Overview

CyberArk Zero Touch PKI offers a fully managed, cloud-based solution designed to replace legacy PKI systems like Microsoft ADCS and EJBCA. It addresses the challenges of managing outdated PKI infrastructure, including high staff costs, security vulnerabilities, and difficulties meeting DevOps demands. This service provides a seamless transition to PKI-as-a-Service, eliminating the need for extensive server upkeep, hardware maintenance, and constant security monitoring. The solution is completely hands-free, freeing up staff and budget resources previously dedicated to maintaining and operating outdated PKI systems. It integrates directly with CyberArk Certificate Manager to automate and streamline the orchestration of machine identities. The service includes white-glove onboarding and deployment, tailored to specific business needs, ensuring rapid ROI and lower overall costs. CyberArk Zero Touch PKI boasts a modern microservices architecture, enhancing flexibility and security. It offers 24/7 technical support and monitoring for smooth operations, and its architecture is designed to adapt to expanding certificate needs and evolving business demands, accommodating even unanticipated spikes in certificate requests. The solution supports various auto-enrollment methods (SCEP, MDM, ACME, EST, REST interfaces), automating a typically labor-intensive process. Built with robust security capabilities, including FIPS 140-2 Level 3 certified HSMs, it ensures regulatory compliance (SOC 2 Type II certified; key management is NIST 800-131A and Common Criteria EAL4+ compliant). Its global availability, backed by multi-data-center redundancy, guarantees 99.9% uptime.

Features and Benefits

• Full Replacement for Microsoft ADCS and EJBCA: Upgrade to a modern PKI solution with unrivaled levels of flexibility and security, made possible by a highly available, cloud-based architecture.
• Zero Effort Setup: Requires no army of consultants or hefty services budget, freeing staff and budgets from maintaining and operating outdated PKI.
• Integration with CyberArk Certificate Manager: Easily automate and streamline the orchestration of every machine identity in your business.
• White-Glove Onboarding and Deployment: Tailored, streamlined cloud PKI service eliminates wasted time, built to your specifications, and removes server upkeep and hardware maintenance, resulting in lower costs and rapid ROI.
• Enhanced Flexibility and Security: Through modern, microservices architecture, CyberArk Zero Touch PKI enhances flexibility and security.
• Individualized Expert Support: Customized service includes 24×7 technical support and monitoring to ensure smooth operations.
• Managed PKI: Flexes with expanding certificate architecture and new use cases, responsive to evolving business demands.
• Auto-Enrollment Ready: Automates an otherwise labor-intensive process and ensures IT real estate is protected by TLS certificates; supports SCEP, MDM, ACME, EST, REST interfaces.
• 99.9% Uptime: Available around the globe, backed by multi data-center redundancy in North America and Europe, to meet any certificate needs, any time.
• Enhanced Security Controls: Built with the same security capabilities used to operate publicly trusted CAs, including FIPS 140-2 Level 3 certified HSMs, to ensure regulatory compliance.
• 24×7 Service and Physical Security Monitoring: Rest easy knowing your business is protected and that your PKI is under constant surveillance.
• Certified and Compliant: Service is SOC 2 Type II certified; key management is NIST 800-131A and Common Criteria EAL4+ compliant.