What is our primary use case?
Privileged Access Management is basically used to just keep track and log. We have to provision those accesses. If a newcomer comes, they have to be identified to ensure they are the correct users. So for those, there is a web implementation where there are some products that you can order, then they're approved. Depending on that mechanism, it's been decided, oh, this is a valid user. That's how it's been managed.
How has it helped my organization?
Privileged Access Management in CyberArk is one of the very first features that was implemented as part of Privileged Access Management. Then came Endpoint Manage and finally the Password Vault. From the very beginning, once Identity Access Management as a service started, with Dell One Identity Manager as the first service. Then came CyberArk. I don't think there is an additional benefit that it has brought. It's sort of an essential commodity in the entire Identity Access Management infrastructure.
What is most valuable?
For me, Privileged Access Manager and One Identity sort of merge together. For me, the best part of CyberArk is Password Vault and Endpoint, basically. If you ask me what's there that, it's that everything is pretty straightforward. There is no confusion. It's a pretty straightforward application to work on.
It is a scalable product.
The solution is stable.
What needs improvement?
They should allow further customization as it's really hard to do any further customizations over CyberArk. We do have a wrapper of customization. However, it's very difficult, especially their web implementation. That's one thing I would say they can improve. With Angular and everything on the market, they still have their in-house web implementation tool, which is sort of a headache.
I would love them to improve their UI customizing features.
You simply cannot install the demo UI in every customer, basically. They would always ask for something to make their UI look a little different - simple things like their logo or some sort of additional information pertaining to their particular customer. Even doing the smallest of changes takes a lot to do.
What do I think about the stability of the solution?
The solution is stable and reliable.
I haven't been faced with intermittent bugs like I do on One Identity.
With CyberArk, we rarely get those situations. It's a very, very stable software. You rarely need to raise any bug or service request with them.
What do I think about the scalability of the solution?
It's pretty scalable. Although we haven't increased our infrastructure once, we have installed the latest version. Even then, adding other infrastructure items into the portfolio is not a big deal once you have done the initial installation.
Our organization is more than 30,000 to 35,000 people. However, only a handful of them are entitled to Privileged Access Management. There might be only 5,000 users. It is used quite extensively.
Which solution did I use previously and why did I switch?
It sort of was implemented with One Identity Manager when Identity Access Management came into the picture. In early times when there was simply Excel as an identity access manager, and then there was nothing basically. Once there was the onset of proper identity access management without in-house custom tools or proper streamlining process, this solution was added. Initially, One Identity was sort of used as a Privileged Access Management also. However, soon they realized that it lacked in a lot of places for Privileged Access Management. That's when we went to CyberArk. That was way before my time.
How was the initial setup?
I have been part of the initial implementation. However, the day-to-day operational tasks are being handled by a different team.
I was part of a migrational project. When I joined this organization, they were just migrating from the last stable version to the present stable version. It was pretty straightforward. There was, in my organization at least, documentation that was a bit more thorough to follow. That helped me a lot.
The implementation takes quite some time. Even in production, we have to instantiate the service. We had to take a special weekend, which means downtime since this is a critical application. Therefore, moving this takes some time. It's not that there are glitches and all. It's such a heavy application that requires moving so many things. For us, it took around nine to nine and a half hours roughly to deploy. This is considering if I take off all the in-between stoppages and breaks.
Privileged Access Management is a complex topic. I won't say that any of the tools are straightforward. That said, if you are thorough, then it's pretty straightforward for people who are in this industry.
I'd rate the setup process a four out of five in terms of ease of implementation.
What other advice do I have?
With every security tool, new users learning by themselves is a bit difficult since the material isn't openly released. It's released if you have a partnership or if you pay for the software. That makes learning the tool a bit difficult. If you are interested in learning, the only thing is to get a job in that field. If your company is using it, it's like learning by doing. That's the only way you can learn about this product.
I'd rate the solution eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner