By Oded Rosenmann, SaaS Business Lead – AWS
By Oren Reuveni, Principle Partner Solutions Architect – AWS
In today’s world, every software user can be considered privileged and nearly everyone in an organization can require access to sensitive systems, data, and applications.
This has resulted in an exploding spectrum of identities that are more frequently being targeted by attackers. It goes beyond traditional IT users and includes DevOps engineers, solutions architects, machine identities, business leaders, and more.
Global leader in identity security CyberArk will release shared services for its Identity Security Platform by the end of 2021. These will be cloud-native services built on Amazon Web Services (AWS) that provide customers with a comprehensive set of capabilities to help secure all identities from one centralized location.
The CyberArk Identity Security Platform helps organizations solve challenges such as enabling remote workforce access, locking down excessive admin rights on the endpoint, and securing credentials and secrets with minimal setup and quick time to value. Centered on privilege, the platform helps secure access for any user across any type of application or system, from anywhere, using any device.
Working closely with the AWS SaaS Factory team, CyberArk navigated technical and business decisions to build new shared services for the Identity Security Platform’s shared services. AWS SaaS Factory helped CyberArk to validate and accelerate software-as-a-service (SaaS) development during a company-wide shift to subscription business models and reduce their time to market by 30%.
We recently spoke with Assaf Miron, Sr. Product Manager at CyberArk, to learn more about the SaaS Identity Security Platform’s shared services and the value they will bring to customers. We asked Assaf to share advice for other enterprise-scale software providers in their journey to a SaaS delivery model.
Q&A with CyberArk
AWS SaaS Factory: Could you share a bit about your background and role at CyberArk?
Assaf Miron: I’ve been at CyberArk for the past eight years. I originally started out as a sales engineer and eventually transitioned to a product management role, where I’ve been responsible for managing a number of different solutions across our portfolio. The last two years of my time have been dedicated to building the shared services for our Identity Security Platform, so I am thrilled that—thanks to the help of AWS SaaS Factory—we are nearing the finish line and will be making it generally available to customers by the end of this year.
SaaS Factory: Which products and solutions has CyberArk built on AWS?
Assaf: CyberArk has multiple products that leverage AWS tool sets, such as our foundational PAM solution which is CyberArk Privilege Cloud, CyberArk Identity, our identity-as-a-service offering, Endpoint Privilege Manager, and CyberArk Cloud Entitlements Manager.
Today, we are building centralized, cloud-native shared services for all of our SaaS solutions and services to run on. It was important for us to have a “shared SaaS services” concept. This is where we came to leverage a lot of AWS SaaS Factory knowledge, and expertise to help build in, from day one, robust services that can accommodate the load and requirements from all of our existing SaaS applications.
SaaS Factory: Who are your customers and what are the security benefits for using CyberArk solutions?
Assaf: CyberArk has around 7,000 customers across different industries and verticals, from large banking, insurance, healthcare, and retail enterprises to smaller commercial organizations. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity—human or machine—across business applications, distributed workforces, hybrid cloud workloads, and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to defend against attacks, enable their digital businesses, and drive operational efficiencies.
SaaS Factory: Do you deliver a more agile user experience using the new shared services?
Assaf: Once we moved to a cloud-native platform, we really understood the potential of continuous delivery. During our design partners phase, we saw in action that a feature needed to change, or a bug was found. A more agile process helped us be sure that on the next sync call with the customer their issue was already changed and fixed.
SaaS Factory: Your solution’s architecture includes AWS serverless services. Can you explain why you chose them?
Assaf: We chose to use serverless services such as Amazon Athena, Amazon Kinesis Data Firehose, and AWS Lambda in order to get a robust, scalable solution that allows us to build fast while reducing costs. Athena, for example, allows us to query the data stored in Amazon S3 on demand, and without the need to keep an always-on database. Kinesis Data Firehose allows us to ingest data in near real-time and at scale, without worrying about the need to scale the ingestion data stream.
Figure 1 – Audit mechanism solution architecture.
SaaS Factory: What were the biggest challenges in your transformation to a SaaS delivery model?
Assaf: I think that aside from business challenges changing how we operate, deliver, and engage with our customers, on a development aspect the main challenge was making sure we are using market best practices and standards that can both fit our needs and the needs of our customers.
SaaS Factory: Describe some of the decisions you’ve made and how the SaaS Factory team supported these efforts?
Assaf: The AWS SaaS Factory team helped us throughout our journey in delivering our vision for the shared services of the Identity Security Platform. We started off with business guidance on cultural and organizational transformation, AWS’s working backwards approach, and creation of a PR/FAQ document. We then worked together on constructing SaaS metrics and designing unified platform services.
The AWS SaaS Factory architects helped us a lot in designing secure communications gateway and brokers architectures, multi-tenant data layer models, and unified shell interface data routing flow. All of this input will help CyberArk provide a user experience we expect to delight our customers.
SaaS Factory: As a Sr. Product Manager, can you share what was your area of responsibility?
Assaf: As a product manager (PM), I am responsible for defining the customer requirements and working with R&D to make sure we can answer them effectively. As a PM managing our shared services, I have two main types of customers: internal customers (the CyberArk SaaS applications product groups) and external customers (CyberArk customers). Each has their own special requirements for speed of developments, SDKs and standards, ease of use, unification of shared services, and more.
SaaS Factory: What advice would you share to other software providers as they navigate to a SaaS delivery model?
Assaf: Organizations that until today were mainly delivering solutions on-premises or in private clouds might need some time to change their mindset and think about leveraging serverless managed services. You should think about performance, load, and going for a continuance deployment method. Leveraging all of the abilities that native cloud development can bring you can really boost delivery time, agility, and make sure you create robust products that fit customer needs.
About AWS SaaS Factory
AWS SaaS Factory helps organizations at any stage of the SaaS journey. Whether looking to build new products, migrate existing applications, or optimize SaaS solutions on AWS, we can help. Visit the AWS SaaS Factory Insights Hub to discover more technical and business content and best practices.
SaaS builders are encouraged to reach out to their account representative to inquire about engagement models and to work with the AWS SaaS Factory team.
Sign up to stay informed about the latest SaaS on AWS news, resources, and events.