CyberArk is a privileged access management (PAM) solution. “Privileged access” refers to special access or abilities above and beyond that of a standard user, for example an database admin user or a site reliability engineer who needs access to a production server. Restricting elevated access privileges allows businesses to secure their infrastructure, data and applications. Effective privileged access management is often a requirement for achieving compliance objectives like SOC2, ISO 27001, and FedRAMP.
Protecting critical infrastructure requires a well-thought-out PAM strategy. However, traditional Privileged Access Management solutions like CyberArk have not kept up with modern developer practices. Traditional PAM solutions are complex to run and scale, slows developers down, and encourages insecure workarounds that leave organizations exposed to security threats and compliance violations. Read on for how Teleport differs from traditional PAM solutions like CyberArk.
Teleport is an open source, cloud native privileged access management for engineers and machines. Teleport delivers essential PAM capabilities such as zero standing privileges, just-in-time (JIT) access, activity logging, device attestation, and ability to act as an identity provider so that you can protect your critical infrastructure. For example, with Teleport, you can easily enforce MFA, RBAC, and access to infrastructure via specific client devices but in a developer-friendly and cloud native way.
One of the number one complaints with PAM solutions is that they are complex to manage and hard to scale. Because Teleport was designed from the ground up to be run by modern DevOps teams using Infrastructure as Code practices, with Teleport you can run your PAM just like any other cloud native application.
Teleport’s architecture also differs from a traditional PAM solution like CyberArk. CyberArk grants access to privileged resources like servers, databases and applications based on secrets like passwords and keys. Teleport is completely secretless, removing the #1 cause of data breach: stolen credentials. This modern architecture is similar to how Google famously run’s their BeyondCorp security model.
Additionally, Teleport was also built to maximize developer productivity. Instead of constantly checking out credentials from a centralized vault, Teleport enables identity-based, passwordless access to infrastructure resources directly.
Teleport has been recognized by the analyst community as a cloud-native PAM. According to 451 Research “‘Shifting left’ has become a thing in security circles, and addressing the needs of developers is no less true in the privileged access management market. Teleport’s Access Platform combines connectivity, authentication, authorization and auditing functionality into a single PAM platform that could rightly be viewed as ‘Okta for infrastructure.'” Read more about how Teleport’s cloud native PAM differs from CyberArk.
In summary, when comparing Teleport to CyberArk, it is worth highlighting several key Teleport features:
We believe that the best security solutions are built in the open. You can view the Teleport source code here and contribute in our open community.
Secrets like passwords and keys are the number one cause of breach. Keeping secrets and passwords in a secrets manager like CyberArk is better than using Post-It notes, but they are still a breach waiting to happen. Teleport replaces secrets like passwords, keys and privileged accounts like “admin” with secure, short-lived certificates based on human and machine identity. Fundamentally, we believe that using secrets to access something as critical as infrastructure is a design flaw.
Teleport provides native privileged access management and audit of cloud native technologies like Kubernetes, Cloud CLIs with AWS IAM, GCP and Azure support and modern cloud databases (e.g Amazon RDS, AWS DynamoDB, AWS Aurora, GCP Cloud SQL MySQL, GCP Cloud SQL PostgreSQL, Microsoft Azure PostgreSQL, Microsoft Azure MySQL, Azure Cache for Redis and many more).
For example, Teleport has a Terraform provider to easily configure and deploy the Teleleport .
Teleport combines an identity-aware access proxy with sophisticated authorization, audit and device attestation to provide a complete Zero Trust solution for infrastructure resources such as SSH, Kubernetes, modern databases, internal applications and even Windows.. Read about how Teleport fully implements a BeyondCorp and Federal Zero Trust Architecture Strategy and how we ensure that only trusted devices are used to access infrastructure.
Teleport is used by organizations with sophisticated access control requirements needed to achieve FedRAMP, SOC2, ISO 27001 and other compliance standards. Below is a partial list of these capabilities which you would expect in a PAM solution.
To conclude, both Teleport and CyberArk can be used to provide privileged access management to your infrastructure. If you are looking to manage access and audit for cloud-native applications like Kubernetes,cloud databases, over 100+ integrations and want to manage your PAM using the same DevOps tooling and processes as the rest of your stack, you can try Teleport for free and see for yourself.