CyberArk Privileged Access Manager Reviews

The solution is too complicated to use and should be simplified. It took me a long time to understand how to use it. There is a lot that the solution can improve for the future.

I used CyberArk Enterprise Password within the last 12 months.

The solution is stable and reliable.

We have approximately eight people in my organization that use this solution.

I did not like the solution at all and I was happy when we stopped using it.

I rate CyberArk Enterprise Password an eight out of ten.

It is useful for protecting passwords. If you need to do access security management, you can first use the CyberArk console, and after that, you can connect the firewall interface or firewall command line. Similarly, if you need to do an RDP session, you need to first log in to CyberArk before connecting to the Windows RDP session. This way, the admin doesn't know the password, and that password is changed immediately. To change the password, you first discover the old password in the network, and after that, you can change the password.

It can be integrated with other systems, but it is not easy to integrate. It takes too long to integrate it. Its integration should be easier and simpler. 

Its stability is very good. It is a very robust and stable product if you have the correct installation and configuration. Otherwise, you would have problems.

It is scalable. Our customers are enterprises with a minimum of 2,000 users and maybe 100 admin users.

We are satisfied with their support. Our customers need local support, and CyberArk provides that. Their documentation is also good.

It is a little complex as compared to its competitors. Its deployment took a long time.

We had a consultant, and we were satisfied with the service. You need someone with one or two years of experience.

They have two types of licensing: purchase and subscription. You have to pay for each admin user, such as Microsoft admin, mail admin, database admin, etc.

I would rate CyberArk Privileged Access Security an eight out of ten. It is a good product.

We are a system integrator. We are selling its latest version to customers who are new to PAM or are coming from an older PAM. 

The respected partnership and portfolio with CyberArk are highly valuable to our organisation, as it helps to open doors with Enterprises and Financial organisations, on serious discussions on Identity and PAM projects. CyberArk PAS solutions bring good services revenue and long terms relationships with customers.

Their legacy of more than 20 years is very valuable. It brings a lot of stability to the product and a wide variety of integration with the ecosystem. Because of these factors, it has also been very successful in deployment. So, the legacy and integration with other technologies make the PAM platform very stable and strong.

In terms of features, most of the other vendors are still focusing just on the privileged access management or session recording, but CyberArk has incorporated artificial intelligence to make PAM a more proactive system. They have implemented threat analytics into this, and there is also a lot of focus on domain controller production, Windows, LINUX Server, DOMAIN CONTROLLER protection etc. They have also further advanced it with the security on the cloud and DevOps environment.

They have a bundle licensing model, which really helps, unlike competitions complex licensing. Even though in our market, few customers have the perception that CyberArk is expensive as compared to some of the other new PAM providers, but in terms of overall value and as a bundling solution, it is affordable and also CyberArk is highly scalable platform.

Their post-sale support area requires a little more attention to our region ( ME/UAE. The current support model does not allow the end customers to open a ticket directly with CyberArk. Customers have to inform the distributor or bring in partners who have access to the support portal to open support cases. The support teams liability is limited to product issues and they usually do not get into configurations and integrations, unless estimated and paid for PS services.  This indirectly helps Service providers like us to make extra revenue. The default 24/7 support to our region, is effective when there is an emergency like a serious software issue, or if password vault is down etc, for such cases they provide immediate attention. For the rest of the low priority like migrations, upgradations, backups etc ( in some site it shall be considered high ), they take more time to respond.

Looking forward to new features line API security 

I have been engaged with CyberArk solutions for about five years.

A very stable platform for small to extremely large and complex organisations and distributed networks.

In one of the projects for global MNC, we had successfully executed projects with distributed Vault in 16 countries spread across 5 continents. This is done with a centralized primary vault( on HA )- HQ Datacenter, which connected distributed local vault and PSM, along with DR in the cloud. 

All these years in none of our projects haven't come across product stability or system crash isuses due to cyberark software

For customer and service provides (like us ), PAM is a journey with continues improvement and hygiene practices to protect the critical system. CyberArk offers many solutions for endpoint privilege management, Domain Controller protection, DevOps security which helps in upselling and expanding the security measures. Also, the solution is capable of handling a distributed and heterogeneous environment 

CyberArk PAS setup needs expertise and experience. Based on my experience, a small deployment of 10 or 20 PAM users takes one week to set up the PAM infrastructure and another one week to go live with basic modules and standard out of box integrations. The rest of the rollout has customer dependencies.  Ideally, the PAM system needs 3-6 months to get mature in an organisation.

We do inhouse.

Overall, bundle pricing and sales team support are really good. The main difference from all the other vendors is that they have one package that covers all the functionality and modules required in PAS, except the add-on advance technologies like agent-based endpoint, Win/Linus server protection, domain controller protection etc. When it comes to agent-based advanced technologies the overall cost is not cheap. However, the values it brings is highly critical to customers who are paranoid about targeted attacks.

Vendor PS BOQ are expensive like usual OEMs rates, but they do the Scope effectively within less time, which help the large customers ( like banks ) to run without any downtime 

I would recommend CyberArk solution even for small customers, who have critical application and internet presence in their business. The licensing model support to start with even 5 privilege users, this really helps. We haven't experience Idaptive ( Identity Saas ) solution yet, however, it looks promising

I would rate CyberArk PAS a ten out of ten. They are sharp focused on privilege access security for more than 21 years. This highly remarkable.

We use it for storing and rotating passwords.

Within our organization, a lot of people are using this solution for a lot of projects. We have already implemented CyberArk as a SaaS solution. We are not using the core parts, but we are using the software as a service for a project.

At my previous job, there was a team of seven people who were in charge of maintenance. Mostly analysts, senior analysts, and a technical lead used this solution. 

It completely depends on the requirement. For some of the RPA robotic types of user identity, we prefer for it to happen in an automatic way, but some of them are highly critical, so we don't do it automatically. As for the end-user experience or expectation, if they want to change it at their end, they can do it.

I don't see any problems because it's highly secure and very flexible. It gives us all types of storage options and it gives us a high level of security. From my experience, overall, I don't see many problems that need to be rectified.

The only problem involves granting access to people who are authorized to view it. This user management area is the most critical. We have to constantly check on that area and we have to review and give proper access. Nobody should have more access than they are authorized for.

I have been using CyberArk Enterprise Password Vault for eight years.

It's scalable at the component level. If you want to add some of the latest components, or if you want to implement biometrics or MFA, this solution can handle that — it's very easy to implement.

The tech support is amazing. If you have any issues that you need help with, the CyberArk support team reaches out very quickly, depending on the criticality of the issue. If it's critical, they will reach out to you within hours.

The vendor support is really good.

The initial setup is quite straightforward. These days they have an automatic script — It is much less time-consuming.

We used to do it manually which would take almost two to three hours in total.

We did it in-house. I'm certified in CyberArk; I've also installed it for clients as well.

The licensing plan is either six months or one year — it's not on a monthly basis.

Every company will have a different license fee, but ultimately, it comes down to how many users you want to manage and how many companies you want to support. If you want three CPMs, then you'll need licensing for three. It's per-company, license-based.

I am currently evaluating other solutions. A few of them do not support PTA. Some of them don't have DevOps properly managed. Others don't give you the DNE facility, which is free of charge with CyberArk.

I would definitely recommend CyberArk Enterprise Password Vault.

On a scale from one to ten, I would give this solution a rating of eight.

Our primary use case is to control the technical accounts used in our DevOps environnment. The primary goal was to automate to the maximum all privileged accounts used by applications. It was a big issue because al dev guys were always using the same account/password couple. CyberArk is doing this for them transparently. Through time the scope was extended to all interactive users with the target to avoid them knowing the password. The automated password change was implemented to 99% of all accounts inside the company.

Before the CyberArk implementation passwords were never changed and known by everyone. We were also not able to track who is supposed to have access to what and who did what. With the successful CyberArk implementation, we are able now to:

- Guarantee the password is known by no one or for a maximum of eight hours.

- Full visibility about who is doing what.

- Full control about who is supposed to access what.

The risk of lost password and forbidden access to resources has been drastically reduced which increased the security level for the entire company,

In order to reduce the attack surface, the automated password change was pushed to the maximum. This way we know that no password is known or not for more than eight hours. It simplified the life of the operational teams because they do not need to take care of the secrets and keep their attention to maintain the infrastructure.

What also helped is the ability to constantly track who accessed which object. We took the opportunity to change our process in order to comply it. Now the activities can be done faster with better user experience.

CyberArk lacks the following functions for a better IAM like solution:

- Provision accounts for systems and directories.

- Create access to the systems.

- Monitor if any new account has been created into the system.

- Better GUI for the end-user and also for administrators. The learning curve is quite long and requires lots of training for good usage.

- More automated process for account provisioning into CyberArk. For example when a new DB is created.

- Better documentation with more examples for the configuration files and API/REST integration.

I have been using CyberArk PAS for eight years.

The stability is very good. We never had any crash in eight years.

Scalability is good because of the big variety of modules. Except for the redundancy which is quite limited with the not live replication. Also, the speed is quite slow for application accounts.

Very good always reactive. The commercial part was more difficult.

The initial setup is complex because it requires a clear company structure which was not the case. Technically also CyberArk is hard to address at the start because of its technical complexity and abilities.

In house. Very good.

Not calculated. Users and administrators more happy than before which is the best RIO.

CyberArk is quite expensive and they should have a better pricing model.

BeyondTrust, Hitachi ID, CA.

Hard to implement and to get acceptance from the users and management. But when installed the solution is rock solid.

From an industry perspective, you continue to see the headlines in the media about how bad actors have been able to take advantage of weak policies and security controls around access management within companies.  In these cases, the focus has been around employees that can access the most sensitive information, or have access to the very controls that operate and protect the firm.  Products like CyberArk, that provide controls for privileged access, have helped mitigate the threat of taking over those accounts that have the greatest amount of risk to an organization, particularly for those who are system administrators and have the highest powers in being able to access all levels of the technology infrastructure.

When it comes to the product's ability to standardize security and reduce risk across the entire enterprise, standardization is all about simplifying the complexity of IT threats and risks and it's all about the standardization of the controls that you have in place. If you have a product set that enables you to provide security, and it is consistently applied across a specific user base, then you have standardization which drives both enhanced security through the privileged access controls, and efficiency through the standardization of your operating model.

Availability is an interesting challenge, but it is part of an IT Risk Strategy.  When it comes to Cybersecurity, Privileged Access control is the ability to manage IT risk associated with the most powerful access to your infrastructure services.  This IT Risk can manifest itself as compromised information, manipulated data, or disruption of your IT based services. A Privileged Access Security product reduces the threat of stolen credentials and account takeovers of those profiles that would have the power to take down your enterprise.   Therefore, it not only reduces the risk to your firm, but also drastically improves availability. 

The most valuable features are its simplicity and the ease of implementation. When you think about privileged access management and the complexity of solving privileged access for those system administrators in your organization, CyberArk is a product that helps you simplify that problem and implement a standard set of security controls to protect the enterprise.  

In terms of the products ability to manage Privileged Access control requirements at scale; scale is really a function of two influences, which would either be the size of your infrastructure, or the complexity of your organizations operating model for those that have privileged access to your infrastructure services.  CyberArk scales quite readily across a large organization and through proper design and engineering is capable of expanding across a variety of use cases.  Like any technology control implementation however, it is always important to ensure you review and optimize the organizations support operating model, in order to ensure that you have the most optimal design and implementation of CyberArk.  

CyberArk has captured the individual privileged access space well. They've captured the application-to-application and DEVOPS space quite well.. They should continue to invest in optimizing the services, and help companies drive down risk associated with application based passwords, as this is an industry that is being closely watched by external regulators. 

CyberArk continues to stay close to the industry and are always looking for ways to improve  their products and service offerings accordingly.  There are 3 areas that I would call out, that CyberArk should continue to focus on:

1) Continue to help organizations understand how they align their strategies and roadmaps to industry trends and the overall cybersecurity threat landscape. 

2) Continue to help the industry innovate on talent , and position customers to be more successful in supporting their CyberArk implementations. 

3) Continue to help customers understand the Risk reduction capabilities and scorecards associated with their deployments.  Initiatives like the CyberArk Blueprint will help enable enable informed customers. 

The perceived stability of CyberArk is quite dependent on the complexity of the environment it is implemented in, and the overall design of the infrastructure, including both PSM and Vault technologies.  As an infrastructure it is quite stable; however, in complex network infrastructure environments, sporadic network disruptions could create issues accessing the various CyberArk network devices.

Scalability is a function of both technology growth, and integration capability.  CyberArk has not only continued to advance the infrastructure robustness of their software solutions, but through the C3 alliance they have also created integration opportunities with other IT Security and Access Mgmt products that allow companies to provide a full ecosystem of IT controls within their organizations.    This also provides an opportunity for companies to consider best of breed products, like CyberArk, and not have to restrict their decisions to a small set of technology tools that do not provide comprehensive Privileged Access Services.

CyberArk is a growing company and their technical support has continued to grow and mature across the organization. The one thing I'll say that CyberArk has been able to do is to continue to keep in touch with its customers and look into areas where there's opportunity to continue improving their technical support across the organization. CyberArk works with an integrated model: They have integrators within firms that will implement the product. But at some point, you always need to refer back to the software owners of the product to make sure that you're comfortable that what you've designed and implemented is in keeping with what their blueprint would have recommended in the first place. In addition, their technical support has continued to mature and grow to help customers become successful in their deployments.

What is complex is privileged access management. When companies look at implementing a software solution for privileged access management, if they actually haven't looked at the complexities of privileged access within their own organization — and I'm speaking more in terms of the business processes for that type of access across the organization — then any software tool is going to look complex because it's not going to solve the problem.

If a firm focuses on understanding their existing Privileged Access operating model, the inherent business processes, and the risk & pervasiveness of Privileged Access across their enterprise, then they will be better positioned to understand the business problem they need to solve.  CyberArk will then become a capability that enables them to solve their IT Risk issues with privileged access, and capitalize on the efficiencies with their new operating model.  The complexity seldom ever lies in the technology. It always lies in how well it integrates with the business processes that the firm is trying to solve as part of its deployment.

Privileged Access Management is a business transformation program.  It forces business to look at their overall operating model for system administrative and application based access, and develop a strategy that reduces risk overall to the enterprise. Once this strategy is completed, and a new operating model is conceived, CyberArk software and services becomes a very effective series of controls that enable the business to secure the most sensitive access to services, and allows the organization to operate within their risk tolerance. 

Far too often companies will treat the CyberArk product set as a software implementation, that becomes overly complex and evolves into a multi-year program. This is due in part to the legacies of technology programs, where the implementation will force business to rethink their operating model, and therefore delays, scope changes and cost of overall program becomes associated with the software implementation initiative. This is a consequence of positioning a Privileged Access program as a security software implementation, and not a true business transformation initiative. 

While CyberArk continues to adjust its licensing costs and continues to look at the comparisons in the industry and the ability to effectively and affordably help companies and firms solve their privileged access problems, companies also have to look at the overall cost of what a privileged access program means to their firm, and what shareholder value they gain as a result of implementing those types of products or services or business processes. In that context, they should start to look at what the comparison is against the software that they're using to enable those very controls they're trying to implement.

I've spent some time with BeyondTrust. I've spent some time with Centrify. I've had their products in for different instances and different purposes. They play an interesting concentric role in some of the areas that they focus on, but I wouldn't say I have one-to-one experience in other product sets.

CyberArk continues to innovate, as they refine strategies based on industry research and trends in the cyber security landscape, and incorporate the necessary updates to both their roadmaps as well as their product sets. The creation of the customer implementation roadmap, acquisition of Conjur for DEVOPS and the development of  Alero to address 3rd party secured access, are examples of product innovation to address  emerging risks within the  industry.  

I would rate CyberArk 8 our of 10;  although I do remain impressed with their existing set of product offerings, their cyber security roadmap & strategy, and their overall corporate philosophy, I do feel it is necessary for them to ensure they remain vigilant and maintain pace with an evolving cyber industry.  Significant disruption in the technology industry brought on by advancements in Machine Learning / AI, commoditization of cyber attack tools, and rapid deployment of IoT based technologies, summon the need to ensure companies do not become complacent in the agility of their security tools.

I have several passions. One of the passions I've always had is in organizational transformation and leadership. A second is really around the space for identity and access management. CyberArk has allowed me to continue, even after I've retired from the industry after 35 years, to still live that passion through their customers. I've been given the opportunity to provide some keynotes around organizational transformation. It's an exciting industry to be in and CyberArk has allowed me the benefit of still continuing to enjoy that experience.

An example of one of the ways CyberArk has benefited our company is one of the simplest. And this one is something that a lot of companies struggle with: domain administrators and server administrators. These are among the top accounts that most companies need to protect. As part of our deployment, we decided to go with these first when we deployed PSM.

What we found out was that there's always that friction with operational teams where they don't want to do this kind of work because it is another thing they have to do. But once the product was deployed and we were able to give them all the tools that they have today, and they did not have to go through attestations and audits anymore and, when team members were coming in and leaving, all they had to do was put in a ServiceNow request to complete all the work, it was just something so different for them that all that friction just went away. It was one of those simplest things, but one of the biggest things that you can do in your company to protect it.

I don't know if CyberArk really helps with meeting our availability requirements, but it definitely helps a lot with managing the accounts and managing the credentials. Availability? It helps to an extent. If there is an event of some sort, yes, you can always go back and look at the logs and you can figure out through recordings what happened. But it's more about manageability than availability.

In addition, when we started with RPA, there was a requirement that every credential and the bots themselves be protected through the PAM system. From the get-go, we've had CyberArk in the middle. We use standard products for RPA and all credentials are managed through CyberArk. All bots are protected via CyberArk, through PSM, and also through CCP calls. We've got a pretty robust RPA implementation with our PAM platform. Users, bots, the credentials — everything is managed via our PAM solution. From a cost perspective, this was something that was a requirement, so cost was never really an issue here.

The solution's ability to secure robots’ privileged access is pretty good. We've been able to secure our bots. In fact, we take care of our bots right from a development environment, using our development instances. So when our developers are building the scripts around those bots, they're already aware of what's going to happen when things finally go into production. Obviously, the level of security doesn't need to be the same, but we do it through the complete lifecycle.

PSM has been one of the most valuable features. We started on this journey a while back. Initially, when we did not have PSM, we started with AIM and that was our first use case. But an audit came along and we had to go towards something a little bit better and we had to migrate more applications. PSM came along and did exactly what we needed it to do. To take care of all the deficiencies that we had, PSM was the right thing to do.

We work with CyberArk's customer success team and we work with its engineering team back in Israel. We've been doing things on CyberArk which a lot of its customers, we know, have not been doing.

The one place where we found that this product really needs to improve is the cloud. Simple integrations don't exist, even today. We don't have anything specific on CyberArk for managing SaaS products, SaaS vendors, and SaaS credentials. I understand it's a vendor-based thing and that they have to coordinate with the other vendors to be able to do that, and there are integrations coming, but these are the major places where CyberArk definitely needs to invest some more time. Because this is what the future is. You're not going to have a lot of on-prem applications. Most stuff is going to the cloud.

Not every product is 100 percent stable. CyberArk does have some issues once in a while. But the core product, the vault system, has been extremely stable. We haven't had a single problem since we got this thing deployed, and it's been more than six years now. We've not had a single problem with the vault. 

Related to the software, there are other things that can cause problems. You could have clusters going down or you could have issues with hardware, but the product itself has been very stable. 

There are the usual quirks you have sometimes with PSM, but it's been a very stable product for what we need it to be.

In terms of the product's ability to manage all our access requirements at scale, about 80 percent of it can be managed. There is no product in the market which can say, "We can do 100 percent, we can do everything." Or, they say that they can, but when it comes to it, it doesn't really happen. But with CyberArk, we've had the benefit of it being a little scalable, plus very easy to configure for the different use cases we have. So we can cover around 80 percent. But then we have to put some compensating controls around the other 20 percent.

It has scaled for our use cases. We built it according to the very large specification and it has scaled. It has done exactly what we need it to do. We've not yet had a performance issue to date.

We've had good relationships with their technical department. My team usually does more engineering. We work with CyberArk's customer success team more often than the regular technical support. My operations team usually deals more with tech support.

When it has really come down to major issues, if we've ever had a Sev 1, they've been on point. They have picked up the phone, they've called us and they've helped us.

We did not use a different product. We had an in-built vaulting system for managing our own credentials. We've been a CyberArk customer for a while. We had the document vault. Privileged Access had just come out and CyberArk was one of the easiest choices we could make at that time. That's how we decided to go with it.

The initial setup was not straightforward. The very first setup that we did was specifically for AIM, which was obviously simpler. We had an in-built vault which we replaced with the AIM setup. 

Our PSM setup was very complex. We had about 450 applications that we had to onboard over a period of one year, and we had to remove close to 16,000 accounts. It was a very complicated setup. We built close to 35 different connection components to get this product in.

The total cost of ownership, over credentials, is definitely something that goes down if you have a vaulting system. But if you have deployed it correctly, that's the only time you can get that. We've definitely seen some improvements. There are additional costs associated with getting every application onboarded, but in the long run, it keeps the company secure and I don't think you can put a price on that.

We use the solution with AWS. In fact, we set up a custom setup for AWS. We worked with the CyberArk engineering team to get it working, to come up with a custom solution to integrate our AWS EC2 instances. There were some limitations, as I mentioned earlier, with how the product integrates with AWS, so we had to make some major changes to how the integration works. As far as monitoring is concerned, it's standard CyberArk monitoring. We don't see anything specific to AWS, as far as the monitoring is concerned. This is the one place where CyberArk can improve.

Privileged access management is one part of IM. Anything that goes through has to get approved through the IM team, and our product of choice for privilege access is CyberArk. When we decided to go to the cloud, this was the natural choice because this was the product that the enterprise uses. We've had challenges. We've had to customize the product to meet our requirements. It might not be the same for every customer because our requirements are a little unique. But it eventually worked out. We've been able to meet most of our use cases.

CyberArk is an eight out of 10. It can do a lot. But there is definitely scope for improvement.

I come from the IM world, but I was more into access management. CyberArk was just one of those products which was thrust on me. Now I'm head of privileged access management, so CyberArk has been pretty good for me, going from the access management space to privileged access management. It's definitely had an impact on my career.

We're a small IT shop of a few hundred people and the company has only a couple of thousand employees. We had some SharePoint workflows that people had used to get access via submitting a ticket. We had updated those processes by using some DevOps, some JAMS jobs that run in Azure, and they were breaking frequently. We have gotten people to understand now that they can just go to CyberArk. They don't have to submit a ticket, they don't have to go through a workflow, they don't have to put in the right server name or wait for an approval. It's just there. People really like that.

The solution standardizes security and reduces risk-access across the company. It's what the solution does. It's just a requirement. Standardizing access is taking away the "onesie-twosies." With the DNA scan, you're running a full report of everything on all your servers that you're targeting, or all the servers period, and finding those onesie-twosies accounts and getting rid of them. Standardizing and making local accounts on the servers, accounts that have least privilege and that don't have access to anything else, and giving people only that access when they log onto a box; that's pretty cool standardization.

In terms of being able to have a quick win using the solution, we were given a ridiculous deadline to meet an external customer requirement to have privileged access management in place within a couple of months. That was to include signing the purchase order, getting it installed, and having it up day one to take in what we thought were 17 servers. Actually, we found out it was 53 and, two weeks after we had it running, we found out there were upwards of 60 to 70 servers. Getting all those servers in, the accounts in place, by the deadline — even just installing it — was all an immediate win. People said it couldn't be done.

Right off the bat, the most valuable feature is the DNA scan. It gives us the ability to scan our environment and find the accounts that we're going to need to take under control.

We're quite new with CyberArk. We've just installed it this past summer and we've taken off with the Microsoft tier model. Tier 0 is our domain admin accounts and our local admin accounts on some applications are specific to SOX requirements. That's been amazing. It's basic-use PAM, but it's been really fast and easy because of the DNA scan. We knew what was there and we were able to go find who owned those accounts. Step one, step two, step three are really easy.

We're pretty excited about Alero, the third-party access management. As a small company we lean on vendors quite a bit and we do that in multiple areas. That's going to be a big one for us. It's just gone from beta to production. It's one of those things that's on our roadmap, but being so new to the toolset, we're just growing into the tool. We're not quite there yet.

The product has been around forever. In a way, it's a bit old-school. I came from a Windows Server environment, so I get how it's built. It's INI files, it's apps that run on Windows Servers. I'm sure there are other ways that it runs, such as in the cloud as well. There are other directions. But the base of the product is old-school. It just works. So the stability is there. My new engineers can do the install, they can understand how it works. It's quite stable.

In terms of scaling, we're not there yet. We have a number of offices, we're a small company but we're spread globally and we're installing servers in Brazil. We also have servers in London, so we can scale geographically quite easily because it's applications running on servers. There's also a DR capability, having those vaults where needed, so we can scale that way.

There are a lot of new things coming out about endpoints, and third-party management is going to be big. We can scale geographically and we can scale outside of our borders and that's going to be cool.

We had no PAM program when I came to this company.

The initial setup is very straightforward. It's well-documented. We sought to have external advisors and third-party consultants help, in addition to CyberArk's help, because we had such tight deadlines. We were installing multiple environments with a turnaround in weeks and had to complete the training at the same time. Junior engineers were coming in and they could walk through it. We found out that it's almost self-doable. But that's probably not advised in any solution. The help was appreciated but it's straight-away easy.

In a previous life, I worked with TPAM, Quest products, and Safeguard. We evaluated five different toolsets when it came to my new role here — all the major players. The last two were Quest and CyberArk and I had a strong relationship with both groups. A lot of it came down to dollars and cents, but CyberArk also had that marketplace that told us that we could do certain things out-of-the-box. That was very important to us, enabling us to get stakeholders' buy-in: strategic alliances within our customers or the companies that we own. We got them bought-in to the idea that they were going to be using this tool. It came down to the marketplace.

I'd never ever rate anything a 10. I'd probably never rate anything a one. I'd rate CyberArk as 7.5 out of 10. We actually did surveys of all the people that saw all the demos of all the new solutions we looked at. CyberArk was a seven or eight consistently, from all the people who watched it. The benefit of it is it's stable, it's old-school, it just works. The downside is that it's a big program. To scale excessively, locally, on an on-prem application, takes a lot of servers. Those are the highs and lows. It could be amazing if it all ran in the cloud, but that wouldn't be possible.

I started as a PAM engineer eight years ago. Learning PAM and understanding how it protects people and being the liaison who needs to take passwords away from engineers is really tough. But it put me in a good spot. I grew from a PAM engineer to an identity engineer to identity team lead to identity manager. Within the last year-and-a-half, I came into this company because of a PAM role. They hired me as an identity manager because I knew PAM and because I had a relationship; I was working on bringing CyberArk in as part of my previous role and they wanted me to come in and do that same evaluation here. So knowing CyberArk got me my job and, within three months, they said, "We don't need just one team like this doing these assessments. We need multiple teams. So you're an associate director." I said, "Thanks, I don't want to do that. I just want to play with PAM."