With the completed examination, CyberArk becomes the first Identity Security provider offering SOC 2 Type 2-certified SaaS solutions for privileged access management (PAM), endpoint privilege management, remote vendor access, Identity and Access Management, and cloud infrastructure entitlements management.
The CyberArk Identity Security Platform enforces least privilege and enables secure access across any device, anywhere, at just the right time. Built on a foundation of Privileged Access Management and powered by Artificial Intelligence-based behavior and risk analytics, the CyberArk Identity Security Platform helps organizations secure access to critical business data and infrastructure, protect a distributed workforce and accelerate business in the cloud.
As a result of the successful SOC 2 Type 2 examination, the following CyberArk offerings have achieved compliance, including:
- CyberArk Cloud Entitlements Manager: The most recent offering to achieve this certification, Cloud Entitlements Manager enforces least privilege by identifying and removing excessive permissions across the enterprise cloud footprint that can leave organizations vulnerable – significantly reducing risk and improving overall visibility and security.
- CyberArk Identity: Enables single sign-on (SSO), adaptive multi-factor authentication and lifecycle management, providing simple and secure access to resources for the workforce and customers.
- CyberArk Endpoint Privilege Manager: Strengthens organizational security by managing local admin access and enforcing least privilege, while simultaneously mitigating risk by protecting against credential theft and ransomware.
- CyberArk Privilege Cloud: Delivers Privileged Access Management-as-Service, enabling organizations to continuously discover and manage privileged credentials across the enterprise, while isolating and monitoring privileged sessions, preventing the spread of malware and satisfying audit and compliance requirements.
- CyberArk Remote Access: Provides secure remote access to critical business resources by combining Zero Trust access, just-in-time provisioning for external vendors and biometric multi-factor authentication. Remote Access reduces operational overhead and makes it easier and quicker to strengthen organizational security.
“CyberArk is committed to driving innovation across our platform and ensuring our offerings meet the highest levels of security and compliance,” said Chen Bitan, chief product officer, CyberArk. “By continuously testing and validating our products against the most rigorous industry standards, we reinforce trust with our customers who depend on CyberArk to improve the security of their IT environments, including their supply chains.”
The SOC 2 report provides assurance that service commitments and system requirements pertaining to common criteria controls, as well as confidentiality and availability criteria are met. Completion of the SOC 2 Type 2 examination indicates that selected CyberArk infrastructure, software, people, data, processes and procedures have been formally reviewed.
The SOC 2 examination was conducted by A-LIGN ASSURANCE (“A-LIGN”), an independent auditing firm, in accordance with the American Institute of Certified Public Accountants (AICPA).
To learn about CyberArk’s commitment to our customers, please visit the CyberArk Trust Center, containing information about the company's security, reliability, privacy and compliance policies.
CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn or Facebook.
Copyright © 2022 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.