Welcome to CyberArk Privilege Cloud

This topic provides an overview on Privilege Cloud, its capabilities, and architecture.


Privileged access represents the largest security vulnerability organizations face today. Privileged access exists in infrastructure and applications, whether on-premise or in the cloud. When employed properly, privileged access is used to maintain systems, facilitate automated processes, safeguard sensitive information, and ensure business continuity. But in the wrong hands, this access can be used to steal sensitive data and cause irreparable damage to the business.

Privileged access is exploited in nearly every cyber-attack. Bad actors, whether external attackers or malicious insiders, can abuse privileged access to disable security systems, to take control of critical IT infrastructure and applications, and to gain access to confidential business data and personal information.

CyberArk Privilege Cloud is a SaaS solution that enables organizations to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business.

Privilege Cloud protects, controls, and monitors privileged access across on-premises, cloud, and hybrid infrastructures.


The main capabilities of Privilege Cloud are:

Manages privileged access and credentials

Automates privileged credential rotation for both human and non-human users, eliminates manually intensive, time consuming and errorprone administrative tasks, and safeguards credentials used in hybrid and cloud environments.

Isolates credentials and sessions

Elevates your security posture by establishing a secure control point to isolate sensitive sessions and prevent credential exposure.

Discovers accounts

Offers automated tools to identify and secure privileged credentials across your organization.

Controls least privilege access for *NIX and Windows

Allows privileged users to run authorized administrative commands from their native sessions while eliminating unneeded superuser privileges. It also enables organizations to block and contain attacks on Windows servers to reduce the risk of information being stolen or encrypted and held for ransom.

Records sessions and enables audit

Reduces audit reporting efforts by automatically recording privileged sessions with a searchable log of privileged sessions.

Monitors and records sessions and enables security teams to view privileged sessions in real-time and maintain a comprehensive, searchable audit trail of privileged user activity. By maintaining strict isolation between endpoints and targets, security teams can help mitigate the risk of malware spreading from infected endpoints to critical systems by never exposing endpoints (typically the weak point in the attack chain) to privileged credentials.

Secures credentials for applications and non-human users

Hard coded credentials used in homegrown applications can be removed and managed by Privilege Cloud. The solution also integrates with other leading security vendors to remove hardcoded credentials from applications when they require privileged access to perform set tasks.

To learn about Privilege Cloud architecture and functional components, see Privilege Cloud architecture.

High-level architecture

The following diagram describes the Privilege Cloud architecture:

For a more detailed architecture diagram, see Privilege Cloud architecture.

Data retrieval

You can extract data at any time by generating reports in the Privilege Cloud Portal in CSV format. For details, see Privilege Cloud report types.

You can also use REST APIs to extract data from Privilege Cloud in JSON format. For details, see REST APIs.


For a detailed description of the Privilege Cloud architecture and functional components, see Privilege Cloud architecture.

Contact Support

If you require assistance, contact CyberArk customer support.