Sold by: CyberArk
Deployed on AWS
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
4.6
Overview
CyberArk Secure Cloud Access, part of the CyberArk Identity Security Platform, delivers Just-in-Time (JIT) access with zero standing privileges, allowing developers secure access across AWS, Azure, and GCP environments without interruption. Designed with a developer-friendly approach, CyberArk dynamically provisions access to reduce risk and maintain developer productivity.
The Critical Need for Developer Access Security With the rise of digital transformation, overprivileged developer identities are increasingly targeted in attacks, often leading to prolonged breaches and data theft. Traditional standing access in cloud environments opens paths for attackers to misuse credentials, creating risk. CyberArk mitigates this by enabling JIT access, reducing the attack surface and safeguarding organizations from long-term breaches.
Developer-Centric Access for Enhanced Efficiency CyberArk recognizes the operational demands developers face. Developers can launch sessions natively, using their own federated identity across cloud services, APIs, and infrastructure without jump servers or extensive approvals. This seamless approach enhances productivity while preserving security.
Key Benefits for Developers Zero Standing Privileges (ZSP): Developers get temporary, session-based access without standing permissions, reducing unauthorized access risk while maintaining workflow continuity. Time, Entitlement, Approval (TEA) Model: CyberArk's TEA model ensures developers receive access when needed, minimizing delays in time-sensitive situations and restoring functionality faster. Attribute-Based Access Control (ABAC): Permissions are granted based on identity, role, and context, aligning with security requirements without compromising developer efficiency. Prioritizing Developer Experience CyberArks approach offers:
Native Tool Access: Developers use familiar tools like SSH clients and web consoles directly, reducing fatigue and allowing agile response times. Fast Incident Resolution: On-demand access for critical scenarios helps minimize downtime, accelerating issue resolution. Centralized Access Across Clouds: With a unified platform, developers manage access to all environments consistently, boosting speed and productivity. Empowering Developer Velocity and Security CyberArk enables a frictionless experience by securely granting JIT access, preventing delays in high-pressure situations. By allowing developers native access to cloud consoles, CyberArk reduces credential management burdens and risk, supporting developer velocity and secure innovation.
Adaptive Controls for Multi-Cloud Security CyberArk's Insight to Action framework centralizes oversight of access rights across cloud environments. Integrated with AWS IAM, AWS IAM Identity Center, Slack, and ServiceNow, it simplifies privilege management, enhancing both security and operational efficiency.
Protecting Against Identity-Based Threats CyberArk's ZSP and JIT access model ensures no standing credentials, reducing credential exposure and unauthorized access. Layered, identity-based controls help secure developer access without hindering productivity, empowering continuous innovation.
Measurable Benefits with CyberArk Secure Cloud Access Accelerated Cloud Transformation: Provides developers secure, JIT access to SaaS, APIs, and infrastructure in a unified, compliant platform. Efficient Compliance Management: Detailed audit trails and ITSM tool integrations ensure secure scaling and compliance. Enhanced Developer Efficiency: JIT access via the TEA model streamlines access, reducing delays and improving user experience. CyberArk: Secure, Fast Developer Access for Innovation The CyberArk Identity Security Platform ensures secure, JIT access at cloud speed, offering the only identity security solution with Zero Standing Privileges. It reduces attack risks, drives operational efficiency, and supports developer innovation.
For custom pricing or offers, contact AWS-Marketplace@cyberark.com .
Highlights
- Provide Temporary Elevated Access, Just-in-Time with Zero Standing Privileges to Resources across your cloud estate
- Secure, Native access requiring no change in workflow, tooling or configuration for end users. This is provided to accelerate adoption
- Access workflows provide a rapid and clear route to elevated entitlements with close integration to ITSM and ChatOps tooling
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Secure Developer Users, Standard Edition, QTY 5 users | Secure Cloud Access - 5 users: Multi-cloud, zero SP, CLI/web, monitor | $2,400.00 |
Vendor refund policy
Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ >
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ > Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ >
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By CyberArk
By BeyondTrust Corporation
By Barracuda Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Just-in-Time Access Provisioning
Delivers temporary, session-based access to cloud resources across AWS, Azure, and GCP environments without standing privileges, dynamically provisioning permissions when needed.
Zero Standing Privileges Architecture
Eliminates permanent elevated access by implementing zero standing privileges model, reducing credential exposure and unauthorized access risks across multi-cloud environments.
Attribute-Based Access Control
Grants permissions based on identity, role, and contextual attributes, enabling fine-grained access control aligned with security requirements.
Multi-Cloud Integration
Integrates with AWS IAM, AWS IAM Identity Center, Slack, and ServiceNow to provide centralized access management and oversight across multiple cloud environments.
Native Tool Access Support
Enables developers to use familiar tools such as SSH clients and web consoles directly without requiring jump servers or extensive approval workflows.
Centralized Identity and Access Visibility
Provides centralized view of identities, accounts, entitlements, and privileged access across IT estate with threat detection capabilities for compromised identities and privileged access misuse
Privileged Credential Management
Manages privileged passwords, accounts, credentials, secrets, and sessions for both human and machine identities with complete control and security enforcement
Least Privilege Enforcement
Enforces least privilege access dynamically across Windows, macOS, Unix, and Linux environments while preventing malware, phishing attacks, and controlling application execution
Cross-Cloud Entitlement Visibility
Delivers cross-cloud visibility of entitlements, detects account permission anomalies, and ensures access originates only from trusted sources with privilege right-sizing guidance
Granular Remote Access Control
Provides granular control, management, and auditing of remote privileged access for employees, vendors, developers, and cloud operations engineers with support for multiple device types and operating systems
Zero Trust Access Model
Implements rule-based and condition-based access control requiring continuous verification of user and device identity and trust before granting access to resources
Multi-Cloud and Hybrid Infrastructure Support
Provides secure remote access across AWS workloads, on-premises resources, and other cloud environments without requiring VPN
Conditional and Contextual Access Control
Delivers remote conditional and contextual access to resources with capability to reduce overprivileged access and associated third-party risks
Device and Endpoint Management
Supports instant provisioning of company-owned devices, employee-owned devices, and unmanaged contractor endpoints for remote access
Seamless Access Provisioning
Enables instant provisioning and seamless access experience for remote workers without requiring awareness of underlying zero trust security implementation
Standard contract
No
No
No
Customer reviews
reviewer2803671
Building a managed cyber defense service has become seamless and supports zero-trust access
Reviewed on Feb 19, 2026
Review from a verified AWS customer
What is our primary use case?
I worked on Fortinet before, and now I am working on an altogether different vendor ecosystem that focuses more on Cybersecurity Operations Center . I currently work with IBM QRadar , CyberArk Secure Cloud Access , and a few other cybersecurity vendors.
I use these tools for my own service operating model. I am currently building a managed security services provider where I use these tools for building my security operations center and helping enterprise customers fight against cyber threats and build resilience.
I use this solution for providing zero-trust network access and application security to cloud-based workloads.
What is most valuable?
Their presence in the European market and the cloud-based SaaS consumption model is the most exciting aspect for customers.
Their claims are quite promising, and their risk score rating for different cyber threats is particularly exciting so that customers can gauge the impact of cyber threats and prioritize their remediation efforts.
For integration with SIEM , they have a good telemetry ecosystem that can be forwarded using syslog and API-based integration. This unified telemetry ecosystem allows SIEM to ingest logs and events seamlessly.
What needs improvement?
The efficacy of the solution is more or less specific to particular use cases rather than generic use cases. The solution is quite good, but it may not be applicable for all scenarios. For cloud workloads on a hyperscaler, this solution is sufficient. However, for specific use cases and how enterprises are using hybrid multicloud scenarios, the solution requires more flexibility in deployment and needs to have its efficacy tested in a hybrid multicloud scenario.
Role-based access control is not going to enhance cyber resilience, but it is more for the efficacy and optimization of resources that manage cyber resilience programs.
This product should be made available in various clouds in India because India now has the DPDP compliance requirement so that data from India-based deployments or India-based customers remains in India. This way, they can make these tools available widely on all hyperscaler cloud ecosystems in India so that enterprises can use them while keeping their compliance requirements in mind.
For how long have I used the solution?
I have been using this solution for a few months.
What do I think about the stability of the solution?
I have conducted only theoretical and a little bit of practical evaluation. I have not deployed this in production, so I cannot comment on the stability of the platform because I have not used it for my production workload or in my lab workload. I conducted a theoretical evaluation and performed a few tests. I cannot comment on stability based on my experience.
What do I think about the scalability of the solution?
I have not encountered any scalability issues. Usually, these cloud platforms are built with elastic scale in mind, so I do not think the platform will hit any scalability issues.
How was the initial setup?
The setup is straightforward. Nowadays every SaaS solution is designed and architected with the understanding that deployment is intuitive, and even with moderate skills, an engineer can deploy it seamlessly.
Which other solutions did I evaluate?
Technically, the solution matches the offerings from different service providers. In that way, I think they are quite competitive. However, this is use case specific for workloads hosted on a public cloud. I think this is a promising platform.
What other advice do I have?
CyberArk Secure Cloud Access is a good and promising solution, but the efficacy of the solution is more or less specific to particular use cases rather than generic use cases.
Isaac-Hammond
Privileged access has gained full audit trails and now provides real-time accountability
Reviewed on Feb 17, 2026
Review provided by PeerSpot
What is our primary use case?
Privileged access management, governance, and audit are the primary use cases for CyberArk Secure Cloud Access . For audit and governance purposes, you want visibility into who accesses what, at what time, and what they do. When deploying CyberArk Secure Cloud Access , you gain this visibility. If you need to audit something that has already happened, CyberArk Secure Cloud Access can help you understand who performed an action. For example, if a database administrator logged into a device or operating system via SSH, CyberArk Secure Cloud Access monitors the person so you know exactly what they did. If there is downtime caused by human error, perhaps a configurational error by a networking administrator, the PAM solution can help you understand that Isaac performed this action at this specific time and that action caused the downtime.
CyberArk Secure Cloud Access also prevents risks because you must go through the platform to access the environment, which limits your risk surface area and reduces risk overall. There are many reasons that organizations deploy CyberArk Secure Cloud Access. Some deploy it because it is part of their policy or standard, others deploy it for risk reduction, and others deploy it because they want to audit what their people are doing and manage their metrics.
What is most valuable?
Dynamic role-based access enhancement increases security based on user IDs and identification. You map users to applications by taking the application ID and user ID. Dynamic role-based access helps you identify which user is accessing what, with what device, at what time, and the level of access the person has for doing what they are doing.
Audit trails are the main functionality of CyberArk Secure Cloud Access. By monitoring the privileged activities that are occurring, CyberArk Secure Cloud Access gives you visibility and insight while mapping every log and providing meaning to the logs of whatever is happening. There is even live recording of whatever you are doing. When you log into a system, CyberArk Secure Cloud Access monitors the activities you are performing. If you log into a Windows operating system and access applications, it continuously records until you log out of the system and saves that recording.
What needs improvement?
CyberArk Secure Cloud Access involves substantial effort when performing on-premises deployments. The SaaS or cloud version is less time-consuming compared to the on-premises deployment. With on-premises deployment, you must do a great deal, including spinning up the infrastructure itself and adding it to the HSM before integrating or onboarding where you want to control through PAM. This requires significant human resources.
The deployment complexity may not be entirely accurate in my assessment because it has been a while since I left the engineering aspect and moved into more managerial roles. Before, when I was using it, too many components were involved in CyberArk Secure Cloud Access deployment. You need to understand every component because the least mistake results in being completely locked out of the system. Having too many components makes the deployment difficult and is not easy to understand. You have to be technically inclined to perform the deployment successfully.
For how long have I used the solution?
I used the solution since 2019.
What do I think about the stability of the solution?
CyberArk Secure Cloud Access operates in real-time for monitoring purposes. You must go through CyberArk Secure Cloud Access to access what you want to access. If CyberArk Secure Cloud Access is down, you cannot access anything, which is a double-edged sword. It becomes more secure overall, but when that security measure is not in place, you cannot access your environment. This is especially problematic when using a trial version of the license. If the trial license expires before you activate your product, that becomes a significant problem.
What do I think about the scalability of the solution?
The scalability of CyberArk Secure Cloud Access depends on the organization and how large the organization is for which you are onboarding or deploying the solution. If you have extensive infrastructure, then CyberArk Secure Cloud Access takes considerable effort to implement. However, if you have a small to medium-sized enterprise, you can typically complete your deployment in roughly a week.
How are customer service and support?
We were partners and a Tier 1 partner with CyberArk Secure Cloud Access, so the support was very high. I even know the regional engineer for CyberArk Secure Cloud Access for both West Africa and East Africa. The support was really excellent. We could log cases and receive help. We could jump on a session with an engineer to assist us. As long as you have a license from them, the support is available during deployment. The level of support depends on the kind of support you have. Because we were a Tier 1 partner with CyberArk Secure Cloud Access, the support was excellent. They have even come down to Ghana to provide support.
How would you rate customer service and support?
Negative
What other advice do I have?
CyberArk Secure Cloud Access has vast out-of-the-box integration interfaces. It integrates into almost everything within the enterprise infrastructure. I would rate this review an 8 overall.
Manojkumar Reddy
Centralized cloud access has strengthened identity control and simplified keyless logins
Reviewed on Feb 10, 2026
Review from a verified AWS customer
What is our primary use case?
CyberArk Secure Cloud Access is our primary solution for access identity management across different cloud platforms including AWS , Azure , and Google.
A specific example of how I use CyberArk Secure Cloud Access for access identity management across cloud platforms is when a developer signs in with their company identity and receives the appropriate permissions across the Azure cloud platform. Previously, the company was unable to track the changes or determine who logged into the virtual machines. CyberArk Secure Cloud Access enables access identity management that allows users to check what changes they have made, who has made changes, who has access, and audit trails can be easily tracked.
We use CyberArk Secure Cloud Access as one identity provider for cloud IAM roles and for different users. For example, a DevOps user builds pipelines that run twenty-four seven. Whenever someone updates the pipeline, runs the pipeline, or makes changes to the pipeline, it becomes easy to track who has made the changes. Another use case is that people outside of the organization cannot access the pipelines or anything deployed in CyberArk.
What is most valuable?
The best feature of CyberArk Secure Cloud Access is that private keys can be configured once and users can log in using CyberArk credentials. Instead of providing the private key every time into the system, it is not needed. With CyberArk, we do not require it and can directly use CyberArk credentials to access the virtual machines or run the pipelines.
Using CyberArk credentials instead of private keys has made things easier for our team because previously every user had to remember the private key and store it somewhere else and insert it whenever they attempted to log into the server. This was cumbersome. Instead, organizations use CyberArk to configure the private keys, which helps because it is no longer required for users to store it on their system or somewhere else to maintain security. This additionally prevents users without access to the server from logging in.
This feature of CyberArk Secure Cloud Access also reduces time and dependency on other people. Once a user is given access, they can be tracked anytime and anywhere. Access is revocable whenever people leave the organization.
CyberArk Secure Cloud Access has positively impacted our organization because we have observed many changes. One significant impact is that since implementing it, the dependency on people has drastically been reduced. Additionally, we do not need to log in or store the private keys every time as they can be automatically configured.
What needs improvement?
I do not think there are many improvements needed for CyberArk Secure Cloud Access. As of now, the configurations done to CyberArk are excellent and up to the mark.
One small thing I think could be made better or easier to use in CyberArk Secure Cloud Access is that it is continuously evolving. I do not think there are many improvements needed as it is now aligned with industry standards. As the AI generation is evolving continuously, whenever a user mistakenly provides any secure data into AI, that prevention needs to be handled in CyberArk, possibly in future scenarios.
For how long have I used the solution?
I have been using CyberArk Secure Cloud Access for the last two years.
What do I think about the stability of the solution?
CyberArk Secure Cloud Access is very stable.
What do I think about the scalability of the solution?
CyberArk Secure Cloud Access is highly scalable.
How are customer service and support?
The customer support for CyberArk Secure Cloud Access is pretty good.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
We had not used a solution previously. Once there was a breach in the organization, that is when the company attempted to implement secure access management.
When we were looking for products that provide secure access management to the organization, we moved directly to CyberArk Secure Cloud Access after the breach because we found that CyberArk is the most valued product.
We were using a single sign-on login, but that does not align with the industry standards now, which led us to choose CyberArk Secure Cloud Access.
How was the initial setup?
The experience with pricing, setup cost, and licensing for CyberArk Secure Cloud Access is that the setup cost initially will be higher as it needs to be integrated with different applications that the organization has. The initial setup cost may increase, but in the long run, that will drastically decrease.
What was our ROI?
I definitely would like to share the relevant metrics regarding the return on investment. We have seen a lot of time saved instead of saving the private keys over the system, which can be configured to CyberArk. Additionally, we have money saved in the long run on infrastructure costs. Fewer employees are needed for certain tasks, though it does require people to maintain the security policies and all those aspects that need to be upgraded every time.
What's my experience with pricing, setup cost, and licensing?
The experience with pricing, setup cost, and licensing for CyberArk Secure Cloud Access is that the setup cost initially will be higher as it needs to be integrated with different applications that the organization has. The initial setup cost may increase, but in the long run, that will drastically decrease. Additionally, pricing is aligned with industry standards.
Which other solutions did I evaluate?
Before choosing CyberArk Secure Cloud Access, we evaluated other options such as Okta single sign-on, but that does not have much value, so we chose CyberArk.
What other advice do I have?
My advice to others looking into using CyberArk Secure Cloud Access is that it is a must-go product if they want to have a secure platform and secure product, and integrate it with the different products that the organization is using or virtual machines. Whether it is a SaaS, PaaS, or IaaS , CyberArk is one of the market leaders and is a definite go. I would rate this product a ten out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
AtulGujar
Ensures high availability and robust security for critical sectors
Reviewed on Apr 07, 2025
Review from a verified AWS customer
What is our primary use case?
I use CyberArk Secure Cloud Access for managing privileged access and maintaining security. My work involves secure tunnels between on-premises and the cloud. I create secure environments using VPN, CPM , and PSM servers both on-premises and in the cloud, and handle installations and configurations across a variety of systems including physical, cluster, and virtual servers.
What is most valuable?
CyberArk Secure Cloud Access offers high availability, ensuring no downtime as it is cloud-based. The solution provides robust security features essential for financial and banking sectors to avoid network and connectivity issues or security breaches. CyberArk's integration capability is highly valuable, as it allows seamless management of privileged accounts across various databases, network devices, and operating systems, unlike other products that require additional API development.
What needs improvement?
CyberArk Secure Cloud Access has limitations in support for on-premise teams. When issues arise with the VPN portal or the frontend, the admin team must directly engage the vendor, which can be time-consuming. It is important for critical support to respond within fifteen to twenty minutes to minimize business impact.
For how long have I used the solution?
I have been using CyberArk products for over eight years. My experience covers several versions, most recently from version 10.5 to the latest 14.4, and I have been involved in the total implementation, installation, and configuration for more than forty clients.
What was my experience with deployment of the solution?
Technically, CyberArk's deployment is efficient, but sometimes for critical cases, the response time can be delayed. There is a need for immediate vendor support in urgency, especially for severe issues that impact the business significantly.
What do I think about the stability of the solution?
CyberArk Secure Cloud Access ensures high availability with its cloud infrastructure, minimizing downtime. It is highly stable and reliable.
How are customer service and support?
The technical support from CyberArk is generally good. They adhere to SLAs, and most issues are resolved effectively. However, for critical cases, support response needs to be quicker. Sometimes, contacting the right team for severe issues can take longer than preferred.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of CyberArk Secure Cloud Access is straightforward, given its proactive communication and support in terms of providing updates and new features regularly through client conferences.
What about the implementation team?
I am involved in implementing and configuring CyberArk across numerous setups, including integrating it with third-party solutions like Qualys and SailPoint.
What's my experience with pricing, setup cost, and licensing?
I am not directly involved in pricing aspects, but I am aware that CyberArk is considered costly compared to other products. Nonetheless, its comprehensive security and functionality justify its price.
What other advice do I have?
Overall, I would rate CyberArk Secure Cloud Access around eight or nine. I recommend CyberArk Secure Cloud Access because it offers unmatched security features, essential for critical sectors like finance and banking, despite being more expensive than other solutions. I give it a rating of 8 out of 10.
Information Services
Best PAM based Application
Reviewed on Jan 29, 2025
Review provided by G2
What do you like best about the product?
The security of the accounts, safes or servers with user friendly GUI.
What do you dislike about the product?
More features to be added to the new GUI
What problems is the product solving and how is that benefiting you?
It is helping users secure there servers and privelege access to those servers as management application.