Sold by: CyberArk
Deployed on AWS
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
4.5
Overview
CyberArk Secure Cloud Access, part of the CyberArk Identity Security Platform, delivers Just-in-Time (JIT) access with zero standing privileges, allowing developers secure access across AWS, Azure, and GCP environments without interruption. Designed with a developer-friendly approach, CyberArk dynamically provisions access to reduce risk and maintain developer productivity.
The Critical Need for Developer Access Security With the rise of digital transformation, overprivileged developer identities are increasingly targeted in attacks, often leading to prolonged breaches and data theft. Traditional standing access in cloud environments opens paths for attackers to misuse credentials, creating risk. CyberArk mitigates this by enabling JIT access, reducing the attack surface and safeguarding organizations from long-term breaches.
Developer-Centric Access for Enhanced Efficiency CyberArk recognizes the operational demands developers face. Developers can launch sessions natively, using their own federated identity across cloud services, APIs, and infrastructure without jump servers or extensive approvals. This seamless approach enhances productivity while preserving security.
Key Benefits for Developers Zero Standing Privileges (ZSP): Developers get temporary, session-based access without standing permissions, reducing unauthorized access risk while maintaining workflow continuity. Time, Entitlement, Approval (TEA) Model: CyberArk's TEA model ensures developers receive access when needed, minimizing delays in time-sensitive situations and restoring functionality faster. Attribute-Based Access Control (ABAC): Permissions are granted based on identity, role, and context, aligning with security requirements without compromising developer efficiency. Prioritizing Developer Experience CyberArks approach offers:
Native Tool Access: Developers use familiar tools like SSH clients and web consoles directly, reducing fatigue and allowing agile response times. Fast Incident Resolution: On-demand access for critical scenarios helps minimize downtime, accelerating issue resolution. Centralized Access Across Clouds: With a unified platform, developers manage access to all environments consistently, boosting speed and productivity. Empowering Developer Velocity and Security CyberArk enables a frictionless experience by securely granting JIT access, preventing delays in high-pressure situations. By allowing developers native access to cloud consoles, CyberArk reduces credential management burdens and risk, supporting developer velocity and secure innovation.
Adaptive Controls for Multi-Cloud Security CyberArk's Insight to Action framework centralizes oversight of access rights across cloud environments. Integrated with AWS IAM, AWS IAM Identity Center, Slack, and ServiceNow, it simplifies privilege management, enhancing both security and operational efficiency.
Protecting Against Identity-Based Threats CyberArk's ZSP and JIT access model ensures no standing credentials, reducing credential exposure and unauthorized access. Layered, identity-based controls help secure developer access without hindering productivity, empowering continuous innovation.
Measurable Benefits with CyberArk Secure Cloud Access Accelerated Cloud Transformation: Provides developers secure, JIT access to SaaS, APIs, and infrastructure in a unified, compliant platform. Efficient Compliance Management: Detailed audit trails and ITSM tool integrations ensure secure scaling and compliance. Enhanced Developer Efficiency: JIT access via the TEA model streamlines access, reducing delays and improving user experience. CyberArk: Secure, Fast Developer Access for Innovation The CyberArk Identity Security Platform ensures secure, JIT access at cloud speed, offering the only identity security solution with Zero Standing Privileges. It reduces attack risks, drives operational efficiency, and supports developer innovation.
For custom pricing or offers, contact AWS-Marketplace@cyberark.com .
Highlights
- Provide Temporary Elevated Access, Just-in-Time with Zero Standing Privileges to Resources across your cloud estate
- Secure, Native access requiring no change in workflow, tooling or configuration for end users. This is provided to accelerate adoption
- Access workflows provide a rapid and clear route to elevated entitlements with close integration to ITSM and ChatOps tooling
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Secure Developer Users, Standard Edition, QTY 5 users | Secure Cloud Access - 5 users: Multi-cloud, zero SP, CLI/web, monitor | $2,400.00 |
Vendor refund policy
Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ >
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ > Contact CyberArk for support related questions: <www.cyberark.com/customer-support/ >
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By CyberArk
By BeyondTrust Corporation
By Barracuda Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Just-in-Time Access Provisioning
Delivers temporary, session-based access to cloud resources across AWS, Azure, and GCP environments without standing privileges, dynamically provisioning permissions when needed.
Zero Standing Privileges Architecture
Eliminates permanent elevated access by implementing zero standing privileges model, reducing credential exposure and unauthorized access risks across multi-cloud environments.
Attribute-Based Access Control
Grants permissions based on identity, role, and contextual attributes, enabling fine-grained access control aligned with security requirements.
Multi-Cloud Integration
Integrates with AWS IAM, AWS IAM Identity Center, Slack, and ServiceNow to provide centralized access management and oversight across multiple cloud environments.
Native Tool Access Support
Enables developers to use familiar tools such as SSH clients and web consoles directly without requiring jump servers or extensive approval workflows.
Centralized Identity and Access Visibility
Provides centralized view of identities, accounts, entitlements, and privileged access across IT estate with threat detection capabilities for compromised identities and privileged access misuse
Privileged Credential Management
Manages privileged passwords, accounts, credentials, secrets, and sessions for human and machine identities with complete control and security enforcement
Privileged Remote Access Control
Enables granular control, management, and auditing of remote privileged access for employees, vendors, developers, and cloud operations engineers with zero trust enforcement
Endpoint Privilege Management
Enforces least privilege on Windows, macOS, and Linux systems by removing local admin rights, replacing sudo with centrally managed solutions, and preventing malware and phishing attacks
Threat Detection and Analytics
Delivers advanced discovery, intelligence, and deep contextual analytics to detect threats across entire identity estate and identify hidden attack paths
Zero Trust Access Model
Implements rule-based and condition-based access control requiring continuous verification of user and device identity and trust before granting access to resources
Multi-Cloud and Hybrid Infrastructure Support
Provides secure remote access across AWS workloads, on-premises resources, and other cloud environments without requiring VPN
Conditional and Contextual Access Control
Delivers remote conditional and contextual access to resources with capability to reduce overprivileged access and associated third-party risks
Device and Endpoint Management
Supports instant provisioning of company-owned devices, employee-owned devices, and unmanaged contractor endpoints for remote access
Seamless Access Provisioning
Enables instant provisioning and seamless access experience for remote workers without requiring awareness of underlying zero trust security implementation
Standard contract
No
No
No
Customer reviews
Sasikiran Sakalabattina
Cloud access has transformed privileged workflows and now enforces just-in-time zero trust control
Reviewed on May 11, 2026
Review from a verified AWS customer
What is our primary use case?
CyberArk Secure Cloud Access is used primarily for secure administrator access to cloud consoles like the AWS console, Azure portal, and GCP console without sharing permanent credentials. It allows for better passwords and passwordless access, temporary admin privileges, and full audit tracking. Just-in-Time privileged access is utilized when a cloud engineer needs temporary production access for maintenance or troubleshooting; access is granted for only an approved duration, which is automatically revoked once the work is done. Additionally, it manages DevOps and Kubernetes access, provides third-party vendor access, and facilitates multi-cloud access governance for AWS , Azure , and GCP . It also caters to emergency situations such as break-glass access during critical production outages and assists in compliance and audit management, such as for SOC audits, while implementing Zero Trust security principles.
What is most valuable?
The best features of CyberArk Secure Cloud Access include Zero Standing Privileges, which eliminates the need for permanent admin access by providing users with temporary access only when required, ensuring it automatically expires after task completion. This significantly reduces insider threats and credential misuse. In scenarios such as patch deployment in Azure, CyberArk grants admin access for just two hours after approval, which is revoked automatically once the activity is completed. Furthermore, it supports passwordless access, multi-cloud environments, and includes session monitoring that records privileged sessions to assist during audits and investigations, providing better compliance visibility. Agentless browser access is another significant feature, as it eliminates the need for VPN dependency, making operations easier for DevOps and cloud teams.
Role-based access control (RBAC) improves cloud security by providing access based on job roles and responsibilities, which helps reduce unauthorized access. For example, I provide full infrastructure management rights to cloud admins while offering limited access based on role specifications for DevOps engineers and read-only access for auditors. RBAC includes implementing least privileged security, thus preventing accidental changes and limiting the attack surface, ensuring only authorized users can modify sensitive resources. This improves compliance auditing through traceable access control, monitoring, and documentation.
What needs improvement?
There are several areas where CyberArk Secure Cloud Access could improve, such as the integration with enterprise IT ecosystems, including cloud platforms, SIEM tools, ITSM solutions, MFA systems, and DevOps platforms. While it improves operational efficiency and provides seamless user experiences, configuring policies can be complex, requiring skilled engineers. More guided deployment wizards, better automated onboarding templates, improved UI/UX experiences, simplified policy management, and enhanced reporting and troubleshooting would be beneficial.
For how long have I used the solution?
I have been using CyberArk IdM and CyberArk Secure Cloud Access solutions for the last three years.
What do I think about the stability of the solution?
I would rate the product stability of CyberArk Secure Cloud Access around 9 to 10, noting its high scalability and reliability, especially in SaaS deployments. Although there can be upgrade complexities, the platform achieves strong uptime and stability amongst enterprise-level security.
What do I think about the scalability of the solution?
Access control has improved by more than 20% with CyberArk Secure Cloud Access. With over 1,100 users utilizing this solution, I have eliminated the need for RDP access, ensuring that users can only access servers with the proper multi-factor authentication and manager approval, achieving complete coverage and reducing the risk of breaches.
How are customer service and support?
I rate the technical support for CyberArk Secure Cloud Access as a 10.
What's my experience with pricing, setup cost, and licensing?
The pricing for CyberArk Secure Cloud Access is quite high, especially the initial implementation cost, as it requires skilled engineers for deployment, configuration, and integration with various tools. The complex licensing structure involving user accounts, modules, features, and deployment types complicates cost estimation, making it seem expensive for smaller companies; however, it offers better value for larger enterprises. Additional service charges for architecture consulting and deployment support increase operational costs significantly.
Which other solutions did I evaluate?
When comparing CyberArk Secure Cloud Access with other solutions such as BeyondTrust, Delinea, and ManageEngine, I focus on security capabilities, Zero Trust architecture, cloud-native features, integration ecosystem, and deployment complexity. I find that CyberArk ranks high in PAM maturity, particularly with its advanced features such as Zero Standing Privileges and Just-in-Time access that surpass those of competitors. CyberArk also demonstrates exceptional compliance and audit capabilities and excels in multi-cloud support.
What other advice do I have?
I use adaptive risk-based policies in CyberArk Secure Cloud Access, and while configuring these intelligent security policies, which dynamically adjust user access based on real-time risk analysis can be challenging, they significantly improve security. These policies evaluate user identity, device security, login location, time of access, user behavior risk score, and resource sensitivity to determine access permissions. For instance, if a cloud engineer typically logs in from the Hyderabad office during business hours but attempts to log in from an unmanaged device in another location, CyberArk blocks access and requests multi-factor authentication and manager approval before granting limited temporary access.
I assess the effectiveness of real-time monitoring in identifying threats in the environment by considering scenarios where an employee attempts to log in from a new location and needs manager approval. In such cases, multi-factor authentication is required, ensuring a second layer of security. This mechanism significantly reduces both insider and external threats in my usage of CyberArk Secure Cloud Access.
CyberArk Secure Cloud Access requires some maintenance, particularly for role-based access, future upgrades, patch management, and lifecycle management, which may involve minimal downtime. While skilled engineers and vendor support are needed during issues, it is generally designed to reduce operational overhead, benefiting from agentless access and cloud-native architecture, with regular maintenance tasks such as policy management and compliance auditing handled through the backend platform managed by CyberArk. I rate this solution a 9 overall.
RiaanDu Preez
Centralized access control has strengthened cloud security and monitoring has exposed risky behavior
Reviewed on Apr 23, 2026
Review provided by PeerSpot
What is our primary use case?
I have been dealing with CyberArk Secure Cloud Access for over three years now, and I have been working with CyberArk for 10 years plus.
I work with their CASB solution, CyberArk Secure Cloud Access , and I am a certified deployer for CyberArk.
I use adaptive risk-based policies in CyberArk Secure Cloud Access to learn and understand the environment.
The use of dynamic role-based access controls in CyberArk Secure Cloud Access enhances my cloud security by helping not to prolong the access granting process. In other words, just-in-time access is very quick.
Integrating with existing IT ecosystems like AWS or Azure IAM or Azure AD helps streamline my administrative and compliance efforts when that is set up correctly.
I have been both a customer and reseller of CyberArk.
What is most valuable?
In CyberArk Secure Cloud Access, I find the central point where it is easy to access and easy to configure most valuable.
I assess the effectiveness of real-time monitoring in identifying potential threats as very important nowadays, noting the use of algorithms and large language models.
Comprehensive audit trails in CyberArk Secure Cloud Access have provided valuable insights, especially with suspected misuse of credentials.
When someone obtained a vendor's details and attempted to access them, with monitoring enabled, it was easy to see from which area it came from and then confirm with the user whether they were trying to access it or had forgotten something at that point in time.
What needs improvement?
In my perspective, I do not see much that could still be improved about CyberArk Secure Cloud Access. Depending on what is used to do the integration, looking at the requester's posture could be beneficial.
In the future for CyberArk Secure Cloud Access, I would like to see tokenization improved, where every connection gets a new token. Not in the sense of a connection token but more a certificate that encrypts the data and gets deleted.
For how long have I used the solution?
I have been using CyberArk Secure Cloud Access for over three years now, and I have been using CyberArk for 10 years plus.
How are customer service and support?
I rate the technical support as very good, so I give it a nine because I know a lot of the technicians.
What other advice do I have?
I am not really working with Trellix that much anymore. It is more something like CrowdStrike.
I have not had experience with Falcon LogScale by CrowdStrike yet.
When it comes to implementation, I usually refer to the physical implementation or the preparation to implementation.
Overall, I usually say it takes about three months at least for both preparation, implementation, and configuration because this helps to plan and understand the client's environment so that you do not forget something and also do not break connections or anything when you do the implementation.
In South Africa, everything is expensive, so there is always going to be environments where this is seen as a luxury product instead of an enabler.
I rate CyberArk Secure Cloud Access as also a nine, but I would like to see what happens with the Palo Alto acquisition.
I would generally recommend CyberArk Secure Cloud Access to others, but there are other good options, depending on what the client is looking for.
For companies in South Africa, I would not recommend CyberArk Secure Cloud Access for medium to small companies, but it also depends on what their security appetite is.
My overall rating for this review is nine.
Arkajit Das
Secure access has strengthened privileged controls and real-time threat monitoring for admins
Reviewed on Apr 22, 2026
Review from a verified AWS customer
What is our primary use case?
My usual use cases for CyberArk Secure Cloud Access involve primarily working on PAM, which is Privileged Access Management , and this generally helps us with admin and high-level account accessibility. We also use credential vaulting alongside its JIT, which is temporary access, and this has proven quite helpful for our needs.
What is most valuable?
The features of CyberArk Secure Cloud Access that I find most valuable are the monitoring, recording, and auditing capabilities.
I find them valuable because both products are quite interchangeable, and the main feature we love is the temporary access. Secondly, it does not require sharing a password, which is really helpful. Additionally, PAM is the core strength of this product, and it provides a dashboard for continuous threat detection, which is quite helpful for taking action against threats.
The value of the insights provided by audit trails is significant for me since it allows checking user logins and accessibility, helping identify potential threats and block or restrict access from high-risk zones. It effectively tracks user login attempts, access requests, approvals, and policy changes, which are crucial for implementing recent policies.
What needs improvement?
CyberArk Secure Cloud Access provides a solid foundation overall, but the UI/UX might be challenging for less tech-savvy individuals. Something user-friendly that improves the interface and the initial setup process would enhance the experience. The technical documentation requires a high level of understanding about how CyberArk works, and this could be improved.
For how long have I used the solution?
I have been working with CyberArk Secure Cloud Access for almost three to three and a half years.
What do I think about the stability of the solution?
I find CyberArk Secure Cloud Access quite stable. However, updates are not very frequent at times, yet it still performs well. The stability from a security perspective is quite good.
What do I think about the scalability of the solution?
The scalability of CyberArk Secure Cloud Access is commendable, as most enterprises use it. From a scalability standpoint, I would rate it an eight out of ten.
How are customer service and support?
I have communicated with the technical support of CyberArk Secure Cloud Access a couple of times.
My experience with CyberArk's technical support has been quite good. They are helpful and provide enterprise-level support with knowledgeable engineers and ample documentation, especially during setup and critical issue handling. Turnaround times may vary depending on the type of support.
What other advice do I have?
I think adaptive risk-based policies are essential because when using any healthcare-related tool, the HIPAA-related compliance or SOC compliance will be completely different from the fintech platform. They definitely differ country-wise or region-wise, and whenever we use them for LATAM or the JPAC region, policy changes are necessary. There are three levels of risk that we configure: low risk for normal access, medium risk where we provide MFA, and high risk where we block that particular system or restrict the accessibility. This is how CyberArk works.
The effectiveness of real-time monitoring in identifying potential threats for my customers is really high because real-time threat detection is a helpful feature. It enables me to analytically check high-risk zones or systems and identify potential threats based on configured access, IP addresses, or analytical reports.
The use of dynamic role-based access controls enhances cloud security for my customers because dynamic roles are essential in current cybersecurity features. They assist in assigning roles dynamically based on user roles or groups configured for them, thus offering just-in-time privilege elevation that works directly with identity providers.
Integrating with existing IT ecosystems helps my customers streamline administrative and compliance efforts by configuring it with Microsoft Azure Directory and providing SSO for any external integrations. Azure offers the highest level of security from Microsoft, and the integration areas include similar functionalities such as MFA, which significantly aid in connecting to VMs or managing cloud workloads.
The pricing of CyberArk Secure Cloud Access is relatively reasonable. It is not as expensive as other cybersecurity software, but it is also not cheap. For enterprises, paying a little more is acceptable, especially considering that one data leak can lead to significant financial problems, making the transparent and flexible pricing worthwhile. I would rate this product an overall eight out of ten.
Nixon L.
Intuitive Interface with Unmatched Security
Reviewed on Apr 03, 2026
Review provided by G2
What do you like best about the product?
I like its interface which is very user-friendly. I also appreciate the security it provides, generating excellent protection. Additionally, I value that it offers minimal privilege access and allows the deletion of persistent accounts.
What do you dislike about the product?
The latency in provisioning was somewhat complex at the beginning.
What problems is the product solving and how is that benefiting you?
I use CyberArk Secure Cloud Access to offer least privileges to users, ensure secure connections to servers, and protect users and service passwords. Resolve user privilege access and enhance service security.
Mohammed_Talukdar
Improved cloud access control and auditing has met compliance needs but still needs better integration
Reviewed on Mar 28, 2026
Review provided by PeerSpot
What is our primary use case?
I purchased the solution through a third party. We have it deployed on our IT estate and we're still rolling it out across parts of our Telco estate, so it was easy to implement in my system.
What is most valuable?
The use of dynamic role-based access controls enhances our organization's cloud security as it is part of the controls that we require to meet our TFL obligations.
I assess the effectiveness of real-time monitoring in identifying potential threats as extensive, as we have extensive testing procedures, including performance testing, load testing, and monitoring the impact of the platform on any of our Telco operational systems. We have a very extensive testing lab facility with a comprehensive list of tests that we conduct.
Integration with existing IT ecosystems had some problems, and there is room for improvement. On the IT side, there were some problems, but we have overcome those problems. On the Telco estate, as we move towards our cloud-native platforms on the Telco side, there are still many question marks as to whether CyberArk Secure Cloud Access would be able to deliver the necessary capabilities and performance, but we are evaluating how that develops.
Comprehensive audit trails have provided valuable insights on the IT estate. We haven't rolled it out into full production on the Telco estate, and that is something we are evaluating right now.
I use adaptive risk-based policies. They have helped improve security measures quite extensively because it is a very dynamic environment, and we need those adaptive policies in place.
What needs improvement?
In the future, I would like to see better integration into some of our cloud capabilities and hybrid cloud capabilities, especially around where we have containerization, as I think that is an area where the product is claiming to be able to do things, but we are yet to see maturity in those areas.
Other than pricing, I see that there is room for improvement for CyberArk Secure Cloud Access , but we are generally satisfied with the product.
For how long have I used the solution?
I have been primarily a customer, and in this current role, I have been a customer of CyberArk for at least ten years now.
What do I think about the stability of the solution?
I have not faced any issues with this solution.
What do I think about the scalability of the solution?
When it comes to performance, I am definitely satisfied with CyberArk Secure Cloud Access on the IT estate, but we are still evaluating whether it has the right level of performance for the Telco aspects. We have an on-premises solution as well, so we are still evaluating.
How are customer service and support?
I would rate the technical support provided by CyberArk as low, because the solution is actually being delivered by a third party, and all support and services are delivered through the third party, so we are not interacting unless there is a major issue with CyberArk directly.
What other advice do I have?
I find the pricing definitely expensive, and it is something that we are debating as to whether we will continue longer term with CyberArk, but at the moment, it is the platform that is there and it is being rolled out to meet our TFL obligations, so it will continue, but there is significant discussion around the cost of the licenses. My review rating for this solution is 7.5.