CyberArk Case Studies Leading ERP Provider TOTVS Secures Workloads and Infrastructure Across Cloud Environment with CyberArk

Edit This Case Study Record

	Leading ERP Provider TOTVS Secures Workloads and Infrastructure Across Cloud Environment with CyberArk CyberArk

Leading ERP Provider TOTVS Secures Workloads and Infrastructure Across Cloud Environment with CyberArk

CyberArk

Technology Category	Cybersecurity & Privacy - Identity & Authentication Management Cybersecurity & Privacy - Network Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	Professional Service Software
Applicable Functions	Business Operation Quality Assurance
Services	Cloud Planning, Design & Implementation Services Cybersecurity Services System Integration
Challenge	As cloud vendors including AWS and Azure make clear, security in the cloud is a shared responsibility. Though these public cloud vendors take great efforts to secure the cloud infrastructure — compute, storage, etc. — their customers are fully responsible for protecting everything above the hypervisor, including the operating system, applications, data, access to external resources and other assets and infrastructure. Fully appreciating this shared responsibility model, the TOTVS Cloud security team set out to identify a security solution that could not only bolster their cyber resilience but also add value to the TOTVS Cloud by driving automation, standardization and increased efficiency. TOTVS Information Security Cloud Team conducted an in-depth technical analysis of potential solutions, ultimately selecting and deploying the market-leading CyberArk Privileged Access Manager Solution based on overall performance, resilience, health checks, high availability/disaster recovery requirements and cost. Read More
About Customer	Brazil-based TOTVS is the #1 enterprise resource planning (ERP) provider in Brazil, and one of the largest in the world, delivering intelligent and integrated technology solutions that give customers a competitive edge. Organizations in more than 41 countries trust TOTVS to integrate and manage core business processes — from finance and HR to manufacturing and supply chain management — to drive visibility and efficiency across the business. The company has a cloud platform underpinned by public cloud providers such as AWS and its own cloud that allows TOTVS customers to run their TOTVS ERP solutions in the cloud, while delivering enhanced performance, pay-as-you-go flexibility and scalability. But running IT workloads in the cloud is not without risk. As the platform’s usage skyrocketed, TOTVS sought to increase the security of its cloud assets and services, while enforcing consistent privileged access policies across the environment. Read More
Solution	The TOTVS cloud infrastructure enables new virtual servers, data stores, containers and other resources to be provisioned as needed. When each new ERP resource is initiated and launched, it is assigned corresponding, privileged credentials to facilitate programmatic requests. But these privileged credentials are unsecured, creating countless new vulnerabilities across the environment. With the CyberArk solution in place, the TOTVS team began automating the once-laborious process of provisioning new instances, securing their associated credentials and secrets in CyberArk’s centralized, encrypted Enterprise Password Vault and managing them using the principles of least privilege. Leveraging REST APIs, these privileged credentials can now be retrieved on-demand by authorized users and applications without requiring human interaction. And when the infrastructure is deprovisioned, the CyberArk solution removes its privileges automatically. To further reduce the size of the attack surface and secure assets across the cloud environment, CyberArk Privileged Session Manager acts as a gateway (or jump server) to limit RDP and SSH access, segregate and harden the network, monitor sessions and produce tamper-resistant audit logs. This enables TOTVS Cloud analysts to access customer servers without ever having direct access to passwords for customer environments. The CyberArk solution has also enabled TOTVS to eliminate hard-coded and visible applications and scripts that utilize the cloud platform’s API while providing a highly secure method for integrations between applications. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Identity & Authentication Management

Cybersecurity & Privacy - Network Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Professional Service

Software

Applicable Functions

Business Operation

Quality Assurance

Services

Cloud Planning, Design & Implementation Services

Cybersecurity Services

System Integration

Challenge

As cloud vendors including AWS and Azure make clear, security in the cloud is a shared responsibility. Though these public cloud vendors take great efforts to secure the cloud infrastructure — compute, storage, etc. — their customers are fully responsible for protecting everything above the hypervisor, including the operating system, applications, data, access to external resources and other assets and infrastructure. Fully appreciating this shared responsibility model, the TOTVS Cloud security team set out to identify a security solution that could not only bolster their cyber resilience but also add value to the TOTVS Cloud by driving automation, standardization and increased efficiency. TOTVS Information Security Cloud Team conducted an in-depth technical analysis of potential solutions, ultimately selecting and deploying the market-leading CyberArk Privileged Access Manager Solution based on overall performance, resilience, health checks, high availability/disaster recovery requirements and cost.

About Customer

Brazil-based TOTVS is the #1 enterprise resource planning (ERP) provider in Brazil, and one of the largest in the world, delivering intelligent and integrated technology solutions that give customers a competitive edge. Organizations in more than 41 countries trust TOTVS to integrate and manage core business processes — from finance and HR to manufacturing and supply chain management — to drive visibility and efficiency across the business. The company has a cloud platform underpinned by public cloud providers such as AWS and its own cloud that allows TOTVS customers to run their TOTVS ERP solutions in the cloud, while delivering enhanced performance, pay-as-you-go flexibility and scalability. But running IT workloads in the cloud is not without risk. As the platform’s usage skyrocketed, TOTVS sought to increase the security of its cloud assets and services, while enforcing consistent privileged access policies across the environment.

Solution

The TOTVS cloud infrastructure enables new virtual servers, data stores, containers and other resources to be provisioned as needed. When each new ERP resource is initiated and launched, it is assigned corresponding, privileged credentials to facilitate programmatic requests. But these privileged credentials are unsecured, creating countless new vulnerabilities across the environment. With the CyberArk solution in place, the TOTVS team began automating the once-laborious process of provisioning new instances, securing their associated credentials and secrets in CyberArk’s centralized, encrypted Enterprise Password Vault and managing them using the principles of least privilege. Leveraging REST APIs, these privileged credentials can now be retrieved on-demand by authorized users and applications without requiring human interaction. And when the infrastructure is deprovisioned, the CyberArk solution removes its privileges automatically. To further reduce the size of the attack surface and secure assets across the cloud environment, CyberArk Privileged Session Manager acts as a gateway (or jump server) to limit RDP and SSH access, segregate and harden the network, monitor sessions and produce tamper-resistant audit logs. This enables TOTVS Cloud analysts to access customer servers without ever having direct access to passwords for customer environments. The CyberArk solution has also enabled TOTVS to eliminate hard-coded and visible applications and scripts that utilize the cloud platform’s API while providing a highly secure method for integrations between applications.

Impact #1	Access to cloud instances occurs exclusively through CyberArk, resulting in consistent, robust protection and security for the privileged accounts, credentials and secrets used across this cloud environment.
Impact #2	Significantly improved workflows across the organization, maximizing operational efficiencies through end-to-end automation.
Impact #3	Simplified audits and achieved ISO 27001 compliance.

Impact #1

Access to cloud instances occurs exclusively through CyberArk, resulting in consistent, robust protection and security for the privileged accounts, credentials and secrets used across this cloud environment.

Impact #2

Significantly improved workflows across the organization, maximizing operational efficiencies through end-to-end automation.

Impact #3

Simplified audits and achieved ISO 27001 compliance.

Benefit #1	The TOTVS deployment spans more than 280 users.
Benefit #2	More than 3,000 passwords stored and continuously managed by CyberArk.

Benefit #1

The TOTVS deployment spans more than 280 users.

Benefit #2

More than 3,000 passwords stored and continuously managed by CyberArk.

Download PDF Version

Overview

Leading ERP Provider TOTVS Secures Workloads and Infrastructure Across Cloud Environment with CyberArk

Operational Impact

Quantitative Benefit