The main use case for CyberArk Secrets Management is application integrations and the CI and CD part. In CyberArk Secrets Management, there are a variety of tools that they cover, one being the Credential Provider, another the Central Credential Provider, and then there is ACP, along with Conjur. Excluding Conjur, we are using those three methodologies, which cover use cases for user-to-machine as well as machine-to-machine. For user-to-machine use cases, if there is any kind of secret being used by users, we use the Credential Provider to manage those secrets, and Secret Manager also exposes some APIs for machine-to-machine use cases in the customer environment. The named features are used for user-to-machine and machine-to-machine use cases.
CyberArk DevSecOps
CyberArkExternal reviews
External reviews are not included in the AWS star rating for the product.
Provides secure secret management with granular controls and professional support
What is our primary use case?
What is most valuable?
The granular controls of CyberArk Secrets Management are very niche in their development and very secure from the overall secret management perspective, offering high-level functionalities where we have control over user access, which can be tracked and monitored. There are sessions that get monitored and audited, representing the major features within CyberArk that combine with this Secret Manager.
In terms of discovering secrets, CyberArk provides two types of functionalities. One is a separate tool called the DNA tool that discovers overall secrets within the customer enterprise, and they publish a dashboard that needs discussion with the customer. Post the DNA tool discovery and analysis, CyberArk portal has an auto-discovery tool that facilitates quick onboarding based on customer discussion.
CyberArk Secrets Management is the best tool used in the healthcare industry as it comes with HIPAA compliance, which is already available in the CyberArk portal. That is why, atop the Gartner tool, CyberArk is preferred, although from a commercial perspective, it is not a cheap solution, and customers must pay a significant price.
What needs improvement?
The tool is very good, but the commercialized training, which is paid, could be improved. Regularizing those trainings as part of a global alliance between the customer, SI partner, and CyberArk would be more profitable, allowing relevant SMEs to be trained better. There are training courses available that sometimes provide coupons on a yearly basis. If those coupons increase from about 10 to 20 people, it would provide better opportunities for SI partners Tech Mahindra to train resources and gain visibility with customers. There are indeed paid training courses for partners, and while they shouldn't be entirely free, the coupons can make them free. Increasing those coupons would allow more resources to be trained rather than limiting them to just two or three.
For how long have I used the solution?
I have been working with CyberArk Secrets Management for around 2.5 years overall.
What do I think about the stability of the solution?
From a stability perspective, it is fine as long as the architecture is well-designed and reviewed by CyberArk, making it pretty stable.
What do I think about the scalability of the solution?
CyberArk Secrets Management is very much horizontally scalable; it's a plug-and-play system once the installation is completed.
How are customer service and support?
CyberArk support is absolutely professional. There is dedicated support with defined SLAs, and for any architectural discussions, we can reach out for professional services, which has a good and standard support system.
How would you rate customer service and support?
Positive
What about the implementation team?
Once CyberArk is fully integrated, there is a standard SOP that differs from customer to customer, allowing compliance issues to be mitigated quickly. It depends on the delivery team because CyberArk provides everything within the dashboard, along with REST APIs to easily handle respective non-compliance parts quickly.
What's my experience with pricing, setup cost, and licensing?
One of the CPL licenses costs around 60 to 80k GBP.
What other advice do I have?
CyberArk Secrets Management is aimed at reducing meantime to detect, but one must be well-versed in the functionalities such as discovery, onboarding, and regular compliance activities that need to be extracted on a quarterly or monthly basis. CyberArk was already deployed with this healthcare customer. It just involved a different SI partner rather than Tech Mahindra who were not very skilled in that area.
There is a significant focus on automation and AI to expedite operations, optimizing the current BAU team toward compliance. CyberArk offers online training, some freely available, some paid, which upon completion, helps understand every aspect of Secret Manager to assist customers in meeting compliance needs.
Integration totally depends on the use case, and discussions should be had first regarding the specific needs. Once defined, complexity depends on the defined use case; if it is simple, it is easy. But if different use cases arise requiring APIs, then there is some effort from the customer's side.
It is effective in protecting against ransomware attacks. CyberArk components are hardened, and they provide a threat analytics tool called PTA, Privileged Threat Analytics. This tool offers a dashboard where restrictive policies can be enforced to block unauthorized commands. It is crucial to architect the system correctly, placing CyberArk components behind firewalls and in different domains, ensuring stability against cyber attacks.
I would recommend that anyone planning to use CyberArk Secrets Management ensure they have the requisite training on that particular Secret Manager, as it incorporates various components such as CP, CCP, ACP, Conjur, and more. In healthcare, I cannot confirm fines being avoided, but in telecom, they are avoiding fines under the stringent guidelines of the Telecom Security Act in the UK. CyberArk is the preferred tool for meeting all TSA requirements and is widely used among telecom operators in the UK. I rate CyberArk Secrets Management solution as a nine out of ten.
Helps with compliance and improves operational flexibility
What is our primary use case?
We own a robotic process automation platform called UiPath. We use CyberArk Secrets Management to bring the credentials into robotic process automation for the bots during runtime.
How has it helped my organization?
With CyberArk Secrets Management, we were able to resolve the automatic change of the passwords based on timelines. We were also able to retrieve the passwords in an encrypted format by utilizing the CyberArk platform, which was not provided to us by UiPath.
Moving CyberArk Secrets Management from on-premise to a SaaS model has improved flexibility and reduced server utilization. It gives us more flexibility to interact with other platforms.
What is most valuable?
The automatic rotation of the password is the top feature. The integration with the platform allows for a direct change of the password. No one sees the passwords while resetting or upgrading them. The automatic rotation of passwords is crucial.
What needs improvement?
The user interface can be improved, and with new platforms emerging, CyberArk Secrets Management could integrate with them. The password search feature and integration between different vaults could be enhanced. For instance, when updating passwords in both lower and higher environment vaults, improvement is required in search and upgrade functions.
For how long have I used the solution?
I have been using it for almost five years now.
What do I think about the stability of the solution?
It is stable. I would rate it a nine out of ten for stability.
What do I think about the scalability of the solution?
It is scalable. I would rate it a nine out of ten for scalability.
Its utilization is based on the requests from applications. Whenever we have a new application in the environment and they have a requirement to retrieve the passwords from a secure vault, we create a vault for them, and then they utilize that application.
We have 200 to 250 automation bots. They are utilized by the whole department, not by a single person. Enterprise-wide, there are about 1,000 users.
How are customer service and support?
We did not have a good experience with technical support because their numerous processes caused delays in engaging, leading to project delays or issues with production.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Before CyberArk Secrets Management, we did not use any similar product. We used internal key vaults specific to a particular laptop, such as the Windows key vault, or the UiPath assets built into the orchestrator.
How was the initial setup?
We have had both on-premises and SaaS models. The on-premise setup was a little difficult, but now that it has been moved to the SaaS model, everything is controlled by CyberArk. We just go and do our work.
The initial on-premises setup took two weeks because it was an integrated effort. I had to spin up the servers and bring in the CyberArk Secrets Management resource to deploy the scripts. I then had to open networks and firewalls between CyberArk Secrets Management's on-premise servers and the application server. In the initial phase, it took two to three weeks, but it became easier when moving to the SaaS model.
In terms of maintenance, it requires patching or upgrades, which happens one day in a month. If there is a failure, we have to roll back and try once again, which takes more time, but if everything goes smoothly, there is three to five hours of downtime.
What was our ROI?
The return on investment is primarily in compliance. During audits, such as SOC audits happening quarterly, having passwords saved and retrieved in an encrypted manner is a significant advantage. It allows us to pass all audits. It is mainly towards SOC audit and compliance. We have seen about 15% ROI.
What's my experience with pricing, setup cost, and licensing?
It is in the middle. It is neither very cheap nor very expensive, so I would place it in the middle.
What other advice do I have?
I would definitely recommend CyberArk Secrets Management, but check the ROI before investment.
Overall, I would rate CyberArk Secrets Management an eight out of ten.
Identity and Access Management
CyberArk Conjur Review
Detailed video presentation covering the specific topics
Easy to use.
Security Manager
Best for devops secret management
Very robust and efficient solution.