AWS IAM, AWS IAM Identity Center, Slack, and ServiceNow to provide centralized access management and oversight across multiple cloud environments.
Native Tool Access Support
Enables developers to use familiar tools such as SSH clients and web consoles directly without requiring jump servers or extensive approval workflows.
Centralized Identity and Access Visibility
Provides centralized view of identities, accounts, entitlements, and privileged access across IT estate with threat detection capabilities for compromised identities and privileged access misuse
Privileged Credential Management
Manages privileged passwords, accounts, credentials, secrets, and sessions for human and machine identities with complete control and security enforcement
Privileged Remote Access Control
Enables granular control, management, and auditing of remote privileged access for employees, vendors, developers, and cloud operations engineers with zero trust enforcement
Endpoint Privilege Management
Enforces least privilege on Windows, macOS, and Linux systems by removing local admin rights, replacing sudo with centrally managed solutions, and preventing malware and phishing attacks
Threat Detection and Analytics
Delivers advanced discovery, intelligence, and deep contextual analytics to detect threats across entire identity estate and identify hidden attack paths
Zero Trust Access Model
Implements rule-based and condition-based access control requiring continuous verification of user and device identity and trust before granting access to resources
Multi-Cloud and Hybrid Infrastructure Support
Provides secure remote access across AWS workloads, on-premises resources, and other cloud environments without requiring VPN
Conditional and Contextual Access Control
Delivers remote conditional and contextual access to resources with capability to reduce overprivileged access and associated third-party risks
Device and Endpoint Management
Supports instant provisioning of company-owned devices, employee-owned devices, and unmanaged contractor endpoints for remote access
Seamless Access Provisioning
Enables instant provisioning and seamless access experience for remote workers without requiring awareness of underlying zero trust security implementation
Standard contract
No
No
No
Customer reviews
Isaac Ogbonnaya
Just-in-time access has enforced least privilege and provides detailed cloud audit trails
Reviewed on Apr 29, 2026
Review from a verified AWS customer
What is our primary use case?
Our use case for CyberArk Secure Cloud Access is privileged access in the cloud, enforcing least privilege on just-in-time access. We use it to manage all our AWS cloud and our privileged access in the cloud.
What is most valuable?
I love the Just-in-Time access feature in CyberArk Secure Cloud Access because users don't have permanent access; access is only granted to them when needed, and it's also removed automatically, which helps us minimize or eliminate some accounts that are always on the privileged accounts.
The real-time monitoring in CyberArk Secure Cloud Access not only identifies potential threats but also filters and enforces least privilege access, so you have access only to the work you are here for, and it automatically removes you from the access.
It really helps us so much in the area of audit trails because we get to monitor and have a comprehensive log activity of every user that comes on board with CyberArk Secure Cloud Access, which helps us understand behavior and activities.
What needs improvement?
The setup and the configuration of CyberArk Secure Cloud Access sometimes can be complex, and if you don't have the knowledge of identity and access management on the cloud, it will be very complex for you to set it up and configure it.
For how long have I used the solution?
We have been using CyberArk Secure Cloud Access for over four years now.
What do I think about the stability of the solution?
CyberArk Secure Cloud Access is very stable in the area of Just-in-Time access, and I give it an eight for stability.
What do I think about the scalability of the solution?
CyberArk Secure Cloud Access is doing very well in identity-based risks, and I give it an eight for scalability; they are really doing well in that area.
How are customer service and support?
I give the technical support for CyberArk Secure Cloud Access an eight; they are adequate.
Which solution did I use previously and why did I switch?
There are other solutions like the SailPoint solution, but one thing I love about CyberArk is that they can enforce least privilege and Just-in-Time access, which differentiates it from other solutions that I have used.
How was the initial setup?
If you have over 30 users, the deployment of CyberArk Secure Cloud Access should take about five working days.
What about the implementation team?
We often do our maintenance monthly for CyberArk Secure Cloud Access.
What was our ROI?
As of 2024, we have seen over 70% return on investment from CyberArk.
What's my experience with pricing, setup cost, and licensing?
The pricing for CyberArk Secure Cloud Access is reasonable, and although it's a powerful tool, I would say it's average in the cost of implementation; it's cost-friendly.
What other advice do I have?
As long as you are making use of migrating from your traditional to cloud for secure access, identity, and access management, I will definitely recommend CyberArk Secure Cloud Access to you; they are very good in that area. I give this product an overall rating of eight.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
RiaanDu Preez
Centralized access control has strengthened cloud security and monitoring has exposed risky behavior
Reviewed on Apr 23, 2026
Review provided by PeerSpot
What is our primary use case?
I have been dealing with CyberArk Secure Cloud Access for over three years now, and I have been working with CyberArk for 10 years plus.
I work with their CASB solution, CyberArk Secure Cloud Access , and I am a certified deployer for CyberArk.
I use adaptive risk-based policies in CyberArk Secure Cloud Access to learn and understand the environment.
The use of dynamic role-based access controls in CyberArk Secure Cloud Access enhances my cloud security by helping not to prolong the access granting process. In other words, just-in-time access is very quick.
Integrating with existing IT ecosystems like AWS or Azure IAM or Azure AD helps streamline my administrative and compliance efforts when that is set up correctly.
I have been both a customer and reseller of CyberArk.
What is most valuable?
In CyberArk Secure Cloud Access, I find the central point where it is easy to access and easy to configure most valuable.
I assess the effectiveness of real-time monitoring in identifying potential threats as very important nowadays, noting the use of algorithms and large language models.
Comprehensive audit trails in CyberArk Secure Cloud Access have provided valuable insights, especially with suspected misuse of credentials.
When someone obtained a vendor's details and attempted to access them, with monitoring enabled, it was easy to see from which area it came from and then confirm with the user whether they were trying to access it or had forgotten something at that point in time.
What needs improvement?
In my perspective, I do not see much that could still be improved about CyberArk Secure Cloud Access. Depending on what is used to do the integration, looking at the requester's posture could be beneficial.
In the future for CyberArk Secure Cloud Access, I would like to see tokenization improved, where every connection gets a new token. Not in the sense of a connection token but more a certificate that encrypts the data and gets deleted.
For how long have I used the solution?
I have been using CyberArk Secure Cloud Access for over three years now, and I have been using CyberArk for 10 years plus.
How are customer service and support?
I rate the technical support as very good, so I give it a nine because I know a lot of the technicians.
What other advice do I have?
I am not really working with Trellix that much anymore. It is more something like CrowdStrike.
I have not had experience with Falcon LogScale by CrowdStrike yet.
When it comes to implementation, I usually refer to the physical implementation or the preparation to implementation.
Overall, I usually say it takes about three months at least for both preparation, implementation, and configuration because this helps to plan and understand the client's environment so that you do not forget something and also do not break connections or anything when you do the implementation.
In South Africa, everything is expensive, so there is always going to be environments where this is seen as a luxury product instead of an enabler.
I rate CyberArk Secure Cloud Access as also a nine, but I would like to see what happens with the Palo Alto acquisition.
I would generally recommend CyberArk Secure Cloud Access to others, but there are other good options, depending on what the client is looking for.
For companies in South Africa, I would not recommend CyberArk Secure Cloud Access for medium to small companies, but it also depends on what their security appetite is.
My overall rating for this review is nine.
Arkajit Das
Secure access has strengthened privileged controls and real-time threat monitoring for admins
Reviewed on Apr 22, 2026
Review from a verified AWS customer
What is our primary use case?
My usual use cases for CyberArk Secure Cloud Access involve primarily working on PAM, which is Privileged Access Management , and this generally helps us with admin and high-level account accessibility. We also use credential vaulting alongside its JIT, which is temporary access, and this has proven quite helpful for our needs.
What is most valuable?
The features of CyberArk Secure Cloud Access that I find most valuable are the monitoring, recording, and auditing capabilities.
I find them valuable because both products are quite interchangeable, and the main feature we love is the temporary access. Secondly, it does not require sharing a password, which is really helpful. Additionally, PAM is the core strength of this product, and it provides a dashboard for continuous threat detection, which is quite helpful for taking action against threats.
The value of the insights provided by audit trails is significant for me since it allows checking user logins and accessibility, helping identify potential threats and block or restrict access from high-risk zones. It effectively tracks user login attempts, access requests, approvals, and policy changes, which are crucial for implementing recent policies.
What needs improvement?
CyberArk Secure Cloud Access provides a solid foundation overall, but the UI/UX might be challenging for less tech-savvy individuals. Something user-friendly that improves the interface and the initial setup process would enhance the experience. The technical documentation requires a high level of understanding about how CyberArk works, and this could be improved.
For how long have I used the solution?
I have been working with CyberArk Secure Cloud Access for almost three to three and a half years.
What do I think about the stability of the solution?
I find CyberArk Secure Cloud Access quite stable. However, updates are not very frequent at times, yet it still performs well. The stability from a security perspective is quite good.
What do I think about the scalability of the solution?
The scalability of CyberArk Secure Cloud Access is commendable, as most enterprises use it. From a scalability standpoint, I would rate it an eight out of ten.
How are customer service and support?
I have communicated with the technical support of CyberArk Secure Cloud Access a couple of times.
My experience with CyberArk's technical support has been quite good. They are helpful and provide enterprise-level support with knowledgeable engineers and ample documentation, especially during setup and critical issue handling. Turnaround times may vary depending on the type of support.
What other advice do I have?
I think adaptive risk-based policies are essential because when using any healthcare-related tool, the HIPAA-related compliance or SOC compliance will be completely different from the fintech platform. They definitely differ country-wise or region-wise, and whenever we use them for LATAM or the JPAC region, policy changes are necessary. There are three levels of risk that we configure: low risk for normal access, medium risk where we provide MFA, and high risk where we block that particular system or restrict the accessibility. This is how CyberArk works.
The effectiveness of real-time monitoring in identifying potential threats for my customers is really high because real-time threat detection is a helpful feature. It enables me to analytically check high-risk zones or systems and identify potential threats based on configured access, IP addresses, or analytical reports.
The use of dynamic role-based access controls enhances cloud security for my customers because dynamic roles are essential in current cybersecurity features. They assist in assigning roles dynamically based on user roles or groups configured for them, thus offering just-in-time privilege elevation that works directly with identity providers.
Integrating with existing IT ecosystems helps my customers streamline administrative and compliance efforts by configuring it with Microsoft Azure Directory and providing SSO for any external integrations. Azure offers the highest level of security from Microsoft, and the integration areas include similar functionalities such as MFA, which significantly aid in connecting to VMs or managing cloud workloads.
The pricing of CyberArk Secure Cloud Access is relatively reasonable. It is not as expensive as other cybersecurity software, but it is also not cheap. For enterprises, paying a little more is acceptable, especially considering that one data leak can lead to significant financial problems, making the transparent and flexible pricing worthwhile. I would rate this product an overall eight out of ten.
Nixon L.
Intuitive Interface with Unmatched Security
Reviewed on Apr 03, 2026
Review provided by G2
What do you like best about the product?
I like its interface which is very user-friendly. I also appreciate the security it provides, generating excellent protection. Additionally, I value that it offers minimal privilege access and allows the deletion of persistent accounts.
What do you dislike about the product?
The latency in provisioning was somewhat complex at the beginning.
What problems is the product solving and how is that benefiting you?
I use CyberArk Secure Cloud Access to offer least privileges to users, ensure secure connections to servers, and protect users and service passwords. Resolve user privilege access and enhance service security.
Mohammed_Talukdar
Improved cloud access control and auditing has met compliance needs but still needs better integration
Reviewed on Mar 28, 2026
Review provided by PeerSpot
What is our primary use case?
I purchased the solution through a third party. We have it deployed on our IT estate and we're still rolling it out across parts of our Telco estate, so it was easy to implement in my system.
What is most valuable?
The use of dynamic role-based access controls enhances our organization's cloud security as it is part of the controls that we require to meet our TFL obligations.
I assess the effectiveness of real-time monitoring in identifying potential threats as extensive, as we have extensive testing procedures, including performance testing, load testing, and monitoring the impact of the platform on any of our Telco operational systems. We have a very extensive testing lab facility with a comprehensive list of tests that we conduct.
Integration with existing IT ecosystems had some problems, and there is room for improvement. On the IT side, there were some problems, but we have overcome those problems. On the Telco estate, as we move towards our cloud-native platforms on the Telco side, there are still many question marks as to whether CyberArk Secure Cloud Access would be able to deliver the necessary capabilities and performance, but we are evaluating how that develops.
Comprehensive audit trails have provided valuable insights on the IT estate. We haven't rolled it out into full production on the Telco estate, and that is something we are evaluating right now.
I use adaptive risk-based policies. They have helped improve security measures quite extensively because it is a very dynamic environment, and we need those adaptive policies in place.
What needs improvement?
In the future, I would like to see better integration into some of our cloud capabilities and hybrid cloud capabilities, especially around where we have containerization, as I think that is an area where the product is claiming to be able to do things, but we are yet to see maturity in those areas.
Other than pricing, I see that there is room for improvement for CyberArk Secure Cloud Access , but we are generally satisfied with the product.
For how long have I used the solution?
I have been primarily a customer, and in this current role, I have been a customer of CyberArk for at least ten years now.
What do I think about the stability of the solution?
I have not faced any issues with this solution.
What do I think about the scalability of the solution?
When it comes to performance, I am definitely satisfied with CyberArk Secure Cloud Access on the IT estate, but we are still evaluating whether it has the right level of performance for the Telco aspects. We have an on-premises solution as well, so we are still evaluating.
How are customer service and support?
I would rate the technical support provided by CyberArk as low, because the solution is actually being delivered by a third party, and all support and services are delivered through the third party, so we are not interacting unless there is a major issue with CyberArk directly.
What other advice do I have?
I find the pricing definitely expensive, and it is something that we are debating as to whether we will continue longer term with CyberArk, but at the moment, it is the platform that is there and it is being rolled out to meet our TFL obligations, so it will continue, but there is significant discussion around the cost of the licenses. My review rating for this solution is 7.5.