I'm looking for insights from anyone who's worked with CyberArk. Currently, we're using KeePass with user/password authentication, but our parent company is pushing us to switch to CyberArk. I'm worried because our integration platform relies heavily on non-rotating passwords, which we rarely change—like every few years. Plus, CyberArk is trying to limit the number of sessions, which I think could really hurt our productivity. What have your experiences been with CyberArk? Am I being overly skeptical? Also, I'm concerned about the slowness of the system, and the fact that they want us to use it as regular users rather than admins is honestly a bit funny to me, especially since the CyberArk team is just a couple of people. How do they expect to manage all our access efficiently?
5 Answers
Our team started incorporating CCP + Conjur for our infrastructure automation, and it really has alleviated some of the pain points we faced. But overall, CyberArk feels clunky and slow, and I'm not sure if it's just our implementation.
My advice? Look at Centrify instead of CyberArk. I've had experience with both and would go with Delinea Secret Server if you need something simpler. We've struggled with CyberArk and found it complex and frustrating to use.
CyberArk has definitely been a headache for us in terms of automation. We need an extra add-on just to programmatically get passwords, which makes using tools like Ansible and PowerShell a nightmare. We ended up getting approval to use Azure KeyVault for certain passwords so we could automate things better without worrying about password changes as long as we have the current ones in our vault.
But think about it: if you can extract credentials to authenticate, what's to stop an attacker from doing the same once they're in?
We've had a lot of issues with CyberArk—it’s frustrating for everyone involved. I suspect it was just the cheapest option at the time because the UI and browser integration are both terrible, and it only supports certain key types. I personally use BitWarden for my personal stuff since CyberArk is just a pain. Interestingly, CyberArk was recently acquired by Palo Alto, so maybe there’s hope for improvement, but I'm not holding my breath.
It certainly wasn’t the cheapest option! That software costs a fortune.
Yeah, but everyone uses it and auditors are familiar with it, so you might dodge issues from that standpoint, even if it sucks.
In my experience, CyberArk is over-engineered for traditional setups. If you have infrastructure as code and don't need constant access, you might not hate it as much. But I wouldn't recommend it for most cases.
I can't believe your company didn't just spring for the credential provider module—it would save so much hassle and reduce risks!