Idira Secrets Management Reviews

The main use case for CyberArk Secrets Management is application integrations and the CI and CD part. In CyberArk Secrets Management, there are a variety of tools that they cover, one being the Credential Provider, another the Central Credential Provider, and then there is ACP, along with Conjur. Excluding Conjur, we are using those three methodologies, which cover use cases for user-to-machine as well as machine-to-machine. For user-to-machine use cases, if there is any kind of secret being used by users, we use the Credential Provider to manage those secrets, and Secret Manager also exposes some APIs for machine-to-machine use cases in the customer environment. The named features are used for user-to-machine and machine-to-machine use cases.

The granular controls of CyberArk Secrets Management are very niche in their development and very secure from the overall secret management perspective, offering high-level functionalities where we have control over user access, which can be tracked and monitored. There are sessions that get monitored and audited, representing the major features within CyberArk that combine with this Secret Manager.

In terms of discovering secrets, CyberArk provides two types of functionalities. One is a separate tool called the DNA tool that discovers overall secrets within the customer enterprise, and they publish a dashboard that needs discussion with the customer. Post the DNA tool discovery and analysis, CyberArk portal has an auto-discovery tool that facilitates quick onboarding based on customer discussion.

CyberArk Secrets Management is the best tool used in the healthcare industry as it comes with HIPAA compliance, which is already available in the CyberArk portal. That is why, atop the Gartner tool, CyberArk is preferred, although from a commercial perspective, it is not a cheap solution, and customers must pay a significant price.

The tool is very good, but the commercialized training, which is paid, could be improved. Regularizing those trainings as part of a global alliance between the customer, SI partner, and CyberArk would be more profitable, allowing relevant SMEs to be trained better. There are training courses available that sometimes provide coupons on a yearly basis. If those coupons increase from about 10 to 20 people, it would provide better opportunities for SI partners Tech Mahindra to train resources and gain visibility with customers. There are indeed paid training courses for partners, and while they shouldn't be entirely free, the coupons can make them free. Increasing those coupons would allow more resources to be trained rather than limiting them to just two or three.

I have been working with CyberArk Secrets Management for around 2.5 years overall.

From a stability perspective, it is fine as long as the architecture is well-designed and reviewed by CyberArk, making it pretty stable.

CyberArk Secrets Management is very much horizontally scalable; it's a plug-and-play system once the installation is completed.

CyberArk support is absolutely professional. There is dedicated support with defined SLAs, and for any architectural discussions, we can reach out for professional services, which has a good and standard support system.

Positive

Once CyberArk is fully integrated, there is a standard SOP that differs from customer to customer, allowing compliance issues to be mitigated quickly. It depends on the delivery team because CyberArk provides everything within the dashboard, along with REST APIs to easily handle respective non-compliance parts quickly.

One of the CPL licenses costs around 60 to 80k GBP.

CyberArk Secrets Management is aimed at reducing meantime to detect, but one must be well-versed in the functionalities such as discovery, onboarding, and regular compliance activities that need to be extracted on a quarterly or monthly basis. CyberArk was already deployed with this healthcare customer. It just involved a different SI partner rather than Tech Mahindra who were not very skilled in that area.

There is a significant focus on automation and AI to expedite operations, optimizing the current BAU team toward compliance. CyberArk offers online training, some freely available, some paid, which upon completion, helps understand every aspect of Secret Manager to assist customers in meeting compliance needs.

Integration totally depends on the use case, and discussions should be had first regarding the specific needs. Once defined, complexity depends on the defined use case; if it is simple, it is easy. But if different use cases arise requiring APIs, then there is some effort from the customer's side.

It is effective in protecting against ransomware attacks. CyberArk components are hardened, and they provide a threat analytics tool called PTA, Privileged Threat Analytics. This tool offers a dashboard where restrictive policies can be enforced to block unauthorized commands. It is crucial to architect the system correctly, placing CyberArk components behind firewalls and in different domains, ensuring stability against cyber attacks.

I would recommend that anyone planning to use CyberArk Secrets Management ensure they have the requisite training on that particular Secret Manager, as it incorporates various components such as CP, CCP, ACP, Conjur, and more. In healthcare, I cannot confirm fines being avoided, but in telecom, they are avoiding fines under the stringent guidelines of the Telecom Security Act in the UK. CyberArk is the preferred tool for meeting all TSA requirements and is widely used among telecom operators in the UK. I rate CyberArk Secrets Management solution as a nine out of ten.

We own a robotic process automation platform called UiPath. We use CyberArk Secrets Management to bring the credentials into robotic process automation for the bots during runtime.

With CyberArk Secrets Management, we were able to resolve the automatic change of the passwords based on timelines. We were also able to retrieve the passwords in an encrypted format by utilizing the CyberArk platform, which was not provided to us by UiPath.

Moving CyberArk Secrets Management from on-premise to a SaaS model has improved flexibility and reduced server utilization. It gives us more flexibility to interact with other platforms.

The automatic rotation of the password is the top feature. The integration with the platform allows for a direct change of the password. No one sees the passwords while resetting or upgrading them. The automatic rotation of passwords is crucial.

The user interface can be improved, and with new platforms emerging, CyberArk Secrets Management could integrate with them. The password search feature and integration between different vaults could be enhanced. For instance, when updating passwords in both lower and higher environment vaults, improvement is required in search and upgrade functions.

I have been using it for almost five years now.

It is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

Its utilization is based on the requests from applications. Whenever we have a new application in the environment and they have a requirement to retrieve the passwords from a secure vault, we create a vault for them, and then they utilize that application.

We have 200 to 250 automation bots. They are utilized by the whole department, not by a single person. Enterprise-wide, there are about 1,000 users.

We did not have a good experience with technical support because their numerous processes caused delays in engaging, leading to project delays or issues with production.

Neutral

Before CyberArk Secrets Management, we did not use any similar product. We used internal key vaults specific to a particular laptop, such as the Windows key vault, or the UiPath assets built into the orchestrator.

We have had both on-premises and SaaS models. The on-premise setup was a little difficult, but now that it has been moved to the SaaS model, everything is controlled by CyberArk. We just go and do our work.

The initial on-premises setup took two weeks because it was an integrated effort. I had to spin up the servers and bring in the CyberArk Secrets Management resource to deploy the scripts. I then had to open networks and firewalls between CyberArk Secrets Management's on-premise servers and the application server. In the initial phase, it took two to three weeks, but it became easier when moving to the SaaS model.

In terms of maintenance, it requires patching or upgrades, which happens one day in a month. If there is a failure, we have to roll back and try once again, which takes more time, but if everything goes smoothly, there is three to five hours of downtime.

The return on investment is primarily in compliance. During audits, such as SOC audits happening quarterly, having passwords saved and retrieved in an encrypted manner is a significant advantage. It allows us to pass all audits. It is mainly towards SOC audit and compliance. We have seen about 15% ROI.

It is in the middle. It is neither very cheap nor very expensive, so I would place it in the middle.

I would definitely recommend CyberArk Secrets Management, but check the ROI before investment. 

Overall, I would rate CyberArk Secrets Management an eight out of ten.

We use CyberArk Secrets Management for applications that utilize GitLab, CI/CD pipelines, and Kubernetes. These are our primary use cases, and we are also exploring additional options.

We implemented CyberArk Secrets Management to ensure seamless application access to the latest passwords during secret rotation, eliminating delays caused by outdated credentials. This proactive approach prevents disruptions in report execution and other critical processes, which can lead to financial losses and operational inefficiencies across various industries.

CyberArk Secrets Management is adaptable, but transitioning from existing secrets management products takes time. Integration is seamless for existing CyberArk PAM users, requiring minimal effort and resources. For those utilizing other solutions, migration to CyberArk is gradual, often starting with a pilot program. A key feature is the robust monitoring service, which allows for Syslog integration with SIEM solutions like Splunk, enhancing security monitoring capabilities.

CyberArk effectively safeguards our financial services infrastructure. CyberArk remains capable of performing its core functions.

It assists us in meeting compliance and audit requirements. During audits, such as SOX or others, findings often arise regarding accounts that need monitoring or remain unmanaged. By utilizing CyberArk's Privileged Access Management solution and its features, we can address these concerns and fulfill audit requirements. Consequently, by year's end, we successfully managed the targeted number of Windows and Linux accounts.

CyberArk streamlines our workflow by automating report generation. These reports, which can be extracted regularly, are sent to management for auditing purposes, enabling them to monitor our daily progress. The system also facilitates the viewing of recorded sessions and sends logs for Secrets Management, allowing for on-demand report generation.

CyberArk Secrets Management is a critical solution for strengthening our security posture. CyberArk was a strategic decision to enhance our security across all industries, not just financial services. Compliance is crucial whether a company handles financial data or any other type of critical information. Implementing CyberArk PAM, Secrets Management, and IGA is essential for achieving and maintaining compliance standards and protecting sensitive data.

We recently began implementing CyberArk Secrets Management. This solution has the potential to improve our operational efficiency.

We are currently trying to use Conjur Cloud. One of the most important features for us is the system's performance, particularly its speed of retrieving secrets. 

We occasionally experience incidents that delay password injection back into the script. Additionally, we've sometimes focused on vaulting instead of actively managing passwords, which is a concern that requires further exploration.

I'm comparing the capabilities of Conjur and Secret Service with our existing products to ensure all our use cases are covered. Some features, like dynamic tokens for Azure and GCP, are already supported by other products but not yet by Conjur. Additionally, full support for GCP Secrets Manager and CyberArk needs confirmation. While Conjur has potential, implementation was complex and required professional services. Simplifying the setup process, particularly for Conjur Edge and Conjur Cloud, would be beneficial. Improving documentation, especially for daily tasks like creating safes, would make the product more user-friendly for those new to Conjur.

I have been using CyberArk Secrets Management for a few months.

I have experience with Hitachi ID systems, now known as Bravura Security, for PAM and application management credentials. Their orchestration and password randomization processes are different.

I have also evaluated HashiCorp Vault, a robust enterprise-level vault system. It's challenging to get people to adapt to new solutions like CyberArk Secrets Management. However, it will be beneficial if CyberArk continues to add features and use cases covered by other solutions.

I would rate CyberArk Secrets Management a seven out of ten. It's important for CyberArk to continue adding features and covering more use cases.

The learning curve is easy for those with prior experience in Secrets Management. However, without the CyberArk Conjur training, the concepts were often challenging to grasp. Improving the training with demos and real-world examples based on the latest use cases would be very beneficial.

CyberArk handles maintenance for its SaaS solutions, but if components are installed in the client environment, regular maintenance, like upgrades and patching, is necessary, particularly for Windows VMs.

My main use cases at the moment promote security all across the organization.

The features of CyberArk Secrets Management that I value the most are flexibility and the numerous integration offerings they have. It is not easy to use, but it is secure enough.

I utilize the credential rotation automation feature.

It has helped reduce human error and mitigate the risk of data breaches significantly. From a scale perspective, once configured, there is much less friction in terms of human involvement inside the procedure, which gives us much more confidence that we are getting what we wanted.

I would assess the integration capabilities of CyberArk Secrets Management with existing applications, databases, and dev tools as straightforward. It is very easy as they supported many tools we were using.

I use the audit trails for compliance purposes.

The audit trails have been extremely important for us in helping our organization meet regulatory requirements. It actually enabled us to do things that would have been impossible without it.

CyberArk Secrets Management has been able to enforce granular access controls, and that has impacted our security strategy by giving us more ability to interact with third parties knowing that CyberArk Secrets Management keeps us safe.

There is room for improvement with better documentation and less need for CyberArk Secrets Management personnel to assist us with their presence.

I have been using CyberArk Secrets Management for three months.

The experience of deployment had constant challenges.

It has been reliable so far with no downtime or crashes.

It has scaled with the growing needs of my organization, but we are still in the early stages. It is hard to say, but we do see a lot of potential.

I have had to use their customer support and technical support. We are working with the professional services now to implement the solution.

I would rate them six out of ten for customer service.

Neutral

We were using CyberArk products prior to taking on CyberArk Secrets Management. We have multiple CyberArk products already deployed in the organization.

I considered Akeyless as another solution before selecting CyberArk Secrets Management.

I would rate CyberArk Secrets Management overall a seven out of ten.

The primary use case for CyberArk Secrets Management is rotating credentials for all service accounts, especially those managed by Puppet for file deployment. This includes rotating AWS keys and credentials used by Terraform. Additionally, we use CyberArk to rotate credentials for Bamboo, our chosen CI/CD tool.

CybereArk is vital for effectively managing and securing my credentials. The product is also scalable, so it can expand based on account types and application needs.

Improvements for CyberArk Secrets Management include enhanced documentation with more use cases and step-by-step integration guides. Thoroughly educating administrators on these aspects is crucial for successful implementation and utilization of the platform.

I don't have much experience with CyberArk Secrets Management yet because it is still new. Most people on my team are conducting proof of concepts and tests.

So far, Secrets Management has not presented any performance challenges or issues, even though I am still expanding its scope.

Scalability is a strong point. Secrets Management is scalable based on various account types and applications, allowing extensive use as needed.

CyberArk's support team is knowledgeable and helpful, consistently responding on time. If the assigned support person is unavailable, the ticket is passed to someone else. This is a great service.

Positive

We are finalizing the deployment of CyberArk Secrets Management. While the lower environment deployment is complete, we're facing challenges in production. Our policies require all software to be deployed via Puppet, but CyberArk lacks direct Puppet integration. To overcome this, we are working with third-party vendors to develop a solution for deploying the Conjur module to our Linux servers. This integration complexity is our current obstacle.

For implementation, CyberArk engineers assisted me, and I was significantly involved within my team. I am now utilizing internal and external Puppet experts.

CyberArk Secrets Management has a moderate pricing structure based on a per-tenant licensing model rather than a per-user account model like their PAM solution. This makes Conjur's cost comparatively minimal due to its one-time procurement model for modules.

I would rate CyberArk Secrets Management seven out of ten. Conjur is complex and involves several integrations with different applications and accounts. Implementing it and ensuring seamless password rotations present challenges.

The full benefits of CyberArk Secrets Management are not yet apparent as we are still in the exploration phase of this new tool. We are working to understand its functionalities and potential applications, which are proving to be slightly challenging.

Maintenance is required and managed by administrators and engineers.