We bought Cyber-Ark’s Enterprise Password Vault product last year to provide an enterprise-grade method of protecting passwords. Administrator passwords to corporate systems are essentially corporate assets and its a big hassle when the password is forgotten or held hostage. (no hostage taking here, but I have seen issues caused by forgotten passwords).
Passwords are often kept in text files or excel files (hopefully encrypted). Most admins here are using a consumer grade password safe installed on their local computer. This can have issues in cases of sudden staff turnover or when the passwords aren’t adequately backed up. For Disaster Recovery purposes passwords are stored in a safe in a sealed/signed envelope. There isn’t adequate access control and logging on the use of those passwords.
Cyber-Ark is extremely complicated to implement. It’s so complicated that you really need professional services. Since the product isn’t cheap to begin with, that seemed like an insult. I typically prefer products that are either straight forward enough to work without professional services, or products that once implemented during the evaluation are ready to go. I decided to bypass professional services. Unfortunately for various reasons the virtual environment we had set up during the evaluation was deleted so I had to start from scratch. Just over a year after buying the product, I ate crow and purchased four days of professional services. Even now, I find implementing Enterprise Password Vault is so complicated that I wont be getting everything I’d like out of the vault right away. And more $$$ for professional services may be needed.
There is a lot you can do with Cyber-Ark but its better to start out slow. If I think it’s of interest, I”ll blog about what I’m doing as it moves from proof of concept to full implementation.
Cyber-Ark is really expensive and excessively complicated in my opinion. However, the potential is there to do great things. I’ve also enjoyed my dealings with sales (now gone from the company), the pre-sales engineer, and professional services. I only hope I find support as cool when I end up having to work with them.
Hi,
We also use it and I second your opinion and experiences. I’d be interested to know which modules you use (eg CPM, PSM, ENE etc) and what your latest experiences are. This product is a good idea but it doesn’t seem to be enterprise quality. I am also disappointed in the fact that they don’t deliver a ‘solution’ complete with sample organisational processes. These processes in the end define a lot of the security you get out of using the product and they are not trivial to design or implement. No formal suggestions from them for key management either…
With kind regards,
M.
When the pain gets unbearable give Secret Server a try.
It does *everything* that the Cyber-Ark solution does (and more), DOES NOT require professional services and is easy to implement and use.
It will also probably cost you less money since Cyber-Ark is overpriced in this space.
Hi complex meant that the soln has lots of fine granular features, “enterprise class ”
More complex also meant more money for making if you are a integrator or partner of cyber ark
FYI, cyber ark can also be tie in to Log mgt and also to helpdesk, and also the overall bigger picture of IDM
We are jakarta based and a loyal partner of cyber ark
I tried out their stuff during a POC but ended up with Liberman’s password manager. it’s easier to install by ourselves and setup quickly — 2 days. Managing 250 servers/900 desktops and 100 routers/switches with it and worked with most of our stack right away. Our final integration is sap and they said in october there’s a version releasing with sap integreation so we’re happy. I should check on that sap integration, it’s december!
-fr
It should be noticed that Frank is an account manager at Liebsoft. Nice try.