CyberArk Privileged Access Security Solution Integration Guide

This document will guide security administrators through the steps for integrating CyberArk Privileged Access Security Solution with an HSM on Demand Service. It demonstrates securing a CyberArk Digital Vault's top-level encryption key within an HSM.

The CyberArk Privileged Access Security Solution provides a highly secure database that stores privileged credentials, access control policies, credential management policies and audit information. To protect both the Digital Vault database, and the data stored within the database, CyberArk has designed a multi-layered encryption hierarchy that uses FIPS 140-2 compliant encryption. Each individual file and safe within the Digital Vault database is encrypted with its own unique encryption key.

HSM on Demand for CyberArk provides a root of trust for the CyberArk Privileged Access Security Solution's top-level encryption key in an HSM.

The benefits of securing the server key with an HSMoD service include:

>Secure generation, storage, management, and protection of the encryption keys on a FIPS 140-2 level 3 validated hardware*.

>Full life-cycle management of keys.

>Performance improvements resulting from off-loading cryptographic operations from application servers to the HSM on Demand Service.

This document contains the following sections:

>Preparing for the Integration

>Integrating CyberArk Digital Vault with an HSM on Demand Service

This overview contains the following topics:

>Third Party Application Details

>Supported Platforms

Third Party Application Details

This integration guide uses the following third party applications:

>CyberArk Privileged Access Security Solution

>CyberArk Digital Vault server

>PrivateArk Client

Supported Platforms

Below is the list of the platforms tested with the following HSMs:

SafeNet Data Protection on Demand (DPoD): is a cloud-based platform that provides on-demand HSM and Key Management services through a simple graphical user interface. With DPoD, security is simple, cost effective and easy to manage because there is no hardware to buy, deploy and maintain. As an Application Owner, you click and deploy services, generate usage reports and maintain only the services that you need.

CyberArk Vault Server PrivateArk Client Operating System
10.3 10.3 Windows Server 2012R2