The immediate popularity of Brick forced Alfred Xing to plan a migration from the shared-hosting on which Brick originated to virtual private servers. Brick handles more than 700,000 requests each day (~37GB of traffic). In its first year, Brick has served more than 200 million requests (almost 10TB) for its exacting, WOFF-compressed copies of the original webfonts, converted without modification to various formats for a better typographical experience. Demand continues to grow. Brick serves webfonts with full metadata and without subsetting, resulting in large files (ranging from 20KB to 700KB). Consequently, Xing sought a cloud host that could satisfy three primary infrastructure criteria: high throughput, sufficient CPU power to quickly generate CSS @font-face rules on-the-fly, and a reliable network. Additionally, Brick preferred a cloud service provider that was reputable, well-known for responsive customer support, and affordable.

As an online radio service, AccuRadio faced unique infrastructure challenges due to fluctuating usage rates and the need for flexibility and constancy. Daily usage spikes during lunch and coffee-break times, and listenership varies significantly during events like March Madness and the holidays. Any obstacle preventing users from accessing their favorite channels could lead to dissatisfied users, reduced usage, and revenue loss. AccuRadio's previous infrastructure was non-customizable, inhibiting the ability to measure and interact with its audience effectively. The company needed a flexible and affordable infrastructure to launch new ideas, scale up when necessary, and manage its 1,000-plus channels efficiently. Additionally, as a small company with a dedicated but small tech team, the cloud host had to be reliable and not slow down operations.

The Onion began its online presence last century, using on-site, dedicated servers. However, having encountered system reliability, performance monitoring and application tracking challenges with this hardware, the company shifted to the cloud - and more specifically, Linode. Today, The Onion’s virtual IT infrastructure, which includes 51 Linodes, functions on internal networking between those Linodes. The vast majority of the site’s 11 million distinct monthly visitors connect through this internal networking, Linode’s facilitation of which is critical to optimizing The Onion’s performance. That performance is rooted in a content delivery network, whereby The Onion stores an abundant amount of text, images and other content on origin servers. A dual layer caching system, comprised of individual Varnish servers integrates with the CDN provider, CDNetworks, and serves content for requests from four public-facing servers. These four servers include two application servers and two origin servers that host images. Any user request for content residing on an origin server gets channeled through the Varnish server, which caches the request and also acts as a failsafe in case the origin experiences downtime. Once the Varnish server pulls the requested content in from the origin servers, the CDN and Varnish servers sustain it for 10 minutes before flushing it and refreshing the content. Consequently, the system will deliver content more quickly to subsequent requests than to initial requests. With millions of monthly visitors to The Onion websites, Sinchok’s staff must be diligent in its system monitoring and maintenance. Traffic loads are balanced by using multiple Linodes, connected via private, internal networking. Systems monitoring is done with software such as Graphite and Nagios that runs on individual SSD-powered Linodes. To ensure redundancy and data resiliency, in the event of a failure of services, The Onion frequently backs up its systems using an exclusive, proprietary, backup process. One backup is stored in a server in their Chicago office, and the other is backed up directly to AWS S3.

Businesses operating in large commercial or industrial spaces often lack insights into their water usage, leading to significant water waste through mechanical failures or operational misuse. The challenge is to monitor water usage proactively and reduce waste effectively. Apana, a technology and data analytics company, aims to address this issue by leveraging IoT platforms to capture high-resolution data and perform real-time analytics. The goal is to identify water waste as it occurs and provide actionable information to front-line staff to eliminate waste at the source. Additionally, enterprises need to determine a baseline for necessary water consumption by subtracting identifiable waste.

NIU, the world's leading smart electric scooter manufacturer, faced the challenge of ensuring the security and diagnostic health of their connected scooters. With vehicles always connected to the cloud, the company needed a reliable system to continuously collect data, monitor all deployed devices, flag any irregularities, and automatically take corrective action. Additionally, NIU aimed to optimize data usage and costs to lower the total cost of ownership for consumers.

Observant provides a cloud-based integrated farm information management platform. The company’s IoT-enabled equipment and sensors capture a variety of data–from weather and soil conditions to pump and tank levels–to help agricultural customers manage their assets and drive better results. Observant also offers a line of self-installed kits, which are especially popular with small family farms. The company credits Cisco Jasper with the success and rapid adoption of the kits and the resulting cost savings for the growers. Control Center and the API integration allow Observant to automate and streamline product onboarding and support. As Observant grows and expands its geographical reach and customer base, the company continues to rely on Cisco Jasper to scale their solutions and service offerings.

Radio Data Comms faced significant challenges with manual processes and lack of visibility into data usage. Device activation required unnecessary phone calls and emails, taking at least 24 hours, and billing irregularities took several days to manually investigate. As the company grew to around 20,000 connected devices, these manual administrative tasks became increasingly burdensome, resulting in costly overheads. The company needed a solution to automate these processes and improve efficiency.

WebWay, a company specializing in alarm signaling and remote monitoring security solutions, faced the challenge of transforming their product into a service. Initially, their business model involved building devices and having customers manage the SIMs and solutions themselves. However, they realized that bundling a SIM with the device and including management and billing services would provide additional lifetime value to their customers and a recurring stream of service revenue. Additionally, the ability to quickly diagnose device and connection problems was critical for the security industry, as alerts could indicate various issues such as intrusions or communication problems. Before implementing IoT, WebWay had limited visibility into deeper network issues, making it difficult to troubleshoot and support their customers effectively.

PiiComm, a rapidly growing Canadian company, needed a solution to manage the connectivity of various devices such as phones, computers, printers, and handheld devices. The company aimed to boost data accuracy, cut operation costs, and streamline communications for its customers. However, managing these devices, especially in terms of roaming and controlling overages, was a significant challenge. PiiComm required a platform that could automate tasks, set rules, and provide alerts to manage these devices efficiently. Additionally, the company needed to improve device activation timeframes to enhance overall customer service and create more business value for their clients.

Recent population growth and aging infrastructure in Ontario, Canada, have led municipalities to raise water rates between five to 11 percent a year. This increase in water rates is driving commercial and agricultural customers to consider more efficient water use and promote sustainable practices. SMART Watering Systems (SWS) faced challenges in managing irrigation systems due to reliance on slow, unreliable radio channels for communication. Up-to-date information about customers’ water consumption was not readily available, and diagnosing problems within the irrigation system was difficult.

Prior to implementing Control Center, Mtrex relied on network operators to manually distribute devices and manage connectivity—a complex and time-consuming process for both Mtrex and its partners. The company needed a solution that would act as a single layer to manage connectivity across devices, multiple data centers, and various partners’ wireless networks. This manual process was not only inefficient but also led to delays and increased operational costs. Mtrex recognized the need for a more streamlined and automated approach to manage their growing customer base and the increasing complexity of IoT deployments.

To improve services, reduce costs, and increase business efficiency, a digital transformation initiative was launched that embraced a cloud-first, mobile-first strategy. Previously outsourced services were brought in-house, and most infrastructure was transferred to a multi-cloud environment using Microsoft Azure and AWS. As the IT team expanded from seven to over 140 employees, ensuring the security of this increasingly complex environment became a priority. A three-year strategic roadmap was put in place to focus on improving identity governance, administration, and privileged account management. The company needed a solution that went beyond traditional password vaults to address operational efficiency and end-user experience.

The organization was facing challenges in managing its privileged accounts in a complex and growing environment, especially as it moved into the cloud. Previously, the infrastructure management was chaotic, with sysadmins having excessive privileges and access to everything all the time. This lack of control and auditing posed significant security risks and inefficiencies.

Appen was using Active Directory as a central location for managing user access and privileges, but the process was manual and time-consuming. The inability to manage identities and privileges at scale was impacting every department, reducing their overall effectiveness and potentially impacting security. Appen needed an effective, secure, and easy way to automate access controls. Additionally, Appen's systems and processes are subject to regular audits to comply with customer and regulatory requirements, necessitating easier access to user data and the ability to securely manage user privileges across their environment.

One of Rockwell Automation’s most important IT priorities was to proactively identify the privileged access risk while ensuring that all accounts complied with regular but flexible password policies. With multiple employees, servers, privileged accounts and password policies established across their platforms, standardization and control would be imperative to ensuring that Rockwell identified and mitigated the risks associated with unmanaged privileged accounts. The company sought a solution to enforce and automate role-based privileged access control and policies in order to secure accounts, mitigate password vulnerabilities and support audit and compliance requirements such as those defined within Cobit’s DS5.4 User Account Management. Moreover, reflective of Rockwell’s process-oriented business, the company required detailed access to metrics that demonstrated the extent of privilege access vulnerabilities, including any risks associated with unmanaged accounts and administrative rights.

As a large communications services company, BT's infrastructure is complex and vast, spanning numerous business units and geographical regions. BT had several point solutions in place to manage privileged access and identities but found that these solutions were inconsistent and did not scale well to meet its requirements. Following a significant internal report, BT decided to improve its existing architecture and extend its security of privileged access to the enterprise. The company wanted a single solution, standardized across the global organization, that could be scaled up easily as required. This solution would complement BT's existing portfolio of managed security services, providing its rapidly expanding customer base with privileged access management to help them better meet compliance requirements.

CDW, a leading provider of technology solutions and services, faced challenges in managing and storing system passwords and user credentials to meet audit and compliance requirements. With a growing managed services business, CDW needed a solution to handle credentials for accessing remote systems at customer sites and systems under a hosting model. The manual process of generating and managing credentials was time-consuming and inefficient, requiring a more automated and secure approach.

As one of the largest telecommunications providers in France, Bouygues Telecom is entrusted with vast quantities of sensitive customer data and is conscious of its duty to protect this information. Prior to the deployment of CyberArk solutions, Bouygues Telecom had two custom-built in-house systems in place to manage their privileged accounts, including one repository through which the company stored and managed internal passwords. However, both custom-built systems were becoming outdated and would have been extremely costly to overhaul. Crucially, the existing models were also unable to deliver the level of security and scalability necessary to meet the company’s growing needs. As a result, Bouygues Telecom looked to vendor solutions in a bid to better secure and manage the large number of privileged credentials existing in the corporate network.

The information that is handled by Clearstream on a daily basis is extremely sensitive. In order to address security concerns surrounding this, Clearstream initially needed to automate its manual administrator password management process to control access to privileged accounts based on pre-defined security policies. As the connection and transfer of data was regularly password protected, Clearstream required a more mature, professional solution to manage and control its passwords to ensure that corporate and customer information was appropriately protected. Strong authentication, information integrity and encryption were also essential so that only the right people had access to the right information and that this access could be adequately tracked, logged and monitored. In order to satisfy auditors as regulations continue to evolve, Clearstream sought a forward thinking solution that offered a clear overview of administrator activity and that could facilitate secure storage of this information in logs. Due to auditors having to adhere to extremely strict and tight timelines, Clearstream needed a solution that could quickly and accurately deliver the information required. This is a constant regulatory requirement and Clearstream wanted to work with a technology partner that could continue to evolve with the company to meet these needs.

Financial services companies deal with highly sensitive information on a day-to-day basis, with customer and corporate data at the heart of routine operations. These businesses operate in not only one of the most competitive industries, but also one of the most tightly regulated sectors in the world. Rabobank prides itself on being a market-leader and as such not only adheres to industry regulations, but imposes strict security policies and procedures on itself to ensure watertight security across all of its operations. Following an internal review of its systems, Rabobank International, Rabobank Group’s wholesale banking and international retail banking division, saw a major opportunity to update and improve security procedures, as well as its operational efficiency, by replacing its existing manual process for managing passwords. Rabobank International sought a security solution that could remove the physical labour of managing highly privileged passwords manually, while simultaneously augmenting its operational efficiency – reducing costs and boosting productivity – and dramatically improving security standards.

As an IT service provider to the banking industry, IT security is a top priority for Fiducia. Fiducia continuously strives to enhance the protection it provides its customers and their data, and as such, turned its focus to privileged password and account management. With a highly complex, heterogeneous data center environment consisting of more than 10,000 UNIX and Windows servers, five IBM mainframes, some 400 databases and 1,500 network components, Fiducia had more than 20,000 privileged accounts that needed to be secured and managed. Previously, Fiducia employees managed all of these privileged accounts and identities manually. To reduce the time and effort and risk involved in managing privileged accounts, Fiducia decided to introduce an automated password management system. The system needed to be easy to implement and integrate with the existing complex system environment while offering high reliability and absolute data security. Requirements included a secure central password repository, 24/7 application availability, access to stored passwords in a disaster scenario, logical and physical access protection, end-to-end monitoring, full traceability of all activities and rapid recovery in an emergency.

National Gypsum faced significant security and compliance challenges due to the lack of management and monitoring of privileged accounts. The company used a single 'domain admin' level account across all applications and servers, with poorly documented and infrequently changed passwords. This created substantial database vulnerabilities and compliance weaknesses. The CFO and controller demanded that IT pass audits related to access control, but the existing setup posed a high risk of security breaches. Recovery from a serious security compromise could be devastating, as changing compromised account passwords would break the systems where they were embedded.

Finansbank faced daunting IT security and compliance challenges associated with its highly manual, time-consuming approach to managing privileged passwords to its core banking systems. There was one dedicated password for each server and each device in the network. All passwords were stored in approximately 200 separate paper envelopes in a physical vault. If anyone needed access to an application, server, or necessary system, password requests were processed through a service center and issued by hand by the IT team. If there was ever a server crash or the need for a password to be accessed immediately, as in a break-glass scenario, it could take more than 30 minutes just to get the right envelope. Additionally, password inventory was stored in an Excel file, audit reports were limited, and the process for manually resetting passwords after each use wasn’t efficient. The manually-intensive approach to password management was impeding the bank’s ability to scale operationally, it was difficult to manage power users, and meeting audit and compliance requirements put a serious strain on resources.

As one of the largest pediatric medical centers in the United States, Boston Children’s Hospital offers a complete range of health care services for children from birth through 21 years of age. To support this world-class medical center, the hospital’s IT department has created state-of-the-art work and patient care environments to support the evolution and practice of the world’s most advanced and compassionate pediatric care, most sophisticated research, and high-level teaching and training. Like many large organizations, Boston Children’s Hospital needed to find a way to automatically administer and protect the most powerful identities in the company – the privileged accounts and administrator passwords. They allow access to a wealth of sensitive data and powerful systems within the hospital and must be managed very carefully. Sharing administrator privileges or allowing people to jot down passwords on sticky notes was simply unacceptable. The hospital wanted a way to not only protect the identities against unauthorized use, but streamline the process of issuing and revoking special privileges and rights. Previously, it was difficult to keep track of not only who had been issued a privileged password, but it was impossible to determine who was using them, when and what they were accessing. In an IT environment involving children’s patient information, it was critical to be able to have greater visibility into the use of powerful system accounts.

With $21.4 billion in annual sales, AstraZeneca is one of the top five pharmaceutical and health care services providers in the world. The pharmaceutical industry is highly competitive and regulated. In 2004, AstraZeneca invested $3.8 billion into new drug research and development, employing 11,900 people dedicated to this task. The company needed a secure and manageable way to collaborate internally and with external partners. Previously, AstraZeneca used an in-house secure collaborative application requiring a VPN client on each user’s system, which proved to be a high-management burden. Frequent help-desk calls and firewall adjustments were common issues. AstraZeneca needed a seamless, web-based solution with no setup overhead or firewall concerns.

Members of McKesson’s legal department need to frequently exchange sensitive documents that contain financial data, intellectual property, and information about pending lawsuits. The information within these documents is typically highly sensitive and regulated. As such, the legal team needs to be sure that their documents are safe from unauthorized access and securely stored in a way that is compliant with industry regulations and standards. When the legal team began searching for a file sharing and storage solution, they required a system that would protect their most sensitive information from unauthorized access and that would meet compliance guidelines out-of-the-box. Specifically, the team needed a solution that offered granular access controls and enabled administrators to audit access to files without having access to the files themselves. After evaluating the options available, the legal team selected the CyberArk Sensitive Information Management Solution.

FS moved its data center off-premise to the cloud, so there was an opportunity to strategically build the security infrastructure up front to manage more than 300 machines on AWS. Each of the servers has its own SSH key and a local user for development. Multiple people need to connect to the servers all the time. Managing the security of these privileged accounts was a complex and complicated endeavor. Also, the company wanted to have a system in place to track all changes to ensure each was approved for deployment and documented for long term analysis and audit. Having proactive security measures in place to mitigate risks associated with privileged accounts was not only important to the IT team supporting a growing business, but it was also a priority for the CEO who understands the business benefits of protecting digital assets.

Protecting the privacy and security of data is a top priority. The company’s highly diverse IT environment runs multiple Windows platforms, and more than 85% of end users had administrative rights to their machines which was a security risk. To reduce the attack surface, the company was compelled to rewrite IT security policies in support of removing administrative rights from business users on endpoints. Ultimately, the goal was to implement the new IT security policies with the least disruption to and resistance from end users, while doing so in the most cost effective way possible. Due to the company’s IT environment and the applications supported, it was critical to have the ability to define a specific application to run with elevated rights without having to give the same rights to child processes.

One of Canada’s leading institutional fund managers faced significant risks from potential insider threats. With over $200 billion in assets, the company needed to protect against both external and internal cyber attacks. The primary concern was the abuse of privileged accounts, which could allow malicious insiders to move freely and undetected within the network. The company had hundreds or thousands of privileged accounts that were unknown, unmanaged, or unsecured, posing a critical vulnerability. The challenge was to identify and secure all privileged accounts to mitigate the risk of insider threats.

For this global communications company, Pass-the-Hash attacks posed an immediate and troubling challenge. While the company was able to identify the existence of these types of attacks before a serious breach occurred (evidence of password theft and password cracking was clear and eminent), they struggled with the unique nature of a stolen hash. As a first step, the IT team opted to restrict access to their admin and privileged accounts by issuing Smart Cards. Unfortunately, this did not solve the problem, as vulnerabilities persisted within these Smart Card-enabled accounts. Smart Cards, which are touted to prevent credential theft through multifactor authentication, actually exacerbate the problem. With Smart Cards, the passwords associated with each privileged account, by default, never expire and are never changed again. As a result, once the hash is stolen, the attacker can exploit it in perpetuity. To truly combat Pass-the-Hash attacks against Smart Card-enabled admin accounts, the organization would need to deploy a custom solution that ensures admin and privileged passwords are automatically changed with some frequency to proactively protect against stolen credentials and abuse.