Your PAM vault meticulously tracks every privileged infrastructure account in your environment.
Now count everything else. The shared admin accounts for your SaaS platforms. The service credentials contractors use to access your systems. The API keys embedded in marketing automation tools. The shared logins teams use to manage customer-facing services. The partner access to your business-critical applications. These accounts often sit at the center of customer operations, revenue systems, and automation workflows, which means unmanaged credentials here translate directly into business and compliance risk. And while these accounts behave like privileged identities, traditional PAM tools do not treat them that way.
Traditional PAM solutions excel at protecting infrastructure. But the credentials used to access disconnected apps often live in spreadsheets, Slack threads, and personal password managers. This last mile of identity sits outside your vault.
This is where teams collaborate, deliver services, and run daily operations. It’s also where traditional PAM coverage ends, leaving high-impact credentials unprotected.
Cerby exists to secure that last mile.
Today, we’re introducing Vault Backup, which extends PAM protection to SaaS credentials by backing up Cerby-managed secrets into your CyberArk vault.
Understanding the last mile of identity
Before we dive in, let’s define what we mean by the last mile. The last mile of identity refers to the credentials that protect your critical business apps but happen to fall outside traditional PAM coverage. These include:
- Shared SaaS admin accounts that multiple team members need to access
- Credentials used by contractors, partners, or applications that power customer-facing or revenue-driving systems
- API keys and tokens embedded in automation tools and workflows
- Password-based accounts that employees create and maintain for many key business apps
These credentials are just as privileged as your infrastructure accounts, controlling critical systems, customer data, and business operations. But they’re often stored insecurely in spreadsheets, chat threads, wikis, or personal password managers. And unlike infrastructure credentials that are tightly controlled, these identities multiply rapidly without centralized oversight. As teams adopt new SaaS tools, the gap becomes both widespread and fast-growing. These credentials lack the governance, audit trails, retention, and recovery capabilities your PAM vault provides for infrastructure secrets.
That's the gap Cerby fills, and that's what Vault Backup is designed to strengthen even further.
Vault Backup with CyberArk
Many organizations rely on CyberArk as their system of record for high-value secrets. Security and compliance teams want to maintain independent control over critical credentials, meet retention and backup requirements, reduce dependency on single systems, and standardize secrets management across business units. Cerby now supports these goals by allowing customers to back up Cerby-managed credentials directly into their CyberArk vault. What this enables:
- Credential resilience - Enterprise-grade redundancy for both human and machine identities managed in Cerby
- Centralized compliance - Unified governance across privileged access systems and SaaS or shared accounts
- Operational continuity - Continued access to stored secrets during audits, investigations, or recovery scenarios
- Customer-owned retention - Credential storage and retention inside your CyberArk tenant, on your terms
- Layered security architecture - Cerby's automation paired with CyberArk's enterprise vaulting
This is about more than redundancy. It helps deliver resilience, ownership, and trust in how credentials are stored and governed.
See it in action
Here's how Vault Backup works in practice, from configuring your CyberArk safe to seeing credentials automatically replicated and available for audit.
Cerby orchestrates SaaS and user-managed accounts while CyberArk remains the long-term vault of record. The integration supports backup today and is designed to grow with customers as their security strategies evolve.
Complete your PAM strategy
PAM vaults protect the heart of an organization's infrastructure. Cerby protects the edges, where SaaS applications, shared logins, and service accounts define modern work.
With Vault Backup, Cerby extends enterprise PAM strategies by delivering:
- Stronger recovery paths - Prevent credential loss across your environment
- Cleaner separation of duties - Emergency access without permanent privilege escalation
- Full auditability - Visibility across the credential lifecycle, from SaaS to infrastructure
- Reduced standing privilege - Just-in-time access across teams and systems, powered by Cerby's broader access controls
This strengthens security posture where traditional PAM solutions cannot reach.
Want to learn more about securing the last mile of identity? Check out our other demos here!