We bought Cyber-Ark’s Enterprise Password Vault product last year to provide an enterprise-grade method of protecting passwords. Administrator passwords to corporate systems are essentially corporate assets and its a big hassle when the password is forgotten or held hostage. (no hostage taking here, but I have seen issues caused by forgotten passwords).
Passwords are often kept in text files or excel files (hopefully encrypted). Most admins here are using a consumer grade password safe installed on their local computer. This can have issues in cases of sudden staff turnover or when the passwords aren’t adequately backed up. For Disaster Recovery purposes passwords are stored in a safe in a sealed/signed envelope. There isn’t adequate access control and logging on the use of those passwords.
Cyber-Ark is extremely complicated to implement. It’s so complicated that you really need professional services. Since the product isn’t cheap to begin with, that seemed like an insult. I typically prefer products that are either straight forward enough to work without professional services, or products that once implemented during the evaluation are ready to go. I decided to bypass professional services. Unfortunately for various reasons the virtual environment we had set up during the evaluation was deleted so I had to start from scratch. Just over a year after buying the product, I ate crow and purchased four days of professional services. Even now, I find implementing Enterprise Password Vault is so complicated that I wont be getting everything I’d like out of the vault right away. And more $$$ for professional services may be needed.
There is a lot you can do with Cyber-Ark but its better to start out slow. If I think it’s of interest, I”ll blog about what I’m doing as it moves from proof of concept to full implementation.
Cyber-Ark is really expensive and excessively complicated in my opinion. However, the potential is there to do great things. I’ve also enjoyed my dealings with sales (now gone from the company), the pre-sales engineer, and professional services. I only hope I find support as cool when I end up having to work with them.