While digitization is increasing efficiency and significantly growing customer engagement, it also comes with several challenges, not least being the growing risk of cyberattacks.This led the company’s Australian, Pacific and Indonesian operations (CCEP API) to create a three-year roadmap for developing and implementing enhanced security measures. A key element of the plan has been to improve existing privileged access management processes and gain heightened oversight and control over the use of elevated credentials.

Capcom, a leading worldwide developer, publisher, and distributor of interactive entertainment, faced a significant challenge in improving its security measures. The company's game business, known for its advanced technological development capabilities, develops its own game engine based on fundamental technology. This proprietary technology approach has positioned Capcom as a leader in the game industry. However, the game development department handles vital data assets using a dedicated development environment for each project, which necessitates stringent security measures and compliance with laws and regulations of each country and region. Capcom had been focusing on strengthening security measures, but to work on more advanced measures and higher levels of protection, a dedicated Development Security Task Force was established. The task force began studying the introduction of technologies and mechanisms to protect valuable information assets.

The Court of Justice of the State of Amapá, a judicial body in Brazil, was faced with the challenge of updating and streamlining its justice system in the face of unpredictable, complex, and urgent cybersecurity threats. The Brazilian Superior Court of Justice had previously been a target of a ransomware attack, which halted operations for a week and affected up to 12,000 pending lawsuits. In response to these threats, Brazil’s National Council of Justice launched ‘Justice 4.0,’ a package of reforms designed to modernize the justice system by adopting technology to improve access, transparency, and speed. This required each state judiciary to implement an identity security and management system. The Court of Justice, Amapá, needed to boost its safety procedures, particularly Identity Security, to meet these compliance demands and to better match larger business and market trends. The shift to remote work during the COVID-19 pandemic further highlighted the need for a strong identity management solution.

Gamania Group, a Taiwanese conglomerate with businesses in online gaming, e-commerce, e-payment services, and IT, was facing a significant cybersecurity challenge. With over 10 million registered members worldwide, the group was a prime target for hackers and ransomware attacks. The group's flagship business, Gamania, a mobile games publisher, was particularly vulnerable due to the nature of its operations. The company manages one of the world's most famous massive multiplayer online role-playing games, MapleStory, which attracts a diverse range of participants, including malicious individuals intent on causing damage or seeking to extract money from the business and its customers. Other businesses in the group, such as the GASH Mall online payment system and GAMA PAY payment-payment service, were also prime targets for cyberattacks. Aware of the high-level threat it faced, Gamania Group set out to build a modern and robust cybersecurity defense strategy.

Federated Insurance, a national insurance business based in Owatonna, Minnesota, was facing challenges in managing cybersecurity risks, particularly in the area of privileged access management and identity protection. The company was aware of the growing threat of cyberattacks, especially for organizations in the financial sector. A few years ago, the company reviewed its cybersecurity capability and realized that it could be improved. The company found that most passwords were written down somewhere or linked to user IDs, which posed a significant security risk. The company wanted to make privileged accounts easier to manage so people did not have to keep remembering long passwords or write them down. Additionally, the company was aware that regulations and insurance standards around cybersecurity were getting tougher, so it needed more robust privileged access and identity protection.

Garanti BBVA, Turkey’s second-largest private bank, faced a significant challenge in securing its privileged accounts and identities used in its DevOps and cloud environments. With a broad attack surface due to its extensive business lines and 18,000 employees, the bank needed to protect against the theft of privileged credentials. The bank also had to ensure compliance with stringent data security regulations within both the Turkish and global financial sectors. As one of the pioneers of internet banking in Turkey, Garanti BBVA was pushing forward its digital transformation journey, which increased its in-house development operations (DevOps) to improve application and service delivery. This transformation resulted in a need for more robust security tools.

Healthfirst, the largest not-for-profit health insurer in New York State, faced a significant challenge in evolving its cybersecurity operations. With a rapidly growing member base of 1.8 million and an increasingly complex healthcare landscape, the organization needed a robust cybersecurity program. Healthfirst holds a comprehensive database of member-related information, including enrollment, billing, customer care, payments, processing claims, and health data. The protection of these highly sensitive healthcare records and identities of members and staff was paramount. The organization had adopted a cloud-first strategy, with approximately 70% of systems and applications now cloud-based and 10,000 endpoints, 70% of which are remote. This required a sophisticated and robust security solution. The organization aimed to transform the industry by digitally enabling its members, which included heavy investment in digital apps, virtual community-based offices, and mobile solutions.

Kainos, a UK-based digital technology company, faced a significant challenge in securing sensitive data across its global workforce. With over 3,000 employees in 22 countries, the company had to ensure secure remote work and client location operations. The company's employees had the freedom to choose, download, and install applications, which, while convenient, posed a security risk. An audit revealed that there were 50,000 different applications in use globally. The company also faced constant threats like phishing, fake Office 365 password reset scams, and LinkedIn targeting for new starters. The challenge was to enhance security without hindering the work of different user groups, including developers, business staff, and senior executives, who required varying access rights.

Maximus, a global government services company, was in the process of implementing a digital transformation strategy to improve program efficiency, work smarter, and drive productivity and quality. A key part of this strategy was the transition to a cloud-first enterprise through the migration of key systems and applications to the cloud. This change provided an opportunity to rethink and strengthen the company's approach to privileged access management (PAM) across the organization. However, the existing PAM solution that had been selected for Maximus' legacy environment required a lot of customization, had limited integration capabilities, and could not handle complex use cases. The challenge was to create widespread improvements across the $3.4 billion corporation with only a modest-sized team and limited resources.

o9 Solutions, a leading AI-powered planning, analytics and data platform provider, faced a significant challenge in ensuring the security of its Fortune 500 customers' data. The company delivers its services via a multi-tenant cloud environment based on AWS, Azure and Google, making identity protection and management crucial to access control. However, as cyber threats became more widespread and sophisticated, the visibility of identity and threats became poor and disconnected. There was no centralized way to monitor and control the various cloud environments the company used. The company needed to develop a more robust and effective Privileged Access Management (PAM) capability to match or exceed the cybersecurity and corporate governance strategies of its large, global customers. The customers needed reassurance about how o9 Solutions managed and controlled access to their data and the environment.

Pacific Dental Services (PDS), a leading dental support organization, was faced with the challenge of managing and controlling a large number of privileged accounts, passwords, and mobile devices across its geographically dispersed teams. The company supports over 900 dental practices and is responsible for protecting the personal and sensitive healthcare information of dentists and their patients across the U.S. PDS team members had access to approximately 20,000 clinical service websites, and passwords for these sites were recorded on an intranet-hosted spreadsheet, leading to security issues and chaos. Additionally, PDS manages over 5,000 laptops and mobile devices for team members based at their National Support Offices and a good number of remote/mobile team members. Admin rights were being granted, often for basic things like installing a web camera or updating a driver. However, these admin accounts would stay with the device, sometimes for years, posing a security risk. PDS needed a better way to monitor and manage user access across this environment.

A leading European bank, serving over ten million customers, was looking to enhance its digital banking services with Kubernetes and cloud-native computing environments. However, with the increased digitization of services, security became a paramount concern for the bank’s stakeholders and clients. As the bank initiated its journey to the cloud, it adopted a variety of cloud-based technologies to rapidly address and respond to new business needs, such as providing customers with secure home banking services and secure apps for mobile phones. The bank realized that adopting cloud and related open-source technologies came with a price in terms of management and security constraints. One of the most critical aspects of the cloud journey was how to properly manage identities and secrets (privileged credentials or grants) across different cloud services. Managing secrets across different cloud and hybrid services are typically a pain point in every organization’s cloud journey.

Svensk Travsport, the governing body for Swedish trotting, was facing a high number of cyberattacks on its sensitive data. The data included information about races, transactions related to horses, rider and horse performance, history of wins, and horse pedigrees. This data was used by owners, trainers, and the public to make investment, training, and betting decisions, making it a prime target for cyberattacks. In addition to this, the organization had to comply with constantly changing regulations such as GDPR. The data also included information on staff and around 15,000 external members such as riders, owners, and breeders. The cybersecurity landscape was also changing, with a shift from on-premises to the cloud, requiring a different protection approach. The organization aimed to achieve a high level of assurance for data and stakeholder protection while making access to data and applications easy for users.

Tribunal Regional do Trabalho da 8ª Região (TRT8), a judiciary body in Northern Brazil, was facing a surge in cyber attacks, a situation that was particularly concerning given the sensitive nature of the data they handle. The organization had recently digitized its court case management system, making all information related to court procedures, including highly sensitive personal information about individuals involved in employment disputes, digital. Despite having a robust security strategy, TRT8 had little control over users and passwords with access to this information, and privileged access was decentralized. Enforcing security information policies such as regularly changing and updating passwords was a manual and time-consuming process. Endpoint protection relied on a basic anti-virus tool, leaving the organization vulnerable to viruses or malicious attacks that could disseminate throughout the network and harm court operations.

Turkcell, a leading digital operator in Turkey, faced a significant challenge in protecting its 40 million customers, 300,000 network devices, and 40,000 employee and partner identities across Turkey, Ukraine, Belarus, and Northern Cyprus. As the largest telco in Turkey, Turkcell offers a wide range of services, making cybersecurity a critical business operation. The company has won several awards for its digital security products and plays a key role in the Turkish cybersecurity industry. However, the company's aggressive digital transformation path, which includes new digital services such as instant messaging, TV and music platforms, personal cloud services, search engine, and email services, increased its attack space. The COVID-19 pandemic further complicated matters as most staff began to work remotely, potentially exposing Turkcell to new, unforeseen risks. A risk assessment initiative highlighted a potential vulnerability in Windows servers, prompting the company to seek a robust security solution.

To improve services, reduce costs, and increase business efficiency, a digital transformation initiative was launched that embraced a cloud-first, mobile-first strategy. Previously outsourced services were brought in-house, and most infrastructure was transferred to a multi-cloud environment using Microsoft Azure and AWS. As the IT team expanded from seven to over 140 employees, ensuring the security of this increasingly complex environment became a priority. A three-year strategic roadmap was put in place to focus on improving identity governance, administration, and privileged account management. The company needed a solution that went beyond traditional password vaults to address operational efficiency and end-user experience.

The organization was facing challenges in managing its privileged accounts in a complex and growing environment, especially as it moved into the cloud. Previously, the infrastructure management was chaotic, with sysadmins having excessive privileges and access to everything all the time. This lack of control and auditing posed significant security risks and inefficiencies.

Appen was using Active Directory as a central location for managing user access and privileges, but the process was manual and time-consuming. The inability to manage identities and privileges at scale was impacting every department, reducing their overall effectiveness and potentially impacting security. Appen needed an effective, secure, and easy way to automate access controls. Additionally, Appen's systems and processes are subject to regular audits to comply with customer and regulatory requirements, necessitating easier access to user data and the ability to securely manage user privileges across their environment.

One of Rockwell Automation’s most important IT priorities was to proactively identify the privileged access risk while ensuring that all accounts complied with regular but flexible password policies. With multiple employees, servers, privileged accounts and password policies established across their platforms, standardization and control would be imperative to ensuring that Rockwell identified and mitigated the risks associated with unmanaged privileged accounts. The company sought a solution to enforce and automate role-based privileged access control and policies in order to secure accounts, mitigate password vulnerabilities and support audit and compliance requirements such as those defined within Cobit’s DS5.4 User Account Management. Moreover, reflective of Rockwell’s process-oriented business, the company required detailed access to metrics that demonstrated the extent of privilege access vulnerabilities, including any risks associated with unmanaged accounts and administrative rights.

As a large communications services company, BT's infrastructure is complex and vast, spanning numerous business units and geographical regions. BT had several point solutions in place to manage privileged access and identities but found that these solutions were inconsistent and did not scale well to meet its requirements. Following a significant internal report, BT decided to improve its existing architecture and extend its security of privileged access to the enterprise. The company wanted a single solution, standardized across the global organization, that could be scaled up easily as required. This solution would complement BT's existing portfolio of managed security services, providing its rapidly expanding customer base with privileged access management to help them better meet compliance requirements.

CDW, a leading provider of technology solutions and services, faced challenges in managing and storing system passwords and user credentials to meet audit and compliance requirements. With a growing managed services business, CDW needed a solution to handle credentials for accessing remote systems at customer sites and systems under a hosting model. The manual process of generating and managing credentials was time-consuming and inefficient, requiring a more automated and secure approach.

As one of the largest telecommunications providers in France, Bouygues Telecom is entrusted with vast quantities of sensitive customer data and is conscious of its duty to protect this information. Prior to the deployment of CyberArk solutions, Bouygues Telecom had two custom-built in-house systems in place to manage their privileged accounts, including one repository through which the company stored and managed internal passwords. However, both custom-built systems were becoming outdated and would have been extremely costly to overhaul. Crucially, the existing models were also unable to deliver the level of security and scalability necessary to meet the company’s growing needs. As a result, Bouygues Telecom looked to vendor solutions in a bid to better secure and manage the large number of privileged credentials existing in the corporate network.

The information that is handled by Clearstream on a daily basis is extremely sensitive. In order to address security concerns surrounding this, Clearstream initially needed to automate its manual administrator password management process to control access to privileged accounts based on pre-defined security policies. As the connection and transfer of data was regularly password protected, Clearstream required a more mature, professional solution to manage and control its passwords to ensure that corporate and customer information was appropriately protected. Strong authentication, information integrity and encryption were also essential so that only the right people had access to the right information and that this access could be adequately tracked, logged and monitored. In order to satisfy auditors as regulations continue to evolve, Clearstream sought a forward thinking solution that offered a clear overview of administrator activity and that could facilitate secure storage of this information in logs. Due to auditors having to adhere to extremely strict and tight timelines, Clearstream needed a solution that could quickly and accurately deliver the information required. This is a constant regulatory requirement and Clearstream wanted to work with a technology partner that could continue to evolve with the company to meet these needs.

Financial services companies deal with highly sensitive information on a day-to-day basis, with customer and corporate data at the heart of routine operations. These businesses operate in not only one of the most competitive industries, but also one of the most tightly regulated sectors in the world. Rabobank prides itself on being a market-leader and as such not only adheres to industry regulations, but imposes strict security policies and procedures on itself to ensure watertight security across all of its operations. Following an internal review of its systems, Rabobank International, Rabobank Group’s wholesale banking and international retail banking division, saw a major opportunity to update and improve security procedures, as well as its operational efficiency, by replacing its existing manual process for managing passwords. Rabobank International sought a security solution that could remove the physical labour of managing highly privileged passwords manually, while simultaneously augmenting its operational efficiency – reducing costs and boosting productivity – and dramatically improving security standards.

As an IT service provider to the banking industry, IT security is a top priority for Fiducia. Fiducia continuously strives to enhance the protection it provides its customers and their data, and as such, turned its focus to privileged password and account management. With a highly complex, heterogeneous data center environment consisting of more than 10,000 UNIX and Windows servers, five IBM mainframes, some 400 databases and 1,500 network components, Fiducia had more than 20,000 privileged accounts that needed to be secured and managed. Previously, Fiducia employees managed all of these privileged accounts and identities manually. To reduce the time and effort and risk involved in managing privileged accounts, Fiducia decided to introduce an automated password management system. The system needed to be easy to implement and integrate with the existing complex system environment while offering high reliability and absolute data security. Requirements included a secure central password repository, 24/7 application availability, access to stored passwords in a disaster scenario, logical and physical access protection, end-to-end monitoring, full traceability of all activities and rapid recovery in an emergency.

National Gypsum faced significant security and compliance challenges due to the lack of management and monitoring of privileged accounts. The company used a single 'domain admin' level account across all applications and servers, with poorly documented and infrequently changed passwords. This created substantial database vulnerabilities and compliance weaknesses. The CFO and controller demanded that IT pass audits related to access control, but the existing setup posed a high risk of security breaches. Recovery from a serious security compromise could be devastating, as changing compromised account passwords would break the systems where they were embedded.

Finansbank faced daunting IT security and compliance challenges associated with its highly manual, time-consuming approach to managing privileged passwords to its core banking systems. There was one dedicated password for each server and each device in the network. All passwords were stored in approximately 200 separate paper envelopes in a physical vault. If anyone needed access to an application, server, or necessary system, password requests were processed through a service center and issued by hand by the IT team. If there was ever a server crash or the need for a password to be accessed immediately, as in a break-glass scenario, it could take more than 30 minutes just to get the right envelope. Additionally, password inventory was stored in an Excel file, audit reports were limited, and the process for manually resetting passwords after each use wasn’t efficient. The manually-intensive approach to password management was impeding the bank’s ability to scale operationally, it was difficult to manage power users, and meeting audit and compliance requirements put a serious strain on resources.

As one of the largest pediatric medical centers in the United States, Boston Children’s Hospital offers a complete range of health care services for children from birth through 21 years of age. To support this world-class medical center, the hospital’s IT department has created state-of-the-art work and patient care environments to support the evolution and practice of the world’s most advanced and compassionate pediatric care, most sophisticated research, and high-level teaching and training. Like many large organizations, Boston Children’s Hospital needed to find a way to automatically administer and protect the most powerful identities in the company – the privileged accounts and administrator passwords. They allow access to a wealth of sensitive data and powerful systems within the hospital and must be managed very carefully. Sharing administrator privileges or allowing people to jot down passwords on sticky notes was simply unacceptable. The hospital wanted a way to not only protect the identities against unauthorized use, but streamline the process of issuing and revoking special privileges and rights. Previously, it was difficult to keep track of not only who had been issued a privileged password, but it was impossible to determine who was using them, when and what they were accessing. In an IT environment involving children’s patient information, it was critical to be able to have greater visibility into the use of powerful system accounts.

With $21.4 billion in annual sales, AstraZeneca is one of the top five pharmaceutical and health care services providers in the world. The pharmaceutical industry is highly competitive and regulated. In 2004, AstraZeneca invested $3.8 billion into new drug research and development, employing 11,900 people dedicated to this task. The company needed a secure and manageable way to collaborate internally and with external partners. Previously, AstraZeneca used an in-house secure collaborative application requiring a VPN client on each user’s system, which proved to be a high-management burden. Frequent help-desk calls and firewall adjustments were common issues. AstraZeneca needed a seamless, web-based solution with no setup overhead or firewall concerns.

Members of McKesson’s legal department need to frequently exchange sensitive documents that contain financial data, intellectual property, and information about pending lawsuits. The information within these documents is typically highly sensitive and regulated. As such, the legal team needs to be sure that their documents are safe from unauthorized access and securely stored in a way that is compliant with industry regulations and standards. When the legal team began searching for a file sharing and storage solution, they required a system that would protect their most sensitive information from unauthorized access and that would meet compliance guidelines out-of-the-box. Specifically, the team needed a solution that offered granular access controls and enabled administrators to audit access to files without having access to the files themselves. After evaluating the options available, the legal team selected the CyberArk Sensitive Information Management Solution.