Sold by: CyberArk
Deployed on AWS
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
4.5
Overview
CyberArk Secure Cloud Access, part of the CyberArk Identity Security Platform, delivers Just-in-Time (JIT) access with zero standing privileges, allowing developers secure access across AWS, Azure, and GCP environments without interruption. Designed with a developer-friendly approach, CyberArk dynamically provisions access to reduce risk and maintain developer productivity.
The Critical Need for Developer Access Security With the rise of digital transformation, overprivileged developer identities are increasingly targeted in attacks, often leading to prolonged breaches and data theft. Traditional standing access in cloud environments opens paths for attackers to misuse credentials, creating risk. CyberArk mitigates this by enabling JIT access, reducing the attack surface and safeguarding organizations from long-term breaches.
Developer-Centric Access for Enhanced Efficiency CyberArk recognizes the operational demands developers face. Developers can launch sessions natively, using their own federated identity across cloud services, APIs, and infrastructure without jump servers or extensive approvals. This seamless approach enhances productivity while preserving security.
Key Benefits for Developers Zero Standing Privileges (ZSP): Developers get temporary, session-based access without standing permissions, reducing unauthorized access risk while maintaining workflow continuity. Time, Entitlement, Approval (TEA) Model: CyberArk's TEA model ensures developers receive access when needed, minimizing delays in time-sensitive situations and restoring functionality faster. Attribute-Based Access Control (ABAC): Permissions are granted based on identity, role, and context, aligning with security requirements without compromising developer efficiency. Prioritizing Developer Experience CyberArks approach offers:
Native Tool Access: Developers use familiar tools like SSH clients and web consoles directly, reducing fatigue and allowing agile response times. Fast Incident Resolution: On-demand access for critical scenarios helps minimize downtime, accelerating issue resolution. Centralized Access Across Clouds: With a unified platform, developers manage access to all environments consistently, boosting speed and productivity. Empowering Developer Velocity and Security CyberArk enables a frictionless experience by securely granting JIT access, preventing delays in high-pressure situations. By allowing developers native access to cloud consoles, CyberArk reduces credential management burdens and risk, supporting developer velocity and secure innovation.
Adaptive Controls for Multi-Cloud Security CyberArk's Insight to Action framework centralizes oversight of access rights across cloud environments. Integrated with AWS IAM, AWS IAM Identity Center, Slack, and ServiceNow, it simplifies privilege management, enhancing both security and operational efficiency.
Protecting Against Identity-Based Threats CyberArk's ZSP and JIT access model ensures no standing credentials, reducing credential exposure and unauthorized access. Layered, identity-based controls help secure developer access without hindering productivity, empowering continuous innovation.
Measurable Benefits with CyberArk Secure Cloud Access Accelerated Cloud Transformation: Provides developers secure, JIT access to SaaS, APIs, and infrastructure in a unified, compliant platform. Efficient Compliance Management: Detailed audit trails and ITSM tool integrations ensure secure scaling and compliance. Enhanced Developer Efficiency: JIT access via the TEA model streamlines access, reducing delays and improving user experience. CyberArk: Secure, Fast Developer Access for Innovation The CyberArk Identity Security Platform ensures secure, JIT access at cloud speed, offering the only identity security solution with Zero Standing Privileges. It reduces attack risks, drives operational efficiency, and supports developer innovation.
For custom pricing or offers, contact AWS-Marketplace@cyberark.com .
Highlights
- Provide Temporary Elevated Access, Just-in-Time with Zero Standing Privileges to Resources across your cloud estate
- Secure, Native access requiring no change in workflow, tooling or configuration for end users. This is provided to accelerate adoption
- Access workflows provide a rapid and clear route to elevated entitlements with close integration to ITSM and ChatOps tooling
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Secure Developer Users, Standard Edition, QTY 5 users | Secure Cloud Access - 5 users: Multi-cloud, zero SP, CLI/web, monitor | $2,400.00 |
Vendor refund policy
Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ >
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ > Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ >
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By CyberArk
By BeyondTrust Corporation
By Barracuda Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Just-in-Time Access Provisioning
Delivers temporary, session-based access to cloud resources across AWS, Azure, and GCP environments without standing privileges, dynamically provisioning permissions when needed.
Zero Standing Privileges Architecture
Eliminates permanent elevated access by implementing zero standing privileges model, reducing credential exposure and unauthorized access risks across multi-cloud environments.
Attribute-Based Access Control
Grants permissions based on identity, role, and contextual attributes, enabling fine-grained access control aligned with security requirements.
Multi-Cloud Integration
Integrates with AWS IAM, AWS IAM Identity Center, Slack, and ServiceNow to provide centralized access management and oversight across multiple cloud environments.
Native Tool Access Support
Enables developers to use familiar tools such as SSH clients and web consoles directly without requiring jump servers or extensive approval workflows.
Centralized Identity and Access Visibility
Provides centralized view of identities, accounts, entitlements, and privileged access across IT estate with threat detection capabilities for compromised identities and privileged access misuse
Privileged Credential Management
Manages privileged passwords, accounts, credentials, secrets, and sessions for both human and machine identities with complete control and security enforcement
Least Privilege Enforcement
Enforces least privilege access dynamically across Windows, macOS, Unix, and Linux environments while preventing malware, phishing attacks, and controlling application execution
Cross-Cloud Entitlement Visibility
Delivers cross-cloud visibility of entitlements, detects account permission anomalies, and ensures access originates only from trusted sources with privilege right-sizing guidance
Granular Remote Access Control
Provides granular control, management, and auditing of remote privileged access for employees, vendors, developers, and cloud operations engineers with support for multiple device types and operating systems
Zero Trust Access Model
Implements rule-based and condition-based access control requiring continuous verification of user and device identity and trust before granting access to resources
Multi-Cloud and Hybrid Infrastructure Support
Provides secure remote access across AWS workloads, on-premises resources, and other cloud environments without requiring VPN
Conditional and Contextual Access Control
Delivers remote conditional and contextual access to resources with capability to reduce overprivileged access and associated third-party risks
Device and Endpoint Management
Supports instant provisioning of company-owned devices, employee-owned devices, and unmanaged contractor endpoints for remote access
Seamless Access Provisioning
Enables instant provisioning and seamless access experience for remote workers without requiring awareness of underlying zero trust security implementation
Standard contract
No
No
No
Customer reviews
Dinnepati Janindra
Secure access has protected cloud workloads and now simplifies compliant third party collaboration
Reviewed on Mar 19, 2026
Review from a verified AWS customer
What is our primary use case?
CyberArk Secure Cloud Access provides privileged account management for admin, secure admin, and root accounts across different platforms like Azure Cloud, AWS , and Google Cloud Platform. This privileged account management helps prevent misuse of credentials and mitigates security threats and protocol violations. We use it for remote secure access, secure work, and secure remote workforce access, which enables employees to connect to cloud applications without requiring a VPN by using multi-factor authentication.
Users can connect and work on applications, and we also use it for DevOps and secret management.
When we develop applications that should only be accessible by specific team members, we create a group for those particular team members and deploy privileges to give access only to group members. This ensures they can access only the tools and cloud access relevant to them, while others cannot log in or perform any actions on that particular cloud or VM.
We also use CyberArk Secure Cloud Access for granting temporary access to third-party vendors, such as clients we work with to check progress on particular tasks. These temporary accesses allow us to record the changes made by third-party vendors, capture audit trails, and record sessions, which helps us mitigate risks.
What is most valuable?
CyberArk Secure Cloud Access offers excellent features including compliance, auditing, application security, and multi-cloud access control. These are the best features I have appreciated in the product.
Regarding compliance and auditing capabilities, we need to capture everything, including who made a particular change, who is logged in, who has logged out, and who is currently working on any file. This feature helps us track all access and sessions and supports identifying whether any misuse or threats have occurred, making forensic investigations straightforward. Since implementing CyberArk Secure Cloud Access, we have initially encountered challenges in integrating all applications to make them secure. Once integration is complete, we are impressed with the progress and positive impact it has made on the organization. Only privileged users with access can use applications, preventing others from performing any actions or logging into particular apps or workplaces, which is one of the most beneficial developments in the current digital landscape.
There has been a noticeable reduction in security threats since implementation of CyberArk Secure Cloud Access. Previously, users could log in from mobile devices, but now they are restricted. Only organization-registered devices can perform actions or log into work applications or any VMs that users have access to.
What needs improvement?
CyberArk should address certain limitations. The initial implementation is very complex because it must integrate with different applications throughout the firm and requires skilled resources who have knowledge of integrating various applications with CyberArk Secure Cloud Access. The initial licensing and infrastructure costs are significantly higher compared to other products in the market.
The initial pricing is high, and this is an area that CyberArk needs to address since small organizations cannot use it because of the high infrastructure and implementation costs.
For how long have I used the solution?
I have been using CyberArk Secure Cloud Access for the last four years.
What do I think about the stability of the solution?
CyberArk Secure Cloud Access is stable.
What do I think about the scalability of the solution?
CyberArk Secure Cloud Access is highly scalable.
How are customer service and support?
CyberArk's customer support is very good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used Zscaler.
We switched from Zscaler to CyberArk Secure Cloud Access because Zscaler was not capable of handling the compliance and integrations we perform on our applications. We migrated to CyberArk Secure Cloud Access to better meet our needs.
How was the initial setup?
We did not evaluate other options. Based on market research, we found that CyberArk is one of the best products available, and we selected it for this reason.
What was our ROI?
There is a return on investment following implementation of CyberArk Secure Cloud Access. We have reduced dependency on the cybersecurity team since it does not provide access to third-party users unless specifically granted. Cyber threats have also been reduced, leading to a lower need for cybersecurity personnel.
Which other solutions did I evaluate?
We did not evaluate other options. Based on market research, we found that CyberArk is one of the best products available, and we selected it for this reason.
What other advice do I have?
The user experience is very good, and the only areas I mentioned earlier are those that need improvement.
I would suggest that CyberArk Secure Cloud Access is a must-try product for everyone when integrating new systems.
The product performs well, and no changes are required at this time. I give this review a rating of nine.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Radosław Szyszko
Modern access controls have simplified cloud demos and have supported dynamic CI/CD environments
Reviewed on Mar 10, 2026
Review provided by PeerSpot
What is our primary use case?
As a distributor, I sell CyberArk Secure Cloud Access to partners and then to customers. I don't have the products deployed in production. I maintain a lab that I use for presentations and demos. I have both on-premises and cloud infrastructure. I am in the channel chain for CyberArk Secure Cloud Access , purchasing it directly from the vendor.
What is most valuable?
Deploying CyberArk Secure Cloud Access is much better than the older CyberArk products. CyberArk has improved the user experience and admin experience significantly over the years. From my expertise, the lightweight nature of CyberArk Secure Cloud Access is the most important feature, as it does not consume as many resources as previous solutions and does not require extensive resources to deploy.
CyberArk Secure Cloud Access allows me to cover a number of scenarios in a very convenient way that was not convenient in traditional PAM vaulting. The use of dynamic role-based access controls enhances my customers' cloud security. This new approach is particularly effective for dynamic environments where traditional PAM requires significant effort to detect accounts, onboard accounts, and provide access rights. A dynamic version allows this process to happen in a smoother way with fewer administrative requirements. This approach is especially valuable for modern environments, particularly CI/CD environments.
What needs improvement?
The customization of CyberArk Secure Cloud Access could be improved because I found scenarios where I could not provide the correct configuration due to insufficient options available. I understand the approach that keeping it simple makes it easier to deploy in general, but additional customization capabilities would be beneficial.
Real-time monitoring with CyberArk Secure Cloud Access is missing some features that I believe are on the roadmap, such as AI-generated descriptions of events and summarization of events. These features would be particularly helpful for SOC analysis and are important for SOC members.
The audit trail in the past was not very informative and requires improvements. I believe this is the reason why AI enrichment was prioritized in development.
For how long have I used the solution?
I have been using CyberArk solutions for ten years. CyberArk Secure Cloud Access has existed for approximately four or five years.
How are customer service and support?
Technical support from CyberArk is quite good sometimes, but it depends on who I meet on the first line. I would rate it between six and seven out of ten. It is quite good, but there are some issues.
How was the initial setup?
Implementation of CyberArk Secure Cloud Access is quite straightforward. The basic installation of CyberArk Secure Cloud Access takes mostly a couple of hours.
What other advice do I have?
Cloud providers are chosen by my customers, but in my region, Microsoft is more popular. CyberArk's mindset is to be the best in the market, but being the best in the market requires a high price to maintain quality and attract customers. Sometimes if the price is too high, CyberArk loses deals, but I see that it is a success in the market. The price is high, and if it could be lower, I could generate better business.
CyberArk Secure Cloud Access is a good product that is well positioned in the market as an enhancement that provides new possibilities beyond the classical PAM solution, for which CyberArk is most recognizable with its classical on-premises PAM. This new approach is valuable for modern environments. I rate this review overall as eight out of ten.
Ronald Paz
Zero trust access has reduced privileged risk and improves audit readiness
Reviewed on Feb 24, 2026
Review from a verified AWS customer
What is our primary use case?
My primary use case for CyberArk Secure Cloud Access is secure remote access to cloud infrastructure, least privilege enforcement, and identity-centric Zero Trust architecture.
I use CyberArk Secure Cloud Access to enforce Zero Trust access control for administrator access to Azure management consoles and cloud applications.
Just-in-Time privileged access, federated identity with policy-based conditional access, session monitoring, and audit logging are additional aspects of my use case for CyberArk Secure Cloud Access.
What is most valuable?
The best feature of CyberArk Secure Cloud Access is Just-in-Time privileged access with policy-based conditional controls.
Just-in-Time privileged access and policy-based conditional controls have made my work easier and more secure by eliminating standing privilege instead of granting permanent administrative roles. This makes access time-bound, approval based on need, logged, and audited, which reduced our privileged account exposure window by more than 60%.
CyberArk Secure Cloud Access significantly improved compliance reporting. It has positively impacted my organization in several ways, including reducing the attack surface, improving regulatory audit outcomes, and enabling faster onboarding of cloud administrators.
I have reduced privileged access review cycles from quarterly manual reviews to automated policy enforcement, which has helped reduce the attack surface and improve audit outcomes.
What needs improvement?
Improvements to CyberArk Secure Cloud Access could include deeper native integration with additional cloud-native security platforms, more granular reporting dashboards, and an improved user experience for occasional administrative users.
The platform is powerful, but I note that initial policy tuning requires maturity in IAM governance.
For how long have I used the solution?
I have been using CyberArk Secure Cloud Access for two years.
What do I think about the stability of the solution?
CyberArk Secure Cloud Access is stable.
What do I think about the scalability of the solution?
Regarding scalability, CyberArk Secure Cloud Access has a cloud-native architecture and maintains good performance.
How are customer service and support?
I do not have problems with customer support; it is good.
What was our ROI?
I have seen a measurable return on investment with CyberArk Secure Cloud Access, evidenced by a 60% reduction in standing privileged accounts, 40% faster privileged access approvals, and reduced audit findings related to privileged access.
What's my experience with pricing, setup cost, and licensing?
In my opinion, the pricing is enterprise-oriented in a subscription-based model, scaling per user workload, and the setup requires identity integration and a policy design workshop.
What other advice do I have?
In my experience, for those looking into using CyberArk Secure Cloud Access, I advise starting with a privileged access baseline, aligning it to a Zero Trust strategy, involving cloud and DevOps teams early, defining clear governance KPIs, and planning for policy tuning and iteration. I would rate this solution an 8.
reviewer2803671
Building a managed cyber defense service has become seamless and supports zero-trust access
Reviewed on Feb 19, 2026
Review from a verified AWS customer
What is our primary use case?
I worked on Fortinet before, and now I am working on an altogether different vendor ecosystem that focuses more on Cybersecurity Operations Center . I currently work with IBM QRadar , CyberArk Secure Cloud Access , and a few other cybersecurity vendors.
I use these tools for my own service operating model. I am currently building a managed security services provider where I use these tools for building my security operations center and helping enterprise customers fight against cyber threats and build resilience.
I use this solution for providing zero-trust network access and application security to cloud-based workloads.
What is most valuable?
Their presence in the European market and the cloud-based SaaS consumption model is the most exciting aspect for customers.
Their claims are quite promising, and their risk score rating for different cyber threats is particularly exciting so that customers can gauge the impact of cyber threats and prioritize their remediation efforts.
For integration with SIEM , they have a good telemetry ecosystem that can be forwarded using syslog and API-based integration. This unified telemetry ecosystem allows SIEM to ingest logs and events seamlessly.
What needs improvement?
The efficacy of the solution is more or less specific to particular use cases rather than generic use cases. The solution is quite good, but it may not be applicable for all scenarios. For cloud workloads on a hyperscaler, this solution is sufficient. However, for specific use cases and how enterprises are using hybrid multicloud scenarios, the solution requires more flexibility in deployment and needs to have its efficacy tested in a hybrid multicloud scenario.
Role-based access control is not going to enhance cyber resilience, but it is more for the efficacy and optimization of resources that manage cyber resilience programs.
This product should be made available in various clouds in India because India now has the DPDP compliance requirement so that data from India-based deployments or India-based customers remains in India. This way, they can make these tools available widely on all hyperscaler cloud ecosystems in India so that enterprises can use them while keeping their compliance requirements in mind.
For how long have I used the solution?
I have been using this solution for a few months.
What do I think about the stability of the solution?
I have conducted only theoretical and a little bit of practical evaluation. I have not deployed this in production, so I cannot comment on the stability of the platform because I have not used it for my production workload or in my lab workload. I conducted a theoretical evaluation and performed a few tests. I cannot comment on stability based on my experience.
What do I think about the scalability of the solution?
I have not encountered any scalability issues. Usually, these cloud platforms are built with elastic scale in mind, so I do not think the platform will hit any scalability issues.
How was the initial setup?
The setup is straightforward. Nowadays every SaaS solution is designed and architected with the understanding that deployment is intuitive, and even with moderate skills, an engineer can deploy it seamlessly.
Which other solutions did I evaluate?
Technically, the solution matches the offerings from different service providers. In that way, I think they are quite competitive. However, this is use case specific for workloads hosted on a public cloud. I think this is a promising platform.
What other advice do I have?
CyberArk Secure Cloud Access is a good and promising solution, but the efficacy of the solution is more or less specific to particular use cases rather than generic use cases.
Isaac-Hammond
Privileged access has gained full audit trails and now provides real-time accountability
Reviewed on Feb 17, 2026
Review provided by PeerSpot
What is our primary use case?
Privileged access management, governance, and audit are the primary use cases for CyberArk Secure Cloud Access . For audit and governance purposes, you want visibility into who accesses what, at what time, and what they do. When deploying CyberArk Secure Cloud Access , you gain this visibility. If you need to audit something that has already happened, CyberArk Secure Cloud Access can help you understand who performed an action. For example, if a database administrator logged into a device or operating system via SSH, CyberArk Secure Cloud Access monitors the person so you know exactly what they did. If there is downtime caused by human error, perhaps a configurational error by a networking administrator, the PAM solution can help you understand that Isaac performed this action at this specific time and that action caused the downtime.
CyberArk Secure Cloud Access also prevents risks because you must go through the platform to access the environment, which limits your risk surface area and reduces risk overall. There are many reasons that organizations deploy CyberArk Secure Cloud Access. Some deploy it because it is part of their policy or standard, others deploy it for risk reduction, and others deploy it because they want to audit what their people are doing and manage their metrics.
What is most valuable?
Dynamic role-based access enhancement increases security based on user IDs and identification. You map users to applications by taking the application ID and user ID. Dynamic role-based access helps you identify which user is accessing what, with what device, at what time, and the level of access the person has for doing what they are doing.
Audit trails are the main functionality of CyberArk Secure Cloud Access. By monitoring the privileged activities that are occurring, CyberArk Secure Cloud Access gives you visibility and insight while mapping every log and providing meaning to the logs of whatever is happening. There is even live recording of whatever you are doing. When you log into a system, CyberArk Secure Cloud Access monitors the activities you are performing. If you log into a Windows operating system and access applications, it continuously records until you log out of the system and saves that recording.
What needs improvement?
CyberArk Secure Cloud Access involves substantial effort when performing on-premises deployments. The SaaS or cloud version is less time-consuming compared to the on-premises deployment. With on-premises deployment, you must do a great deal, including spinning up the infrastructure itself and adding it to the HSM before integrating or onboarding where you want to control through PAM. This requires significant human resources.
The deployment complexity may not be entirely accurate in my assessment because it has been a while since I left the engineering aspect and moved into more managerial roles. Before, when I was using it, too many components were involved in CyberArk Secure Cloud Access deployment. You need to understand every component because the least mistake results in being completely locked out of the system. Having too many components makes the deployment difficult and is not easy to understand. You have to be technically inclined to perform the deployment successfully.
For how long have I used the solution?
I used the solution since 2019.
What do I think about the stability of the solution?
CyberArk Secure Cloud Access operates in real-time for monitoring purposes. You must go through CyberArk Secure Cloud Access to access what you want to access. If CyberArk Secure Cloud Access is down, you cannot access anything, which is a double-edged sword. It becomes more secure overall, but when that security measure is not in place, you cannot access your environment. This is especially problematic when using a trial version of the license. If the trial license expires before you activate your product, that becomes a significant problem.
What do I think about the scalability of the solution?
The scalability of CyberArk Secure Cloud Access depends on the organization and how large the organization is for which you are onboarding or deploying the solution. If you have extensive infrastructure, then CyberArk Secure Cloud Access takes considerable effort to implement. However, if you have a small to medium-sized enterprise, you can typically complete your deployment in roughly a week.
How are customer service and support?
We were partners and a Tier 1 partner with CyberArk Secure Cloud Access, so the support was very high. I even know the regional engineer for CyberArk Secure Cloud Access for both West Africa and East Africa. The support was really excellent. We could log cases and receive help. We could jump on a session with an engineer to assist us. As long as you have a license from them, the support is available during deployment. The level of support depends on the kind of support you have. Because we were a Tier 1 partner with CyberArk Secure Cloud Access, the support was excellent. They have even come down to Ghana to provide support.
What other advice do I have?
CyberArk Secure Cloud Access has vast out-of-the-box integration interfaces. It integrates into almost everything within the enterprise infrastructure. I would rate this review an 8 overall.