CyberArk Case Studies Leading Insurance Company Uses CyberArk to Secure Mission-Critical Applications

Edit This Case Study Record

	Leading Insurance Company Uses CyberArk to Secure Mission-Critical Applications CyberArk

Leading Insurance Company Uses CyberArk to Secure Mission-Critical Applications

CyberArk

Technology Category	Application Infrastructure & Middleware - API Integration & Management Application Infrastructure & Middleware - Data Exchange & Integration Application Infrastructure & Middleware - Middleware, SDKs & Libraries
Applicable Functions	Business Operation Quality Assurance
Use Cases	Cybersecurity Predictive Maintenance Remote Asset Management
Services	Software Design & Engineering Services System Integration
Challenge	The insurance company wanted to use DevOps methodologies and containerize thousands of applications to increase business agility, eliminate inefficiencies, and accelerate the pace of innovation. Containerized applications use secrets such as passwords, tokens, and SSH keys to gain access to sensitive enterprise resources such as databases, web applications, compute, storage, and networking services. The security team recognized that in some other organizations, out of expediency, developers have hardcoded secrets, access keys, and other sensitive credentials into applications. Hardcoded credentials are not only challenging to rotate but also potentially expose the business to data theft and malicious attacks. The insurer’s information security organization wanted to ensure credentials were removed from code to reduce potential vulnerabilities, such as inadvertently exposing secrets in the code stored on repositories. A key priority was to ensure applications can securely access databases and other sensitive resources without impairing developer productivity or hindering application delivery. Read More
About Customer	The customer is a major North American insurance company with annual revenue exceeding $25 billion and more than 25,000 employees. The company is a leader in the insurance industry and is focused on accelerating its digital transformation to enhance business agility and innovation. The insurer has a significant number of mission-critical applications running on Red Hat OpenShift and is committed to securing these applications using advanced secrets management solutions. The company aims to leverage DevOps methodologies and containerization to improve efficiency and reduce time to market for new services. With a strong emphasis on security, the insurer seeks to mitigate risks associated with hardcoded credentials and ensure secure access to sensitive resources across its hybrid and cloud environments. Read More
Solution	The insurance company selected CyberArk Application Access Manager Dynamic Access Provider to secure its Red Hat OpenShift-based applications and CI/CD tools. The CyberArk solution is specifically architected for containerized and DevOps environments, allowing the company to efficiently secure, rotate, audit, and manage secrets and other credentials at scale, based on policy. A long-time CyberArk customer, the insurance company was well-versed in the advantages of the CyberArk Application Access Manager solution. By deploying CyberArk’s secrets management solution, the company also extends its previous CyberArk investments by providing a common digital vault and single point of control for credentials used by traditional and containerized applications, as well as by developers, test engineers, system admins, and other personnel. The company implemented a self-service framework using the ServiceNow IT Service Management platform as a front-end. This integration provides developers with a self-service solution, helping the company accelerate its digital transformation while strengthening security. The solution helps the insurer accelerate time-to-market, reduce risk, and free up development resources to focus on core functionality. With Application Access Manager, containerized applications gain secure access to Oracle, DB2, and MS SQL Server databases under the policies and guidelines established by the corporate security organization. Read More Log in to view content
Contents

Technology Category

Application Infrastructure & Middleware - API Integration & Management

Application Infrastructure & Middleware - Data Exchange & Integration

Application Infrastructure & Middleware - Middleware, SDKs & Libraries

Applicable Functions

Business Operation

Quality Assurance

Use Cases

Cybersecurity

Predictive Maintenance

Remote Asset Management

Services

Software Design & Engineering Services

System Integration

Challenge

The insurance company wanted to use DevOps methodologies and containerize thousands of applications to increase business agility, eliminate inefficiencies, and accelerate the pace of innovation. Containerized applications use secrets such as passwords, tokens, and SSH keys to gain access to sensitive enterprise resources such as databases, web applications, compute, storage, and networking services. The security team recognized that in some other organizations, out of expediency, developers have hardcoded secrets, access keys, and other sensitive credentials into applications. Hardcoded credentials are not only challenging to rotate but also potentially expose the business to data theft and malicious attacks. The insurer’s information security organization wanted to ensure credentials were removed from code to reduce potential vulnerabilities, such as inadvertently exposing secrets in the code stored on repositories. A key priority was to ensure applications can securely access databases and other sensitive resources without impairing developer productivity or hindering application delivery.

About Customer

The customer is a major North American insurance company with annual revenue exceeding $25 billion and more than 25,000 employees. The company is a leader in the insurance industry and is focused on accelerating its digital transformation to enhance business agility and innovation. The insurer has a significant number of mission-critical applications running on Red Hat OpenShift and is committed to securing these applications using advanced secrets management solutions. The company aims to leverage DevOps methodologies and containerization to improve efficiency and reduce time to market for new services. With a strong emphasis on security, the insurer seeks to mitigate risks associated with hardcoded credentials and ensure secure access to sensitive resources across its hybrid and cloud environments.

Solution

The insurance company selected CyberArk Application Access Manager Dynamic Access Provider to secure its Red Hat OpenShift-based applications and CI/CD tools. The CyberArk solution is specifically architected for containerized and DevOps environments, allowing the company to efficiently secure, rotate, audit, and manage secrets and other credentials at scale, based on policy. A long-time CyberArk customer, the insurance company was well-versed in the advantages of the CyberArk Application Access Manager solution. By deploying CyberArk’s secrets management solution, the company also extends its previous CyberArk investments by providing a common digital vault and single point of control for credentials used by traditional and containerized applications, as well as by developers, test engineers, system admins, and other personnel. The company implemented a self-service framework using the ServiceNow IT Service Management platform as a front-end. This integration provides developers with a self-service solution, helping the company accelerate its digital transformation while strengthening security. The solution helps the insurer accelerate time-to-market, reduce risk, and free up development resources to focus on core functionality. With Application Access Manager, containerized applications gain secure access to Oracle, DB2, and MS SQL Server databases under the policies and guidelines established by the corporate security organization.

Impact #1	Accelerated the business’s digital transformation by centrally managing secrets for applications migrated from on-premise to containerized and cloud environments.
Impact #2	Reduced development cycle by simplifying how developers enable applications to securely access databases and other sensitive resources.
Impact #3	Improved security by natively authenticating and then providing containerized applications with the secrets they require to access databases and other resources.

Impact #1

Accelerated the business’s digital transformation by centrally managing secrets for applications migrated from on-premise to containerized and cloud environments.

Impact #2

Reduced development cycle by simplifying how developers enable applications to securely access databases and other sensitive resources.

Impact #3

Improved security by natively authenticating and then providing containerized applications with the secrets they require to access databases and other resources.

Benefit #1	Achieved migration plan of securely providing applications with 1+ million secrets per day.

Benefit #1

Achieved migration plan of securely providing applications with 1+ million secrets per day.

Download PDF Version

Overview

Leading Insurance Company Uses CyberArk to Secure Mission-Critical Applications

Operational Impact

Quantitative Benefit