Skip to main content
Skip table of contents

CyberArk Explained

Seamless & secure access for all identities

CyberArk is SoftwareOne’s chosen solution for providing customers with an additional layer of security beyond that provided by Microsoft through GDAP. CyberArk combines secure SSO, Adaptive MFA, Lifecycle Management, Directory Services and User Behavior Analytics, while providing simple and secure access to resources—on-premises, cloud, hybrid— while securing access for any location, using any device.

How CyberArk Strengthens Security and Access Control

1. Privileged Account Security & Credential Protection: CyberArk securely stores, manages, and rotates privileged credentials in a protected vault to prevent unauthorized access. It enforces least privilege policies, ensuring SoftwareOne engineers only have access to the resources necessary for their tasks.

2. Session Monitoring and Recording: CyberArk tracks and records privileged sessions, allowing organizations to monitor all activities performed by privileged users. It can also detect and terminate suspicious activity in real time. This means that all activities by SoftwareOne support engineers is monitored.

3. Just-in-Time Access & Least Privilege Management: The system grants temporary, time-limited access to critical systems based on approval workflows. This approach reduces the risk of persistent privileged accounts being compromised. i.e. SoftwareOne engineers are only granted time-limited access to customer tenants.

4. Secure Remote Access: CyberArk enables secure, VPN-less remote access to critical systems without exposing credentials. It also provides Zero Trust security for remote users and third-party vendors.

5. Integration with Security & Compliance Standards: CyberArk integrates with security tools such as SIEM, IAM, and MFA to enhance enterprise security. It also helps organizations comply with regulatory standards, including GDPR, HIPAA, SOX, and NIST.

Benefits

Secured logging in method – There are multiple login methods SoftwareONE has for CyberArk login but, from an end-user perspective, we have SAML authentication login. CyberArk SAML group is configured with SoftwareOne MFA for additional security layer.

Advanced Encryption Standard (AES) with a 256-bit key used for encrypting data including credentials. This level of encryption provides a high degree of security for stored credentials.

RDP session protected - When the end-user connects to the target machine, CyberArk acts as a jump server, and the logs are stored under CyberArk Vault; no credentials or logs are stored under the end-user machine directly.

Complete audit enabled (logging, activity recording)

CyberArk's retention policy for the account recordings is 6 months. Hence, we can validate video recordings for customer account login if there is any verification required. This data is encrypted as well.

Multiple Layers of Authentication

image-20250318-104116.png

NOTE: Access to CyberArk is limited to ONLY SoftwareOne Cloud Support Engineers. No other employee outside of Cloud Support can access CyberArk or the customer tenant.

Customer Requirements:

  1. Limit SWO access to the Trusted location (instructions to be shared separately if needed)

  2. Remove any SoftwareOne local accounts in your tenant.

  3. Exclude SoftwareOne Partner Center from all the policies that are blocking our access.

This would result in access for our consultants but only from the 2 public IP addresses connected to our CyberArk sessions. (IP addresses provided on request).

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close