From 18 Weeks to 3 Hours: How CyberArk Delivers Business Value Faster Using Serverless Technology on AWS

CyberArk provides solutions to help secure access for any identity to any resource or environment and for any device. It is well known for providing privileged access controls for identity security. Given the growing scale of its developer teams, the company needed to build unified services with standardization and consistent governance. It also wanted to speed up time to market. In 2019, it formed a platform engineering division to help create a centralized SaaS framework that would meet these objectives. The company chose to be serverless-first because of the low operational overhead. “Adopting serverless technology empowered our developers with agility and simplified cloud resource management, helping us to accelerate time to market and focus on delivering value faster,” says Ran Isenberg, principal architect in CyberArk’s platform engineering division and AWS serverless hero.

Before establishing the platform engineering division, CyberArk developed its services in technological silos on its legacy platform, using a mix of programming languages and technologies. The newly established platform engineering team aimed to use the IDP to standardize and accelerate the development of SaaS solutions and the adoption of serverless technology across the organization. It began by building a basic SaaS framework and services for internal use and gradually expanded to integrate with other services in CyberArk.

To use serverless technologies and facilitate standardization, the team faced the challenge of implementing best practices across the organization. “How would we keep the same level of observability tools, governance, and security—how would we scale this across CyberArk to implement the platform vision of reducing time to production?” asks Isenberg.

The team resolved this challenge by implementing a collection of serverless architecture blueprints. It used the AWS Service Catalog to share, organize, and govern these blueprints in the form of infrastructure-as-code (IaC) templates. The first blueprint that the team implemented was the core backend framework that included the basic solutions that developers would need to build new services. It comprised a continuous integration and continuous delivery pipeline with observability tools, security tools, IaC, and best practices.

The team then created other blueprints—implemented as IaC—to further refine services for different use cases. Most blueprints use several AWS serverless services, such as Amazon API Gateway, which helps create, maintain, and secure APIs at any scale, and AWS Lambda, a serverless computing service that runs code in response to events and removes the burden of infrastructure management. The team uses Amazon Simple Queue Service (Amazon SQS) to manage message queuing for microservices, distributed systems, and serverless applications. In addition, by harnessing serverless services using AWS Service Catalog, the team automated the cross-account identity access management.

For every new business service, development teams had to address non–business domain concerns, such as implementing best practices, observability, integration with the SaaS platform, and governance. This used to take up to 18 weeks before the development team could start to implement actual business scenarios. The serverless blueprints that the platform engineering team implemented helped to address all these concerns in a consistent and scalable manner, reducing the effort to just 3 hours. “Implementing serverless blueprints, automation, and platform engineering practices helped us save over 4 months of development time for each new service we build,” says Isenberg.

The team has integrated 14 CyberArk services on the IDP and is working on integrating the last three. Some services use technologies other than serverless, depending on their use cases, and they also use Blueprints and automations from the IDP. To get acquainted with the new technology, developers go through an onboarding training where they learn about using blueprints as IaC templates.

The IDP has helped implement unified observability and standardization, simplifying troubleshooting. Using uniform standards, governance, observability, and development tools has expedited development time for new services from years to months. Serverless technologies also help teams release services daily instead of monthly. “The platform helps us deliver value to customers and makes everybody’s life easier,” says Isenberg.

CyberArk also uses the IDP to simplify the user interface (UI) for its customers. From the UI, the customer can access the audit service to view audits from multiple services. A cloud onboarding service helps customers use CyberArk’s UI and onboard services to their cloud environments. “Customers get a unified experience where one service handles four or five of the services they use behind the scenes,” says Isenberg.