CyberArk Certificate Manager Reviews

We use Certificate Manager for PKI certificates.

Certificate Manager's overall installation could be made easier. You have to install the client, then go to the console and push the certificate.

I have been using Certificate Manager for three to four months.

More than 10,000 users are using Certificate Manager in our organization.

Certificate Manager was deployed in less than 30 minutes. I did Certificate Manager's deployment by myself, but we had to go through some processes to get the PKI certificate for the enterprise side. Then, they create the certificate, and we deploy it.

Certificate Manager has some additional functionalities for managing PKI certificates compared to other certificate deployment products. I would recommend Certificate Manager to other users.

Overall, I rate Certificate Manager an eight out of ten.

We use this product for our clients' server authentication and application ID certificate. We create the certificate so that when a user tries to access an application, it looks for that specific certificate based on the volume information and it authenticates on that basis. I'm a lead system operation engineer and we are customers of Venafi. 

If you want to automate anything, renew the certificate and apply to whatever environment you need, whether it is on-premise or cloud, automation is possible. You just need to have your integration set up. Venafi takes care of automatically renewing and deploying your certificate so that you don't need to worry when it expires. It also minimizes downtime and has good integration. 

For Java applications, we currently convert the certificate in JKS manually. It would be helpful to have the capability to download certificates in JKS automatically. Venafi only provides CER and no other format. They provide an option for JKS, but that certificate doesn't work because of some configuration issues. 

I've been using this solution for six years. 

The solution is stable.

We didn't test the scalability but I believe it has that capacity. We have 500 users. 

The customer support was great. 

Positive

I previously used the Microsoft SSL ADMIN tool. The difference between the two is that with Venafi, if you have access to policy, you can create, delete, import and export anything within the tool. With SSL ADMIN, unless you own the certificate, you can't make any changes to that specific activity. If you've been designated as the 'owner' and you leave the company, it's hard to change ownership. Venafi is much more flexible because it allows you to add a group instead of individuals. Even if someone leaves the group, it doesn't affect the system.

The initial setup is straightforward although it does require some security training to gain access. 

I rate this solution nine out of 10. 

In terms of how Venafi has improved our customers' organizations, the most important thing is that it reduces the risk of the outage of some of their IT systems. Sometimes these systems would be directly connected to the revenue generating activities that the client may have. So that risk reduction that can be directly calculated into money for our clients. If their IT system that is connected to production is down one day, they will know exactly how much it would cost them. So, from the perspective of risk reduction, it can be directly quantified in the value for the customer. If I was going to single out the most important feature, that would be probably be it.

The feature that I have found most valuable is their certificate discovery.

The user interface could be always improved. But I am a technologist, so I don't care so much about user interface, but the importance that it is user friendly is always appreciated by customers.

In terms of additional features I would like to see included in the next release of Venafi, I would say integration with the cloud HSM's, Hardware Security Module. Additionally, I would say other cloud services, because it is not only cloud that's essential. If you have a customer that has a lot of their IT moved into cloud, integration with different cloud services is always an area to improve.

I haven't heard negative things about the stability.

In terms of scalability, given that we were in the situation where it was on-prem, there were certain limitations there. But I guess on the cloud they should not have limitations.

To my knowledge, it began with the initial proto-concept. After that, there were some professional services needed to fine tune and integrate with everything that the customer wanted.

From the top of my head, I think it took less than two months, maybe 6, 7, or 8 weeks, but about two months or less.

The technical team needed for the installation really depends on the customer's prior knowledge. If they have a good technical team, then the things are much easier. If they don't have... 

The technical team includes engineers, architects, managers, and administrators for different stages. I guess the architects and system administrators are also involved in the process of purchasing and evaluating if it's a good fit for them. Then the architects are not necessarily needed anymore, but you would have system administrators involved given that certain privileges must be given to this system in order to operate correctly. And then you would have your general IT security administrators for ongoing monitoring of what the Venafi system provides you. This can be taught. You don't have to have a PhD in cryptography to understand this, just be a regular IT business person who has specialized a little bit on security issues. I think they can comfortably master this.

As I mentioned, there is the risk reduction. If they see the risk reduction, then I think they should go for Venafi or a similar solution. Of course, as products improve and prices go down, even more so. But it is way better to have this kind of solution compared to not having anything, because I see from the IT security business that I have been working in almost 30 years now, if they are not running this or a similar type of solution, they are just asking for trouble. It's more a question of when an outage will happen, than if. So, coming back to the risk reduction, depending of course on the size of the company and their revenues and what type of critical systems they have, they all need to make their decision. But at the end of the day, the vast majority of the customers will see a return on investment if they value the risk reduction.

Our customers need to pay for a license, and understanding the pricing and how it might develop in the future is a bit of a pain point. But, it is not too complex either. Sometimes people ask the vendors to predict the future, whereas they themselves cannot provide enough of the information to the vendor in order to be able to estimate correctly. So it kind of goes both ways. I would say the price is fairly good. Is it perfect? No. Is it the worst I've ever seen? Absolutely not.

I would say Venafi is definitely among the three most important vendors in this area.

On a scale of one to ten, I would give Venafi a seven.