CyberArk Secure Cloud Access is used primarily for secure administrator access to cloud consoles like the AWS console, Azure portal, and GCP console without sharing permanent credentials. It allows for better passwords and passwordless access, temporary admin privileges, and full audit tracking. Just-in-Time privileged access is utilized when a cloud engineer needs temporary production access for maintenance or troubleshooting; access is granted for only an approved duration, which is automatically revoked once the work is done. Additionally, it manages DevOps and Kubernetes access, provides third-party vendor access, and facilitates multi-cloud access governance for AWS, Azure, and GCP. It also caters to emergency situations such as break-glass access during critical production outages and assists in compliance and audit management, such as for SOC audits, while implementing Zero Trust security principles.

The best features of CyberArk Secure Cloud Access include Zero Standing Privileges, which eliminates the need for permanent admin access by providing users with temporary access only when required, ensuring it automatically expires after task completion. This significantly reduces insider threats and credential misuse. In scenarios such as patch deployment in Azure, CyberArk grants admin access for just two hours after approval, which is revoked automatically once the activity is completed. Furthermore, it supports passwordless access, multi-cloud environments, and includes session monitoring that records privileged sessions to assist during audits and investigations, providing better compliance visibility. Agentless browser access is another significant feature, as it eliminates the need for VPN dependency, making operations easier for DevOps and cloud teams.

Role-based access control (RBAC) improves cloud security by providing access based on job roles and responsibilities, which helps reduce unauthorized access. For example, I provide full infrastructure management rights to cloud admins while offering limited access based on role specifications for DevOps engineers and read-only access for auditors. RBAC includes implementing least privileged security, thus preventing accidental changes and limiting the attack surface, ensuring only authorized users can modify sensitive resources. This improves compliance auditing through traceable access control, monitoring, and documentation.

There are several areas where CyberArk Secure Cloud Access could improve, such as the integration with enterprise IT ecosystems, including cloud platforms, SIEM tools, ITSM solutions, MFA systems, and DevOps platforms. While it improves operational efficiency and provides seamless user experiences, configuring policies can be complex, requiring skilled engineers. More guided deployment wizards, better automated onboarding templates, improved UI/UX experiences, simplified policy management, and enhanced reporting and troubleshooting would be beneficial.

I have been using CyberArk IdM and CyberArk Secure Cloud Access solutions for the last three years.

I would rate the product stability of CyberArk Secure Cloud Access around 9 to 10, noting its high scalability and reliability, especially in SaaS deployments. Although there can be upgrade complexities, the platform achieves strong uptime and stability amongst enterprise-level security.

Access control has improved by more than 20% with CyberArk Secure Cloud Access. With over 1,100 users utilizing this solution, I have eliminated the need for RDP access, ensuring that users can only access servers with the proper multi-factor authentication and manager approval, achieving complete coverage and reducing the risk of breaches.

I rate the technical support for CyberArk Secure Cloud Access as a 10.

The pricing for CyberArk Secure Cloud Access is quite high, especially the initial implementation cost, as it requires skilled engineers for deployment, configuration, and integration with various tools. The complex licensing structure involving user accounts, modules, features, and deployment types complicates cost estimation, making it seem expensive for smaller companies; however, it offers better value for larger enterprises. Additional service charges for architecture consulting and deployment support increase operational costs significantly.

When comparing CyberArk Secure Cloud Access with other solutions such as BeyondTrust, Delinea, and ManageEngine, I focus on security capabilities, Zero Trust architecture, cloud-native features, integration ecosystem, and deployment complexity. I find that CyberArk ranks high in PAM maturity, particularly with its advanced features such as Zero Standing Privileges and Just-in-Time access that surpass those of competitors. CyberArk also demonstrates exceptional compliance and audit capabilities and excels in multi-cloud support.

I use adaptive risk-based policies in CyberArk Secure Cloud Access, and while configuring these intelligent security policies, which dynamically adjust user access based on real-time risk analysis can be challenging, they significantly improve security. These policies evaluate user identity, device security, login location, time of access, user behavior risk score, and resource sensitivity to determine access permissions. For instance, if a cloud engineer typically logs in from the Hyderabad office during business hours but attempts to log in from an unmanaged device in another location, CyberArk blocks access and requests multi-factor authentication and manager approval before granting limited temporary access.

I assess the effectiveness of real-time monitoring in identifying threats in the environment by considering scenarios where an employee attempts to log in from a new location and needs manager approval. In such cases, multi-factor authentication is required, ensuring a second layer of security. This mechanism significantly reduces both insider and external threats in my usage of CyberArk Secure Cloud Access.

CyberArk Secure Cloud Access requires some maintenance, particularly for role-based access, future upgrades, patch management, and lifecycle management, which may involve minimal downtime. While skilled engineers and vendor support are needed during issues, it is generally designed to reduce operational overhead, benefiting from agentless access and cloud-native architecture, with regular maintenance tasks such as policy management and compliance auditing handled through the backend platform managed by CyberArk. I rate this solution a 9 overall.

I have been dealing with CyberArk Secure Cloud Access for over three years now, and I have been working with CyberArk for 10 years plus.

I work with their CASB solution, CyberArk Secure Cloud Access, and I am a certified deployer for CyberArk.

I use adaptive risk-based policies in CyberArk Secure Cloud Access to learn and understand the environment.

The use of dynamic role-based access controls in CyberArk Secure Cloud Access enhances my cloud security by helping not to prolong the access granting process. In other words, just-in-time access is very quick.

Integrating with existing IT ecosystems like AWS or Azure IAM or Azure AD helps streamline my administrative and compliance efforts when that is set up correctly.

I have been both a customer and reseller of CyberArk.

In CyberArk Secure Cloud Access, I find the central point where it is easy to access and easy to configure most valuable.

I assess the effectiveness of real-time monitoring in identifying potential threats as very important nowadays, noting the use of algorithms and large language models.

Comprehensive audit trails in CyberArk Secure Cloud Access have provided valuable insights, especially with suspected misuse of credentials.

When someone obtained a vendor's details and attempted to access them, with monitoring enabled, it was easy to see from which area it came from and then confirm with the user whether they were trying to access it or had forgotten something at that point in time.

In my perspective, I do not see much that could still be improved about CyberArk Secure Cloud Access. Depending on what is used to do the integration, looking at the requester's posture could be beneficial.

In the future for CyberArk Secure Cloud Access, I would like to see tokenization improved, where every connection gets a new token. Not in the sense of a connection token but more a certificate that encrypts the data and gets deleted.

I have been using CyberArk Secure Cloud Access for over three years now, and I have been using CyberArk for 10 years plus.

I rate the technical support as very good, so I give it a nine because I know a lot of the technicians.

I am not really working with Trellix that much anymore. It is more something like CrowdStrike.

I have not had experience with Falcon LogScale by CrowdStrike yet.

When it comes to implementation, I usually refer to the physical implementation or the preparation to implementation.

Overall, I usually say it takes about three months at least for both preparation, implementation, and configuration because this helps to plan and understand the client's environment so that you do not forget something and also do not break connections or anything when you do the implementation.

In South Africa, everything is expensive, so there is always going to be environments where this is seen as a luxury product instead of an enabler.

I rate CyberArk Secure Cloud Access as also a nine, but I would like to see what happens with the Palo Alto acquisition.

I would generally recommend CyberArk Secure Cloud Access to others, but there are other good options, depending on what the client is looking for.

For companies in South Africa, I would not recommend CyberArk Secure Cloud Access for medium to small companies, but it also depends on what their security appetite is.

My overall rating for this review is nine.

My usual use cases for CyberArk Secure Cloud Access involve primarily working on PAM, which is Privileged Access Management, and this generally helps us with admin and high-level account accessibility. We also use credential vaulting alongside its JIT, which is temporary access, and this has proven quite helpful for our needs.

The features of CyberArk Secure Cloud Access that I find most valuable are the monitoring, recording, and auditing capabilities.

I find them valuable because both products are quite interchangeable, and the main feature we love is the temporary access. Secondly, it does not require sharing a password, which is really helpful. Additionally, PAM is the core strength of this product, and it provides a dashboard for continuous threat detection, which is quite helpful for taking action against threats.

The value of the insights provided by audit trails is significant for me since it allows checking user logins and accessibility, helping identify potential threats and block or restrict access from high-risk zones. It effectively tracks user login attempts, access requests, approvals, and policy changes, which are crucial for implementing recent policies.

CyberArk Secure Cloud Access provides a solid foundation overall, but the UI/UX might be challenging for less tech-savvy individuals. Something user-friendly that improves the interface and the initial setup process would enhance the experience. The technical documentation requires a high level of understanding about how CyberArk works, and this could be improved.

I have been working with CyberArk Secure Cloud Access for almost three to three and a half years.

I find CyberArk Secure Cloud Access quite stable. However, updates are not very frequent at times, yet it still performs well. The stability from a security perspective is quite good.

The scalability of CyberArk Secure Cloud Access is commendable, as most enterprises use it. From a scalability standpoint, I would rate it an eight out of ten.

I have communicated with the technical support of CyberArk Secure Cloud Access a couple of times.

My experience with CyberArk's technical support has been quite good. They are helpful and provide enterprise-level support with knowledgeable engineers and ample documentation, especially during setup and critical issue handling. Turnaround times may vary depending on the type of support.

I think adaptive risk-based policies are essential because when using any healthcare-related tool, the HIPAA-related compliance or SOC compliance will be completely different from the fintech platform. They definitely differ country-wise or region-wise, and whenever we use them for LATAM or the JPAC region, policy changes are necessary. There are three levels of risk that we configure: low risk for normal access, medium risk where we provide MFA, and high risk where we block that particular system or restrict the accessibility. This is how CyberArk works.

The effectiveness of real-time monitoring in identifying potential threats for my customers is really high because real-time threat detection is a helpful feature. It enables me to analytically check high-risk zones or systems and identify potential threats based on configured access, IP addresses, or analytical reports.

The use of dynamic role-based access controls enhances cloud security for my customers because dynamic roles are essential in current cybersecurity features. They assist in assigning roles dynamically based on user roles or groups configured for them, thus offering just-in-time privilege elevation that works directly with identity providers.

Integrating with existing IT ecosystems helps my customers streamline administrative and compliance efforts by configuring it with Microsoft Azure Directory and providing SSO for any external integrations. Azure offers the highest level of security from Microsoft, and the integration areas include similar functionalities such as MFA, which significantly aid in connecting to VMs or managing cloud workloads.

The pricing of CyberArk Secure Cloud Access is relatively reasonable. It is not as expensive as other cybersecurity software, but it is also not cheap. For enterprises, paying a little more is acceptable, especially considering that one data leak can lead to significant financial problems, making the transparent and flexible pricing worthwhile. I would rate this product an overall eight out of ten.

I purchased the solution through a third party. We have it deployed on our IT estate and we're still rolling it out across parts of our Telco estate, so it was easy to implement in my system.

The use of dynamic role-based access controls enhances our organization's cloud security as it is part of the controls that we require to meet our TFL obligations.

I assess the effectiveness of real-time monitoring in identifying potential threats as extensive, as we have extensive testing procedures, including performance testing, load testing, and monitoring the impact of the platform on any of our Telco operational systems. We have a very extensive testing lab facility with a comprehensive list of tests that we conduct.

Integration with existing IT ecosystems had some problems, and there is room for improvement. On the IT side, there were some problems, but we have overcome those problems. On the Telco estate, as we move towards our cloud-native platforms on the Telco side, there are still many question marks as to whether CyberArk Secure Cloud Access would be able to deliver the necessary capabilities and performance, but we are evaluating how that develops.

Comprehensive audit trails have provided valuable insights on the IT estate. We haven't rolled it out into full production on the Telco estate, and that is something we are evaluating right now.

I use adaptive risk-based policies. They have helped improve security measures quite extensively because it is a very dynamic environment, and we need those adaptive policies in place.

In the future, I would like to see better integration into some of our cloud capabilities and hybrid cloud capabilities, especially around where we have containerization, as I think that is an area where the product is claiming to be able to do things, but we are yet to see maturity in those areas.

Other than pricing, I see that there is room for improvement for CyberArk Secure Cloud Access, but we are generally satisfied with the product.

I have been primarily a customer, and in this current role, I have been a customer of CyberArk for at least ten years now.

I have not faced any issues with this solution.

When it comes to performance, I am definitely satisfied with CyberArk Secure Cloud Access on the IT estate, but we are still evaluating whether it has the right level of performance for the Telco aspects. We have an on-premises solution as well, so we are still evaluating.

I would rate the technical support provided by CyberArk as low, because the solution is actually being delivered by a third party, and all support and services are delivered through the third party, so we are not interacting unless there is a major issue with CyberArk directly.

I find the pricing definitely expensive, and it is something that we are debating as to whether we will continue longer term with CyberArk, but at the moment, it is the platform that is there and it is being rolled out to meet our TFL obligations, so it will continue, but there is significant discussion around the cost of the licenses. My review rating for this solution is 7.5.

As a distributor, I sell CyberArk Secure Cloud Access to partners and then to customers. I don't have the products deployed in production. I maintain a lab that I use for presentations and demos. I have both on-premises and cloud infrastructure. I am in the channel chain for CyberArk Secure Cloud Access, purchasing it directly from the vendor.

Deploying CyberArk Secure Cloud Access is much better than the older CyberArk products. CyberArk has improved the user experience and admin experience significantly over the years. From my expertise, the lightweight nature of CyberArk Secure Cloud Access is the most important feature, as it does not consume as many resources as previous solutions and does not require extensive resources to deploy.

CyberArk Secure Cloud Access allows me to cover a number of scenarios in a very convenient way that was not convenient in traditional PAM vaulting. The use of dynamic role-based access controls enhances my customers' cloud security. This new approach is particularly effective for dynamic environments where traditional PAM requires significant effort to detect accounts, onboard accounts, and provide access rights. A dynamic version allows this process to happen in a smoother way with fewer administrative requirements. This approach is especially valuable for modern environments, particularly CI/CD environments.

The customization of CyberArk Secure Cloud Access could be improved because I found scenarios where I could not provide the correct configuration due to insufficient options available. I understand the approach that keeping it simple makes it easier to deploy in general, but additional customization capabilities would be beneficial.

Real-time monitoring with CyberArk Secure Cloud Access is missing some features that I believe are on the roadmap, such as AI-generated descriptions of events and summarization of events. These features would be particularly helpful for SOC analysis and are important for SOC members.

The audit trail in the past was not very informative and requires improvements. I believe this is the reason why AI enrichment was prioritized in development.

I have been using CyberArk solutions for ten years. CyberArk Secure Cloud Access has existed for approximately four or five years.

Technical support from CyberArk is quite good sometimes, but it depends on who I meet on the first line. I would rate it between six and seven out of ten. It is quite good, but there are some issues.

Implementation of CyberArk Secure Cloud Access is quite straightforward. The basic installation of CyberArk Secure Cloud Access takes mostly a couple of hours.

Cloud providers are chosen by my customers, but in my region, Microsoft is more popular. CyberArk's mindset is to be the best in the market, but being the best in the market requires a high price to maintain quality and attract customers. Sometimes if the price is too high, CyberArk loses deals, but I see that it is a success in the market. The price is high, and if it could be lower, I could generate better business.

CyberArk Secure Cloud Access is a good product that is well positioned in the market as an enhancement that provides new possibilities beyond the classical PAM solution, for which CyberArk is most recognizable with its classical on-premises PAM. This new approach is valuable for modern environments. I rate this review overall as eight out of ten.

I worked on Fortinet before, and now I am working on an altogether different vendor ecosystem that focuses more on Cybersecurity Operations Center. I currently work with IBM QRadar, CyberArk Secure Cloud Access, and a few other cybersecurity vendors.

I use these tools for my own service operating model. I am currently building a managed security services provider where I use these tools for building my security operations center and helping enterprise customers fight against cyber threats and build resilience.

I use this solution for providing zero-trust network access and application security to cloud-based workloads.

Their presence in the European market and the cloud-based SaaS consumption model is the most exciting aspect for customers.

Their claims are quite promising, and their risk score rating for different cyber threats is particularly exciting so that customers can gauge the impact of cyber threats and prioritize their remediation efforts.

For integration with SIEM, they have a good telemetry ecosystem that can be forwarded using syslog and API-based integration. This unified telemetry ecosystem allows SIEM to ingest logs and events seamlessly.

The efficacy of the solution is more or less specific to particular use cases rather than generic use cases. The solution is quite good, but it may not be applicable for all scenarios. For cloud workloads on a hyperscaler, this solution is sufficient. However, for specific use cases and how enterprises are using hybrid multicloud scenarios, the solution requires more flexibility in deployment and needs to have its efficacy tested in a hybrid multicloud scenario.

Role-based access control is not going to enhance cyber resilience, but it is more for the efficacy and optimization of resources that manage cyber resilience programs.

This product should be made available in various clouds in India because India now has the DPDP compliance requirement so that data from India-based deployments or India-based customers remains in India. This way, they can make these tools available widely on all hyperscaler cloud ecosystems in India so that enterprises can use them while keeping their compliance requirements in mind.

I have been using this solution for a few months.

I have conducted only theoretical and a little bit of practical evaluation. I have not deployed this in production, so I cannot comment on the stability of the platform because I have not used it for my production workload or in my lab workload. I conducted a theoretical evaluation and performed a few tests. I cannot comment on stability based on my experience.

I have not encountered any scalability issues. Usually, these cloud platforms are built with elastic scale in mind, so I do not think the platform will hit any scalability issues.

The setup is straightforward. Nowadays every SaaS solution is designed and architected with the understanding that deployment is intuitive, and even with moderate skills, an engineer can deploy it seamlessly.

Technically, the solution matches the offerings from different service providers. In that way, I think they are quite competitive. However, this is use case specific for workloads hosted on a public cloud. I think this is a promising platform.

CyberArk Secure Cloud Access is a good and promising solution, but the efficacy of the solution is more or less specific to particular use cases rather than generic use cases.

Privileged access management, governance, and audit are the primary use cases for CyberArk Secure Cloud Access. For audit and governance purposes, you want visibility into who accesses what, at what time, and what they do. When deploying CyberArk Secure Cloud Access, you gain this visibility. If you need to audit something that has already happened, CyberArk Secure Cloud Access can help you understand who performed an action. For example, if a database administrator logged into a device or operating system via SSH, CyberArk Secure Cloud Access monitors the person so you know exactly what they did. If there is downtime caused by human error, perhaps a configurational error by a networking administrator, the PAM solution can help you understand that Isaac performed this action at this specific time and that action caused the downtime.

CyberArk Secure Cloud Access also prevents risks because you must go through the platform to access the environment, which limits your risk surface area and reduces risk overall. There are many reasons that organizations deploy CyberArk Secure Cloud Access. Some deploy it because it is part of their policy or standard, others deploy it for risk reduction, and others deploy it because they want to audit what their people are doing and manage their metrics.

Dynamic role-based access enhancement increases security based on user IDs and identification. You map users to applications by taking the application ID and user ID. Dynamic role-based access helps you identify which user is accessing what, with what device, at what time, and the level of access the person has for doing what they are doing.

Audit trails are the main functionality of CyberArk Secure Cloud Access. By monitoring the privileged activities that are occurring, CyberArk Secure Cloud Access gives you visibility and insight while mapping every log and providing meaning to the logs of whatever is happening. There is even live recording of whatever you are doing. When you log into a system, CyberArk Secure Cloud Access monitors the activities you are performing. If you log into a Windows operating system and access applications, it continuously records until you log out of the system and saves that recording.

CyberArk Secure Cloud Access involves substantial effort when performing on-premises deployments. The SaaS or cloud version is less time-consuming compared to the on-premises deployment. With on-premises deployment, you must do a great deal, including spinning up the infrastructure itself and adding it to the HSM before integrating or onboarding where you want to control through PAM. This requires significant human resources.

The deployment complexity may not be entirely accurate in my assessment because it has been a while since I left the engineering aspect and moved into more managerial roles. Before, when I was using it, too many components were involved in CyberArk Secure Cloud Access deployment. You need to understand every component because the least mistake results in being completely locked out of the system. Having too many components makes the deployment difficult and is not easy to understand. You have to be technically inclined to perform the deployment successfully.

I used the solution since 2019.

CyberArk Secure Cloud Access operates in real-time for monitoring purposes. You must go through CyberArk Secure Cloud Access to access what you want to access. If CyberArk Secure Cloud Access is down, you cannot access anything, which is a double-edged sword. It becomes more secure overall, but when that security measure is not in place, you cannot access your environment. This is especially problematic when using a trial version of the license. If the trial license expires before you activate your product, that becomes a significant problem.

The scalability of CyberArk Secure Cloud Access depends on the organization and how large the organization is for which you are onboarding or deploying the solution. If you have extensive infrastructure, then CyberArk Secure Cloud Access takes considerable effort to implement. However, if you have a small to medium-sized enterprise, you can typically complete your deployment in roughly a week.

We were partners and a Tier 1 partner with CyberArk Secure Cloud Access, so the support was very high. I even know the regional engineer for CyberArk Secure Cloud Access for both West Africa and East Africa. The support was really excellent. We could log cases and receive help. We could jump on a session with an engineer to assist us. As long as you have a license from them, the support is available during deployment. The level of support depends on the kind of support you have. Because we were a Tier 1 partner with CyberArk Secure Cloud Access, the support was excellent. They have even come down to Ghana to provide support.

CyberArk Secure Cloud Access has vast out-of-the-box integration interfaces. It integrates into almost everything within the enterprise infrastructure. I would rate this review an 8 overall.