Resources

Frequently Asked Questions

Answers to common questions about PAM, IAM, CyberArk and working with PAM Xpert.

Q

What is the difference between PAM and IAM?

IAM is the overarching framework for managing all user identities and access rights. PAM is a specialist discipline within the IAM ecosystem focusing exclusively on privileged high-risk identities — administrator accounts, service accounts, system accounts. In short: every PAM programme is part of IAM, but not every IAM programme fully covers PAM.

Q

Why is CyberArk the leading PAM solution?

CyberArk has been ranked as a Leader in Gartner’s Magic Quadrant for Privileged Access Management for multiple consecutive years. This reflects the platform’s technical depth (particularly vault architecture and session management), broad ecosystem (over 300 pre-built connectors), complete product portfolio (from on-premises to SaaS, endpoints to DevOps secrets) and market acceptance in highly regulated industries.

Q

Does DORA apply to my organisation?

DORA (EU) 2022/2554 has applied since 17 January 2025 to virtually all types of financial companies in the EU: banks, insurance companies, investment firms, payment service providers, asset managers, crypto-asset providers, trading venues and their critical ICT third-party service providers. If your organisation operates in the EU financial sector, DORA very likely applies to you.

Q

How long does a typical PAM implementation take?

This depends heavily on scope and complexity. A foundational implementation (vault deployment, onboarding the most critical systems) can be completed in 6–12 weeks. A full enterprise implementation with broad account onboarding, SIEM integration and JIT access typically takes 6–18 months. PAM is not a one-time project — building a mature PAM programme is a multi-phase process.

Q

How does PAM Xpert work?

PAM Xpert works fully remotely and on a project basis. For assessments, architecture consulting and short-term engagements, we prefer an initial phone or video call to understand the situation. Longer-term consulting mandates and implementation projects are agreed on the basis of a defined scope and timeframe. We do not issue standard proposals without a prior conversation.

More questions?

Didn’t find your answer?

Get in touch directly — we’re happy to answer your questions personally.