CyberArk Deployment for Secure Payment Access Platform

Cyber Ark Deployment

The Privileged Access Management (PAM) project will build a new capability in one of our major retail clients in Australia to further uplift and secure users and systems accessing data related to PI; or Personal Information or have elevated privileges that can access critical business systems.

This new capability will be implemented by the CyberArk Privileged Account Security Solution – which combines an isolated vault server and a unified policy and discovery engine to provide security for privileged accounts.

The core PAM components are configured in an active-active configuration at the Application tier and load balancer.  They support automatic failover to meet the High availability requirement. 

1st Image

The scope of the project is:

  • Design a new PAM infrastructure for both non-prod and Prod environments.
  • Build a new PAM infrastructure – Non-Prod and Prod (including OOB network) that adhere to PCI compliance.
  • Install CyberArk components and other PAM-related software components to the new PAM infrastructure.
  • Deliver a new build script template to automate CyberArk Privilege Session Manager (PSM) installation as standard for future PSM build processes.
  • Build a new backup platform for PAM prod infrastructure.
  • On-board the Payment platform asset/servers to the new PAM (CyberArk) platform.
  • Ensure the New PAM platform is PCI compliant.

DR Service Level

  • The PAM Production environment's Recovery Point Objective, or RPO, will be 60 minutes.
  • The PAM Production environment's Recovery Time Objective, or RTO, will be 60 minutes.
  • The PAM non-production environment will be Business Hours only support with an RPO of 72 hours and best effort, “next business day” RTO.
  • Recovery of the f system depends on the component failing and may take a shorter time than 60 minutes to resume operation. Below is the RTO time of each component:

[table id=1 /]

cyberark2