Professional Documents
Culture Documents
1
• Introductions
• Jumpstart Package Overview
• Jumpstart Phases
• Cancellation Policy
• Engagement Sequence
AGENDA
• Overcoming User Objections
• CyberArk Blueprint Overview
• Phased Approach to Risk Reduction
2022 JUMPSTART PACKAGE OVERVIEW
Privilege Cloud 2 2 6
IMPLEMENTATION
Identity 1 1 1
# of Account Platform
ONBOARDING types 3 Platforms 4 Platforms 6 Platforms
(up to 5 accounts)
Training Credits 6 6 12
5
2023 JUMPSTART PACKAGE OVERVIEW
Privilege Cloud 2 2 6
IMPLEMENTATION
PSMP 2 2 2
Identity 1 1 1
DPA 2 2 3
ONBOARDING
# of Account Platform
types 3 Platforms 4 Platforms 6 Platforms
(up to 5 accounts)
EXPAND &
SECURE
4 Additional Meetings
Use Case Workshops 4 Additional Meetings 6 Additional Meetings
(post install meetings) (3 Usecases) (6 Usecases)
(3 Usecases)
Training Credits 6 6 12
6
Three Phases of the Privilege Cloud Jumpstart
10
Engagement Sequence
Infrastructure Build and Internal Testing and Preparations Remaining Use Cases
Preparation Internal Testing and Preparations
PAS Program Workshop • Testing End User Access to • Remaining use cases in the
• Setup of servers Solution • Collection of account details scope are collected and
• Project Requirements • GPO exceptions • Collection of account details of 2nd use case onboarded
• Expansion Goals • Domain user & group of 1st use case • Sourced by use case • Automation planning
• Plan of action creation • Sourced by use case owners • Additional feature
• Information Gathering • Software staging owners deployment
cyberark.com
CyberArk identifies six recommendations
Keyways for KEEP for overcoming Business User objections to
6 Overcoming User
Objections to PAS
IT
SIMPLE
PAS, rooted in the philosophy, simplify the
end-user experience. The easier you
make their experience, the more likely they
are to adopt and buy-into the program.
1 2 3 4 5 6
Provide Publish Implement Automate Allow Define Clear
Training for Instructions Single Request Onboarding Scheduled Escalation
Onboarding for Onboarding System Delivery Changes Process
Providing mandatory Having a published When possible, use a Leveraging automation App Teams can be Problems themselves
onboarding training reference document for single request system for for onboarding delivery hesitant toward PAM, don’t mean a negative
means less time and onboarding matters as all PAS related activities (Credentials, help them by allowing perception, but the lack
cycles wasted on trying much as training. (access, onboarding, Applications, Providers) scheduled password of escalation and
onboarding Credentials, Maintain a reference that etc). More request helps streamline and changes for their apps resolution can be. Make
Applications and include customer systems equals more expedite the delivery using Platform driven it easy for end-users to
Providers. Confusion expectations (SLAs, confusion. mechanism for end- timeframes, human escalate and get
leads to frustration and workflow, etc) for self- users. triggers or REST API assistance when
dissatisfaction. paced guidance. triggers. needed.
12
CYBERARK BLUEPRINT STAGES OVERVIEW
IDENTITY SECURITY CONTROL FAMILIES & TECHNOLOGIES
GOAL
Access Least Privilege Privileged Access Secrets Management
Focus on locking down PaaS Admins, Workstation Local Admins, 3rd Party Business Tools &
STAGE 2 the most universal Cloud Privileged Entities Cloud Privileged Entities Privileged AD Users & Application Servers
technology platforms & CI/CD Console Admins *NIX Root + SSH Keys (via C3 Alliance)
13
RECOMMENDED INITIAL USECASES
• Windows Server Administrators. These could be domain accounts or local server accounts.
14
VISIBILITY OF JUMPSTART ACTIVITIES AND PROGRESS
CyberArk uses a tool called Gainsight that gives us the ability to share, collaborate and interact with our
customers. Helping us manage the various objectives and tasks that go into a Privilege Cloud JumpStart
Services Delivery.
You will be invited to access this tool as well has have ownership on various customer specific objectives
& tasks such as training completion, providing IP Addresses to be whitelisted and prerequisites
completion for deployment.
15
ARCHITECTURE
CONFIDENTIAL INFORMATION
Site 1 Site 2
Load Balancer
ARCHITECTURE
CPM PSMP
Secure Tunnel CPM
CPM Scanner
Secure Tunnel
PSM Service
Identity Directory
Service
25
Target Systems
Privilege Cloud
Active
Directory
RDP, SSH, JDBC, HTTPS RDP
Connector
HTTPS 443
Server A
Windows /
*nix
Service HA Connector
Load Balancer Users
Databases Server B
Legend
Firewall
26
Connector
On-Premise Integrations
Server A
Privilege Cloud
Secure Tunnel
SIEM, RDP
Secure LDAP
Secure
Tunnel HA SIEM
Servers
SIEM, RDP
Vault Tunnel
Backend
Servers
Connector Legend
RADIUS Server B SIEM, RDP
Server
HTTPS/ TCP 443
Active
Standby
27
Target Systems
Remote Remote
Employee Vendor
Active
Direcotry
Privilege Cloud
Secure Tunnel
Remote Windows /
*nix RDP, SSH, JDBC, HTTPS
Access
Remote Access
Secure Tunnel HTML5G Portal
W for Privilege Cloud
Backend Web Portal
Connector Server A Remote
PSM Access
CPM
Databases CPM Scanner
Secure Tunnel
Legend
Firewall
28