CyberArk Workforce Identity

CyberArk Identity  is mainly used for accessing servers, partition management, and rotating passwords, especially in sensitive sectors such as banking and to protect patient data. It's crucial for complying with regulations and ensuring that administrative tasks such as encryption key management are streamlined.

CyberArk Identity  provides an easy identity portal, single console, log capture for GRC  compliance, and efficiently rotates passwords unknown to users, enhancing security. These features aid in reducing the attack surface by blocking unauthorized access and preventing exposure of internal solutions in sectors such as banking.

Some areas experience slowness based on the workload. There's a need to enhance network performance despite the good user experience with access management.

We have been working with CyberArk Identity for more than five years. Previously, I worked with other PAM management tools. Currently, most customers are choosing it as a premier product, which is why we are focusing more on CyberArk Identity.

They charge reasonable money for the features they provide. The price is reasonable for the product.

Positive

While Arkon PAM is a competitor, that product is not as good nowadays. CyberArk Identity is at the top. When it comes to premium products, CyberArk Identity stands alone.

The setup process for CyberArk Identity is singular, but it differs for all customers. Customers provide the data for implementation, based on which we receive payment. From a product perspective, it's easy, but we need to gather customer data and implement according to their requirements.

Other vendors include CrowdStrike and SentinelOne.

Customers in the banking sector don't expose what solutions they have inside their systems for security reasons. My overall rating for CyberArk Identity is nine out of ten.

If I have a core banking application platform with users or privileged users accessing that particular environment, I have to ensure that the right people are accessing what they're supposed to access. I need to have proper monitoring on them, ensuring that privileged accounts are not being shared and that generic accounts are not in use. For instance, if someone accesses the core banking application and performs changes or transactions, this solution enables me to track who did what in that session and even monitor or replay the session of that person's actions.

CyberArk provides identity governance. It gives you control of who, how, and what is accessing your environments. It provides simplicity for privileged users to access the environment. 

When using IAM  and PAM, CyberArk Identity  is the best choice. If it is just one model, for IAM , I prefer others like One Identity. For PAM, CyberArk Identity  is the best. 

Furthermore, CyberArk Identity provides identity governance and gives me control over who and how access to environments occurs, offering significant confidentiality in what is accessed. 

Initially, people find it challenging to adjust to these changes, however, over time, it becomes time-saving as there's no need to access each device individually. Instead, there is a single pane of glass or platform that administrators can log into to manage environments efficiently.

The partner portals are and support portals are very good. 

CyberArk Identity's ability to safeguard financial services infrastructure is good. If you have your core banking application transformed, and have privileged users accessing the environment, you can control who and what is accessing where and generic accounts cannot be used. If some accesses core banking functionality, you will be able to track what a person is doing.

Its ability to help meet compliance requirements is good. It covers ISO standards. We easily integrate password policies. It helps us protect access within an organization. 

It's helped us to comply with PCI DSS.

There are a lot of time savings. There's a single pane of glass to log into to access the environment. We don't have to go through individually.

We've reduced risk exposure. Instead of logging into different platforms, you just log in to one single platform. You have your resources being allocated to you. In this way, it also identifies you, with a single sign on privileges. It gives you protection in terms of not using generic accounts or administrative accounts that everybody uses. All credentials are saved in a particular system known as a vault, and only a particular port and a particular IP address can access the vault. Now, there is one way in or one way out. It doesn't create any vulnerabilities whereby people or unknown entities can enter easily.

It impacts zero trust security strategies. It prevents lateral movements in the organization. You cannot be gaining access to a privileged account. 

The solution helps with operational efficiency as it provides a very secure mode of access.

Integration or deployment is extremely difficult for CyberArk Identity. For example, vault integration and deployments are very tedious and involve components like HSMs, requiring extensive skill sets and knowledge. This complexity is especially true when integrating into various environments, service applications, and session monitoring setups. It is very demanding.

I've deployed two solutions so far. I've worked with the solution for about three years, since 2021. I haven't worked with the projects this year. I've done some POCs.

With respect to stability, I find that stability is very good. It is very stable.

The solution is very scalable.

I'm also aware of One Identity.

The initial setup was complex. It was very complex when it was my first time handling an implementation.

We were the partner deploying for a customer.

CyberArk Identity is slightly expensive compared to others. That said, it offers value for money. It comes with additional resources that I need to spin up on-premises. So, if I am not going fully cloud, there are additional resources I will need to purchase, such as spinning more VMs or acquiring an HSM device to encrypt the vault.

I would probably give the solution a seven out of ten. 

It offers the best PAM solution you can get compared to others, compared to One Identity.

Deployment is complex. If you are deploying CyberArk Identity, you should have the skill sets, knowledge, and resources to manage it. It is not easy to manage or deploy CyberArk Identity. 

We use it to protect our login credentials within the computers and tablets that we provide to our team for field tasks.

Being able to integrate CyberArk Identity with Microsoft Defender is valuable. This integration feature is integral to maximizing the security benefits we get from the system.

To enhance the product, they can consider improving the user interface of the software and possibly the customer support team. Sometimes, there is a delay in handling my inquiries via email, which could be addressed for better service.

I have used the solution for one year and a half.

We have never experienced downtime or crashing. I have not encountered such issues.

The solution can be scaled. If we have subscribed, we are able to use it on different laptops and tablets. It does not limit us, even if I have ten or more devices. We can use it on different phones and computers, demonstrating its scalability.

There are times when there is a delay in handling my inquiries via email. I would rate them an eight out of ten.

Positive

We have not used other solutions. This is the first software that we are using to protect our data and access information within the organization.

It was very easy because after we developed an interest, we went through the training on how to install it best, so while installing, we found things very easy.

It took us one day for us to become familiar with everything. We were able to realize its benefits immediately after the deployment. 

It does not require any maintenance.

We had three people involved in the deployment.

The pricing is acceptable. It is worth considering what we are protecting with the amount charged.

A simple advice would be to have an IT person on the team for the software installation.

Overall, I would rate CyberArk Identity a nine out of ten.

I work with Direct Identity. I was studying CyberArk, and I have used it a few times. Then I switched to a new project. I have some experience with CyberArk Identity .

What I like most about CyberArk Identity  is the model that is in place. It is very good. It is the most powerful access management system. There is a lot of security - especially when you have to onboard and allow access for new users for the corporate and new applications. It's wonderful.

We saw results very quickly. I saw the power of identity management almost right away. It's one of the best in the industry. It competes very well against other solutions and Active Directory. It's very low cost in comparison to Microsoft solutions. 

Something they could improve is the management of multifactor authentication. When you translate the page from one language to another, it can be a difficult process. The translation isn't always good, and it may have a completely different name. I've noticed this in the English to Spanish translation.

The implementation can be difficult. They have so many laws and filters that it can be overwhelming.

A few months, or maybe two months ago, was the last time I used the product. I managed different multifactor accesses for users. When using you must sign in with corporate credentials to authenticate the users. The authentication can go through the phone or email. 

It's a very stable solution. When you have it in the cloud, you have CyberArk every time you need it. In the time I have been here, I have not experienced a fall in the service of CyberArk. There is no risk in the stability.

I have contacted technical support. We used their help with virtual machines that CyberArk gives. I had one machine that I could not use due to an invalid token. They resolved the problem immediately after I reported it, on the same day, within one hour. It was a very good experience.

Positive

A different solution can be, for example, Microsoft Azure  Active Directory. It is a very powerful identity management system and very good for a company that needs to improve constantly. Another good solution instead of CyberArk can be SailPoint, which has been making significant strides in recent years.

The solution can be deployed on cloud or on-premises. CyberArk is more on the cloud than on local hardware. 

The deployment is initially quite difficult. That said, when you are doing the implementation of CyberArk, there are so many tutorials that make the learning process very easy. The only complaint could be the language barrier. It's difficult if you don't have a very good level of English. Otherwise, it is very easy.

You can have it set up within three months without much difficulty. It's hard to get started, however, once you get going, it gets easier. A full deployment takes half a year or less.

There is some maintenance necessary. A company is constantly hiring and letting go of employees. The access is always changing, so access must always be adjusted. Or, if we need another law of filter, we would need to add those, or even take them away. That's another aspect of maintenance. 

We do not use a third party for implementing CyberArk. We can contact CyberArk directly if we have questions.

Regarding pricing, it can be quite a lot for small companies. For national companies, like a medium-sized company with 1,000 employees, it can be very good.

It is also a very necessary solution. Every  company needs identity management for security within the corporation. It is essential to prevent unauthorized access and maintain strong barriers against hackers.

A different solution can be, for example, Microsoft Azure  Active Directory. It is a very powerful identity management system and very good for a company that needs to improve constantly. Another good solution instead of CyberArk can be SailPoint, which has been making significant strides in recent years.

Out of everything, I will rate it nine out of ten. 

It can be a language barrier, however, not necessarily if you understand English quite well. There is complexity in understanding the multifactor access, however the CyberArk interface is wonderful. I like it. It gives the user a very good, simple way to access different features of the CyberArk product.

I have no relationship with CyberArk. I've only worked with the product.

I use the solution in my company for its vaults.

The features that I personally find most effective in terms of security stem from the fact that it is easy to integrate and also the adoption is faster.

At the moment CyberArk needs to enrich Conjur and it needs to be made more viable so that its adoption can be made much faster.

I have been using CyberArk Identity for three years. Our company has a partnership with CyberArk.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution a nine out of ten.

As my company has a partnership with CyberArk, we don't face any challenges with the support part. I rate the technical support a ten out of ten.

Positive

In our company, we haven't faced any such challenges with the product's initial setup phase because our requirements were pretty clean and clear.

The solution is deployed on an on-premises model.

The solution can be deployed in two weeks, and it includes every area because my company has a complex environment.

Cost savings have been possible since my company has not had to pay any penalties after using the product. The product has also secured our company's environment.

I think it is a fairly priced tool. I rate the tool between six and seven on a scale of one to ten where one is expensive, and ten is cheap.

Against CyberArk Identity, my company tried other products like Norton and some other tools, which were not up to the mark.

My company doesn't use the tool for the multi-factor authentication feature.

I recommend the product to those who plan to use it.

The vendor maintains the solution automatically.

I rate the overall tool an eight out of ten.