Breaking Down the Business Benefits and Cost Savings of CyberArk Privileged Access Management as a Service

May 18, 2021 CyberArk Blog Team

Forrester TEI Report PAM SaaS

By now, most organizations understand the importance of Privileged Access Management (PAM) in reducing risk and protecting critical assets from inevitable cyber attacks. But what may be less obvious are the operational efficiencies and positive financial impact the right solution can have on your business.

CyberArk recently commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study to examine the business benefits and cost savings enabled by two of our Privileged Access SaaS solutionsCyberArk Privilege Cloud and CyberArk Endpoint Privilege Manager — which are often used together to secure privileged access from the endpoint to hybrid workloads.

The Total Economic Impact™ Of CyberArk Privileged Access Management As A Service” quantifies benefits realized by a composite organization (which we’ll refer to here as the “Organization”), based on data aggregation and in-depth interviews with five CyberArk enterprise customers in the financial, insurance, healthcare and legal sectors. Our hope is that security leaders can tap into these peer insights to help make informed Privileged Access Management prioritization and investment decisions.

Below, we break down four of the study’s top findings and explain why they matter:

1. Fill Cybersecurity Skills Gaps and Simplify Operations

According to a 2021 PwC report, more than half (51%) of organizations are planning to add full-time cybersecurity personnel over the next year, with cloud solutions topping the list of roles they want to fill at 43%. Yet finding the right people is no small task: the global number of unfilled cybersecurity jobs is expected to reach 3.5 million this year. Simply put, most organizations don’t have a surplus of trained security professionals on staff to deal with infrastructure headaches and time-consuming administrative processes, such as discovering and onboarding privileged accounts and manually changing credentials and secrets.

Forrester found that by using CyberArk PAM as a service, the Organization realized an estimated time savings of 780 hours annually, which translates to operational efficiency savings worth $104,914 over three years. With this new-found bandwidth, internal IT staff can focus valuable time and efforts on strategic tasks that support core business activities. And, with hundreds of out-of-the-box integrations available from the CyberArk Marketplace, CyberArk integrates seamlessly into existing IT security stacks and provides immediate time to value.

“CyberArk Privilege Cloud allows our organization to secure our infrastructure and applications and to run our privileged access management activities much more efficiently while maintaining the confidentiality of sensitive data,” said a director of information security at a large insurance organization.

2. Improve Regulatory Compliance and Ease Audits

Organizations are contending with an alphabet soup of industry regulations and security frameworks like SOX, HIPAA, PCI-DSS, MAS TRM, NERC CIP, SOC 2 Type 2 and CMMC, among many others. With so many different users, disparate IT systems and hybrid and multi-cloud environments, many organizations struggle to meet requirements and prove to auditors that privileged access and least privilege enforcement are under control.

By centralizing and automating the enforcement of privileged access policies with CyberArk, the Organization realized $152,435 on compliance, regulatory and audit labor savings over three years.

Interviewees also indicated that simplified audit reporting has helped improve their relationships with auditors and regulators. A president of global identity access management at a financial services firm explained why this is critical: “There’s nothing that annoys a regulator more than coming in and finding deficiencies that you as an organization didn’t already identify. Because, to them, their perception is that they found something that you didn’t know you had. So, CyberArk really does give you more credibility with the outside auditors and regulators by its ability to prove full compliance of regulations.”

3. Protect Endpoints Anywhere and Block Ransomware Attacks

Endpoint attacks such as spear-phishing and ransomware can disrupt business, damage organizational reputation and result in crippling lawsuits and fines. Ninety-seven percent of senior security executives say attackers are increasingly trying to steal one or more types of credentials in such attacks on PCs, Macs, servers and remote devices. And they’re zeroing in on business users with access to sensitive data who may not be adequately protected or trained to spot a spoof. It only takes one unsuspecting user to click on a malicious link, open the door for an attacker and set off an attack chain leading to stolen data or encrypted information held for ransom.

Local administrator rights are often left on endpoints, making them attractive targets for attackers who can use these credentials to elevate privileges and launch into other parts of the network. Removing local admin rights from workstations significantly reduces risk but can inhibit productivity while workers wait for necessary access to systems and software, and overburden IT help desk teams with install requests and configuration changes. There’s a need for more flexibility and automation when it comes to both requesting and provisioning privileged access to company resources. And as ransomware attacks surge — and 59% of security decision makers view ransomware as a top security risk — organizations are looking for a way to shore up vulnerabilities, improve security posture and mitigate risk.

The Organization found a balanced approach to securing endpoints and maintaining productivity with CyberArk Endpoint Privilege Manager. Forrester calculated resulting service desk benefits worth $70,502 over three years. Each year, the Organization was able to save 780 IT help desk service requests at a cost of $40 per ticket, helping end users and IT teams boost productivity.

CyberArk Endpoint Privilege Manager has been tested on more than three million ransomware samples to date, and its unique approach to local administrator rights removal and application control has been proven 100% effective in preventing this ransomware from encrypting files.

4. Reduce Risk of Serious Security Breach

Today, the leading cause of breach is identity compromise and the subsequent abuse of privileged credentials. Every corporate identity — whether human or machine — can have privileged access under certain conditions, creating an attack path to an organization’s most valuable assets.

CyberArk Privileged Access solutions secure privileged access wherever it exists. Our privileged access-led approach to Identity Security is designed to help enterprises adapt and embrace a risk-based strategy for defending against advanced attacks. By focusing on identifying and isolating threats that have made their way through the dissolving security perimeter, organizations can defend the heart of the enterprise, protecting what matters most.

This approach enabled the Organization to reduce risk of a serious security breach — a cost avoidance savings valued by Forrester at $586,711 over three years. When making this calculation, Forrester took two major categories into account: the cost avoidance savings of a breach (fines, lawsuits, reputational damage, etc.) and the cost avoidance savings of internal productivity loss associated with a breach.

The Bottom Line

According to Forrester, by using both CyberArk SaaS solutions, the Organization achieved a total three-year, risk-adjusted benefit of $914,562, and realized full ROI in less than nine months.

Of course, there are some business benefits that just can’t be quantified, like the peace of mind that comes with knowing your most critical assets are secure — and having the confidence to accelerate business agility, knowing you’re fully covered today and in the future.

A financial services vice president of global identity access management summed those intangibles up in the study: “At our company, CyberArk’s solutions provide an additional level of value through risk reduction that’s afforded to our shareholders and our customers by virtue of the security that we’re implementing and the protection that they’ve come to expect.”

But there’s more to the story. Check out the infographic or download the study for a full analysis, as well as customer testimonials, deployment considerations, integration insights and other key findings.

This blog post highlights key findings of a case study commissioned by CyberArk titled: The Total Economic Impact™ Of CyberArk Privileged Access Management As A Service, March 2021.

© 2021 Forrester Research, Inc. All rights reserved. Forrester is a registered trademark of Forrester Research, Inc.


Previous Article
Hack(er)-of-All-Trades: Q&A with CyberArk Technical Evangelist Andy Thompson
Hack(er)-of-All-Trades: Q&A with CyberArk Technical Evangelist Andy Thompson

We can’t help it. We hear the word “hacker” and our minds instantly go to shadowy figures in dark rooms fra...

Next Article
Opportunistic vs. Targeted Ransomware Attacks
Opportunistic vs. Targeted Ransomware Attacks

The critical infrastructure systems we rely on to deliver water, electricity, fuel and other essential serv...