X

The airline has a robust e-commerce application, allowing travelers to search and book flights directly from the corporate website. This airline website was ranked the fifth largest travel site and the largest airline site in terms of unique visitors (source: Comscore MediaMetrix). As a result of its online growth, the airline was acutely aware of the need to maintain compliance with the credit card data protection standards mandated by the Payment Card Industry (PCI) Security Standards Council in its efforts to ensure credit card security. The PCI Data Security Standard (DSS) industry protocol is a common set of tools and measurements that are applicable across industries to help ensure the safe handling of sensitive credit card data and the protection of cardholder information. PCI Compliance in travel and tourism is often differentiated from other industries because of the lag time between when a flight is booked and when the credit card is processed for that booking. In this scenario, the credit card information is usually stored until the travel has actually taken place, or shortly before. This practice is not allowed in a PCI compliant environment, leaving travel companies at risk for fines and under intense pressure for ensuring their databases are protected from being wrongly accessed or altered - unintentionally or otherwise. As a result of these requirements and increased exposure due to its popular e-commerce business, the airline needed a new approach to document the steps it was taking to achieve PCI compliance with auditors. In this case, that meant proving that passwords to its database of sensitive customer data (including names, credit card numbers, billing addresses and other information) were being effectively monitored, managed and changed regularly.

As an investment firm, this company is required to generate and send 1099 tax forms to its American clients each year. These forms are used to report additional earned income, including that from investments and interest payments. Since many of this firm’s clients hire Certified Public Accountants (CPAs) to prepare their taxes, these forms must first be shared by the firm with its clients and then by the clients with their CPAs. A key challenge the firm has faced is that these 1099 forms, which contain sensitive personal and financial data, must be handled with the highest degree of security. In the past, once these forms were generated in January each year, the firm would mail the forms to its clients since electronic means of file sharing were considered too risky and insecure. Clients, in turn, would mail or physically deliver these forms to their external CPAs. This highly manual process was costly and inefficient for both the firm and its clients. The firm’s IT team began searching for an easier, more secure way to send these sensitive tax documents to their clients and to enable their clients to share these tax documents with their external CPAs.

CyberArk works primarily with this financial services company’s business banking segment, which provides a number of financial products and services including business checking accounts, payroll management, accounts receivable processing and accounts payable processing. Before digital transfer and storage technology was available, many of the banking and treasury management services provided to customers were highly manual, requiring significant time and physical resources. This approach restricted the company’s ability to scale its business and create new competitive advantages. In order to expand its service offerings while still addressing the increasingly complex compliance and operations requirements, this financial services company needed a more secure, automated and operationally efficient approach to handling Cash Letter processing, Account Reconcilement Processes (ARP), Automated Clearing House (ACH) transactions, and Lock-box files. At a minimum, this would require transforming these files into digital assets that could be securely transferred, processed and stored. At the time, in the early 2000s, exchanging digital files was a challenge that required companies to develop in-house expertise around technologies such as File Transfer Protocol (FTP) and/or invest in expensive solutions that small to mid-size corporate customers couldn’t always justify. Even with the in-house expertise and expensive systems, many businesses couldn’t guarantee the security of electronically transferred files, nor could they guarantee that the system management processes would be governed properly. This company turned to CyberArk to help eliminate the need for complex, expensive and time-consuming communications technologies and instead move towards a more secure, automated solution.

Due to the nature of the practice, it is of the utmost importance that the law firm’s most sensitive information be handled with only the highest degree of security. One the firm’s biggest challenges was that executives and external board members considered electronic communications too risky to use to transmit confidential information for board meetings. As a result, the executives and board members still relied on the physical distribution of paper and CDs. The process of using paper and CDs was overly cumbersome, prone to error and highly ineffective for sharing important information quickly. Additionally, the distribution of paper and CDs was a largely untrackable process, and there was a significant risk that these items could accidentally fall into the wrong hands. Jamie, the Manager of Information Security, recognized the many challenges and risks associated with the use of papers and CDs. As a result, he began to search for a highly secure solution that could safely enable the exchange of confidential information, offered granular access control and was able to track exactly who accessed what and when.

As cloud vendors including AWS and Azure make clear, security in the cloud is a shared responsibility. Though these public cloud vendors take great efforts to secure the cloud infrastructure — compute, storage, etc. — their customers are fully responsible for protecting everything above the hypervisor, including the operating system, applications, data, access to external resources and other assets and infrastructure. Fully appreciating this shared responsibility model, the TOTVS Cloud security team set out to identify a security solution that could not only bolster their cyber resilience but also add value to the TOTVS Cloud by driving automation, standardization and increased efficiency. TOTVS Information Security Cloud Team conducted an in-depth technical analysis of potential solutions, ultimately selecting and deploying the market-leading CyberArk Privileged Access Manager Solution based on overall performance, resilience, health checks, high availability/disaster recovery requirements and cost.

According to the 2018 Deloitte Global RPA Survey, 53 percent of organizations have already started their RPA journey to help robotize repetitive routine tasks and drive digital transformation. RPA adoption is expected to increase to 72 percent in the next two years, and if it continues at its current level, RPA will have achieved near-universal adoption within the next five years. It’s not hard to see why – the same study points to total ROI in less than 12 months, with significantly improved compliance, quality, accuracy, productivity and cost reduction. This global insurance provider has embarked on a multi-year digital transformation journey aimed at achieving agile development at scale. To help steer this strategic initiative, the company’s application development team has embraced Blue Prism’s RPA technologies to automate operational activities, test new applications and accelerate operational agility. Over the past 12 months as part of a proof of concept, the firm integrated 10 business critical applications – including SAP, Windows and Lightweight Directory Access Protocol (LDAP) – into the Blue Prism Digital Workforce Platform. To interact directly with business applications, RPA software must mimic the way applications use and mirror human credentials and entitlements. This can introduce significant risk when the software robots automate and perform business processes – whether logging into a system to access data or moving a process from one step to the next. Often times, the credentials being used are hardcoded directly within the application. If an attacker successfully steals these credentials, they can ultimately take full control over the robot and gain access to target critical systems, applications and data. Fully understanding these risks, the CVP of Privileged Access Management at the firm, made securing privileged access to these robotic credentials a top priority.

Despite its success, like all enterprises BRAC Bank Limited (BBL) must face up to the many and varied challenges of security. To do this it has taken bold steps, becoming the first (and so far only) local bank to achieve ISO 27001:2013 certification for security management and BBL was the first Bangladeshi bank to deploy a Security Operations Centre to anticipate and defend against threats. Participating in the highly regulated financial sector, the bank prides itself on being at the forefront of implementing state-of-the-art security controls, policies and procedures across all operations. However, BRAC Bank must still address the familiar malware, spoofing and other familiar threat vectors. Also, it recognises that the cybersecurity threat landscape continues to change as data governance rules are adapted over time, including the Bangladeshi Guideline on ICT Security for Banks, PCI-DSS and SWIFT, while addressing payment partners’ security requirements and other local regulations. And, again typical, the bank has to fight to justify access to IT security resources and to retain security staff in a world where these skills are highly prized.

According to the 2017 Verizon Data Breach Investigative Report, 81 percent of data breaches involve weak or stolen credentials. Understanding that many cyber attackers focus their efforts on harvesting privileged credentials, the real estate services company has trusted CyberArk for more than six years to protect, control and monitor privileged access to critical information—including 500+ systems and one of its primary data centers. In the past three years, the organization has accelerated its move to the cloud to improve efficiencies, scale processes, deliver enhanced client services and maintain its edge in the ultra-competitive real estate market. Despite its many benefits, the cloud’s multiplier effect has created exponentially more privileged account credentials and secrets that are highly targeted by attackers and need to be properly managed and protected. As part of their cloud journey, the organization’s security team sought a way to further enhance security around these powerful, privileged account credentials through an additional, complementary security layer: multi-factor authentication (MFA).

Growing both organically and through acquisition since 1865, Milliken amassed unprecedented intellectual property, which has powered much of the company’s success. It has also presented challenges to protect that information and mitigate risks presented by the modern IT environment. Privacy and data security were a top priority. With the company operating more than 50 locations around the world, they needed a solution that could cover every endpoint and scale with the growing company. Amidst a current landscape of large breaches occurring at other companies, Milliken’s desire to protect its associates and its intellectual property led them to perform an internal security assessment, which included hiring a third-party security consultant to independently evaluate their environment. The assessment’s outcome demonstrated to the Milliken security team that changes were needed, leading to new security policies for managing this global IT environment. At Milliken, end users were running with full administrative rights on their company devices. A goal was established to eliminate this high risk and only allow certain individuals to have elevated privileges and only for specific applications and functionality. Along with establishing least privilege, the company sought better capabilities to govern application control. To ensure that users continued to have the freedom needed to do their jobs effectively, the right solution needed to balance the needs of the business around innovation but also minimize risk to the company and brand.

This global financial services firm, with $2 trillion in assets and operations in more than 60 countries, faced significant challenges in managing nearly 50,000 emergency or break-glass accounts. These accounts are essential for emergency access to over 20 target platforms across seven lines of business. The firm's Security and Risk Management Group was under immense pressure due to the manual and burdensome processes required to manage these accounts. The complexity was further exacerbated by the use of three large, regional Lotus Notes databases for managing break-glass accounts, which contributed to extended password request and fulfillment times. The primary goals for investing in a privileged identity management solution were to reduce costs through better automation, migrate from the slow and complex Notes technology, and centralize the databases.

The direct selling industry, which collects billions of personal data points from customers globally, is a prime target for cybercriminals. Beyond personally identifiable information (PII) and payment card industry (PCI) data, they gather other sensitive information such as social security and government ID numbers. Princess House’s information systems and technology (ISIT) team recognized the need to secure privileged access to this sensitive information to preserve customer trust and protect Princess House’s reputation. Before implementing a PAM solution, accounts were stored in password-protected spreadsheets without enforced password rotation, posing a significant security risk. The team initially selected a PAM solution but faced issues with its implementation, which was complicated and lacked a step-by-step guide. The platform was inflexible, requiring all accounts to be managed at once, which was not suitable for their phased approach.

Changing customer expectations, greater digital use, and the evolving cyber threat landscape are challenging financial institutions to balance innovation with effective security practices. Privileged access management (PAM) is critical to enable flexible yet controlled access to critical systems holding sensitive customer PII and other valuable information. As financial systems grow in size and complexity, privilege is everywhere, making strong PAM essential for banks to move with agility without jeopardizing their brand or regulatory compliance.

To enhance global collaboration and integration, Shiseido planned to move to an entire portfolio of cloud-based applications but needed a single sign-on capability to provide robust user authentication for both Active Directory and external users. Shiseido’s legacy environment utilized an on-premise application, accessible via a domestic portal for its Microsoft Windows-based users. The company recognized that it would be impractical for the existing corporate infrastructure to support new cloud applications because it would force users to set up individual IDs and passwords for each application that needed to be accessed. Worse still, it would significantly increase the security risk with so many different passwords having to be created and memorized. In addition, the company estimated there would be a significant reduction in user productivity associated with managing the numerous log-ins, and an associated increase in IT support and administrative work to keep everything running smoothly. Leveraging the portal concept, Shiseido’s plan called for implementing an Infrastructure-as-a-Service (IaaS) environment but to be successful, there was an urgent need for an authentication infrastructure that could enable single sign-on access to cloud-based applications via a globally available portal.

The insurance company wanted to use DevOps methodologies and containerize thousands of applications to increase business agility, eliminate inefficiencies, and accelerate the pace of innovation. Containerized applications use secrets such as passwords, tokens, and SSH keys to gain access to sensitive enterprise resources such as databases, web applications, compute, storage, and networking services. The security team recognized that in some other organizations, out of expediency, developers have hardcoded secrets, access keys, and other sensitive credentials into applications. Hardcoded credentials are not only challenging to rotate but also potentially expose the business to data theft and malicious attacks. The insurer’s information security organization wanted to ensure credentials were removed from code to reduce potential vulnerabilities, such as inadvertently exposing secrets in the code stored on repositories. A key priority was to ensure applications can securely access databases and other sensitive resources without impairing developer productivity or hindering application delivery.

The company faced challenges with their existing SharePoint workflows and DevOps processes, which were frequently breaking. They needed a more reliable and efficient way to manage privileged access without the need for submitting tickets, going through workflows, or waiting for approvals. Additionally, they had a tight deadline to meet an external customer requirement for privileged access management, which included signing the purchase order, installing the solution, and managing a larger number of servers than initially anticipated.

The organization faced significant risks related to endpoint security, particularly concerning the potential for pass-the-hash attacks and same-account harvesting. The challenge was to reduce the attack surface by removing local administrative rights on workstations, which would minimize the chance of privilege escalation. Additionally, the organization needed a solution that could provide immediate reporting to the Security Operations Center (SOC) in case of an incident. The goal was to enhance overall security while maintaining operational efficiency.

Implement a cloud-based identity management solution as the basis for an entirely new cloud-based infrastructure. Include secure single sign-on (SSO) to support productivity-enhancing mobile apps. Do this in a way that reduces demand on IT. As with any Local Distribution Company (LDC), the top priority at London Hydro is literally keeping the lights on. LDCs must therefore act with extreme caution when it comes to introducing new technologies into the system that could negatively impact service to customers. But that caution must be balanced with the many benefits new technologies provide, such as the ability to significantly reduce costs, improve delivery systems and minimize waste. After months of careful evaluation of the advantages and the risks, Mike Flegel, Cyber Security Specialist at London Hydro, was tasked with finding a single sign-on platform that would support the company’s move to a cloud based infrastructure. Historically, security at LDCs has been a matter of simply keeping office and field networks physically separate, and requiring multiple passwords to access individual resources. But times have changed — complete separation can be too restrictive and users juggling multiple passwords can end up being security risks themselves. London Hydro needed to implement an identity management solution that would be the basis for an entirely new cloud-based infrastructure consisting of everything from traditional ERP datacenter applications like SAP and JDE to new, mobile apps for the field. At the same time, it was important to reduce the IT workload by minimizing password reset requests, and simplifying the process of adding or removing employee access and incorporating new apps into the environment.

Avoid the build-out of a high-cost disaster recovery co-location for a product that was already difficult to implement and manage. Simplify app integration, address MDM requirements and SOX compliance, and ensure a more robust security stature. When SBA Communications began using SaaS-based apps like Innotas, ExpenseWatch and Yammer, they implemented Microsoft’s Active Directory Federation Service (AD FS) at an approximate total cost of $35,000 for identity management. While implementation and application integration proved challenging, the product met the company’s requirements at the time. As their environment evolved, however, the solution became increasingly difficult to manage. To assist in the implementation, they hired a consulting firm with AD FS expertise, which took six weeks to get the initial solution implemented. However, a new version of AD FS was soon released, and the company was faced with having to migrate the entire infrastructure. Integration was so painful the first time around that they dreaded having to migrate those same apps into the new environment. The unfortunate result was two live versions of AD FS, each with its own set of SaaS applications that required significant resources and a coordinated effort to maintain. The real issue arose as cloud-based solutions became more pervasive within the company’s environment. While they had previously incorporated only a few, less-critical SaaS apps, the benefits of cloud-based solutions led the company to adopt more until eventually disaster recovery became an issue.

At Chugai Pharmaceutical Co Ltd, three different tools were used to provide single sign-on (SSO), enterprise mobility management (EMM) and multifactor authentication (MFA) across the company’s European and US divisions — Chugai Pharma Europe, Ltd. With a limited IT staff in each location, management of these separate solutions created unnecessary strain and considerable expense. Looking to simplify IT processes and save money, the company first considered expanding its relationship with its existing SSO provider. The company was also looking to replace its existing MFA tool with a solution that leveraged users’ mobile devices. They needed a cloud-based solution that included SSO, MFA and EMM to protect Chugai’s intellectual property as well as the personal information of patients participating in their clinical trials.

Implement identity federation services for Office 365 without requiring significant new investment or added pressure on the IT team. Provide single sign-on for users. Simplify the IT tasks of user provisioning and deprovisioning. Help ensure compliance with GLBA regulations. In the process of renewing their Microsoft Enterprise Agreement, The Citizens Bank decided it was time to move to Office 365 for a more easily-managed solution. However, they’d heard that Microsoft’s complementary Active Directory Federation Services (AD FS) product comes with many challenges and considerable expense. The company decided to look for a more efficient solution that wouldn’t require significant additional investment in the transition to Office 365. As an FDIC-regulated financial institution, the company must also comply with GLBA (Gramm–Leach–Bliley Act) regulations, which require that a host of specific actions be taken to protect customer financial data. Two key components of protecting user information are tightly controlling access to the data and having the ability to quickly remove that access when employees leave the company. So, secure password management and the ability to easily provision and de-provision cloud applications are essential.

Drive flexibility across the business. Deliver employees single sign-on access to all the apps they need, located in one central portal. Ease the onboarding process and increase productivity for all users. When Chief Technology Officer Sébastien Huet joined Rémy Cointreau in 2015, one of his primary objectives was to help transform the company into a more agile organization. A key component of that transition would be the upgrade of its IT infrastructure to provide more flexibility, respond better to changing worker habits and deliver exceptional support for the business. Huet encountered another example underscoring the need for an overhaul. It took months to open their new office in Asia. One of their key objectives is to have the flexibility to open a new office anywhere in the world in a matter of days. Huet and his team set out to transform IT and with it, the business as a whole. The company was moving to a cloud-based architecture, with the goal of relying exclusively on web apps. They wanted to be able to access apps from any device, anywhere and at any time, so mobile management was crucial. And for optimal security, they needed to transfer focus from the network and the device to the applications. Identity management would be essential to achieving these goals.

The Director of Training for Six Flags Over Texas, Jayson Maxwell, faced several challenges in onboarding employees effectively. These included high employee turnover, lack of work experience among new hires, and the need for engaging and mobile-friendly training solutions. Additionally, inconsistent WiFi necessitated a mobile app, and there was a need to ensure that learning and training took place efficiently within a short timeframe. Reporting for critical issues like safety and protecting intellectual property were also significant concerns. Overall, the goal was to establish a comprehensive knowledge base and ensure that employees were well-versed in both general park operations and specific job requirements.

While BERNINA is highly regarded for their training and service, Connie knew that training needed to adapt to modern learners at their busy retail partners. She issued a challenge to improve their training delivery more efficiently train more personnel at their retail locations. It was a two-prong approach, first, she launched an effort to find a technology partner who could customize a solution for their specialty industry, second, she brought in Susan Fears as their top-of-the-line product expert to focus on the initial content. The goal was to start with a B2B program of micro courses for their dealer network. These courses would demonstrate how to sell the BERNINA products to consumers. Education is truly a cornerstone of the company and their training resources were vast, but primarily in written or face-to-face form. Their prior efforts were as effective as possible given the resources at the time, but technology has created new potential for reaching a wider audience at less cost. They were already using some online elements into their blended training program. They offered PowerPoint webinars which could be blended with their live event classes, conferences, and hands-on training. Their existing training was expensive (for BERNINA and their retailers) and they discovered long-term retention was challenging. Most of their retailers had limited staff. Sending one or two to a training conference was hard on their wallets and the staff they left behind. In addition, once the newly trained staff returned to their stores, the challenges of daily operations kept them from training other staff members. On BERNINA’s end, they discovered the cost of large conferences, with dozens of machines being shipped in for hands-on training was cost prohibitive. They questioned the effectiveness of offering training months before the new machines were actually shipped to the retail stores. They needed a way to refresh and remind their retailers of their previous training. Another training approach was really high-end, sending highly qualified trainers out to individual stores. This was easier and less expensive for the retailers, but extremely costly for BERNINA to hit hundreds of sewing centers. Fanders points out that the turnover of retailers’ trained staff reduced the effectiveness of the training and ROI. The most in-depth training alternative was a one-week live training at BERNINA’s headquarters in Chicago. Fears describes this effort as valuable, but extremely detailed.... and a little like trying to take a sip of water from a fire hydrant. Just as technology has created potential new avenues for their training through online mobile learning, technology spurred BERNINA to expedite the launch of new models and features. More frequent innovations in their machine features have resulted in the need to update training more frequently. Armed with solid content, (valuable intellectual property), and a highly qualified training staff - BERNINA was up for the challenge of change.

Existing “off the shelf solutions” didn’t meet Pella’s needs for sales training. Their goals were to offer cutting-edge, mobile training to differentiate their sales field from the rest of the industry. This includes training for solving customer problems and positioning the integrity of Pella products against the competition. In addition, Pella Sales Managers are trained to focus on the development of people, not to push papers. So, an additional goal was to empower Sales Managers as coaches. To do all this, Pella needed to meet their team where they were through learning that was engaging, social, and mobile.

IslandSurf had selected NetSuite as its software platform and knew that they could not implement NetSuite without a solid 3PL solution. They required a solution that would automate their 3rd party warehouse processes to better serve their customers and be more efficient. As it was, IslandSurf spent much time and energy manually flagging orders that needed to be sent to AtLast Fulfillment, exporting just those orders, canceling any items on the order that shouldn’t be fulfilled at AtLast Fulfillment, and tracking and manually updating the sales orders once they were fulfilled.

Growing pains often come with starting and scaling a business. While the pain is easier to absorb when funding is readily available, scaling a company with limited financial resources is a daunting task, especially for businesses that sell and ship a niche product. What should you do if your sales are growing but your volume is not high enough to warrant maintaining your own warehouse? Despite the obstacles, Mio Global pushed ahead to grow into a multi-million dollar technology company while still keeping costs, time, and effort low. In 2012, Mio ramped up its direct-to-consumer business. Around this time, they developed a new product: a fitness-centric continuous heart-rate monitoring watch that did not use a chest strap via optical blood flow sensors. A user’s heart-rate data was broadcast via bluetooth low energy and was compatible with all smartphones, such as iPhone 4s and Galaxy S3. Outside funding was needed as Mio lacked sufficient funds to develop the product. The company started a Kickstarter campaign, which was a success. The aftermath, on the other hand, was “a complete nightmare” when the time came to fulfill and ship orders to their customers, with costs that went “through the roof” according to Inventory and Forecast Analyst Manager Tim Frazer. They were spending too much time, money and effort on shipping logistics. Their goal was to expand sales globally, and they needed a better way to handle the supply chain and logistics aspect of their business. Unfortunately, when Mio researched third-party logistics solutions, they found that most providers were far too expensive and required higher volumes than their needs allowed. Freight forwarding services were too cumbersome when issues like change orders arose, which would result in an unhappy customer who would post to social media blasting the company. While Amazon looked like a viable option, Mio wanted to be able to sell and ship from various international locations with a single point of contact on their end.

Lumens Light + Living needed a way to get accurate, consistent feedback from customers on their level of satisfaction. They lacked a solid gauge of their performance and needed to improve certain areas. Customers came from various points of entry, and Lumens needed a way to ask questions specific to each point of entry and weight what’s more important if a customer purchases in-store versus over the web. They had recently implemented NetSuite and wanted a customer satisfaction survey integrated with NetSuite and transaction-based. Most survey solutions they looked at were not based on transactional events, so they turned to Celigo to extend NetSuite and build a solution within NetSuite’s inherent customization capabilities.

Cellebrite needed to tightly integrate its CRM and ERP systems to ensure they 'speak the same language' and are aligned at all times. The integration had to be cloud-based to align with the company's strategy of managing all business applications through the cloud. Additionally, the integration had to be implemented simultaneously with the launch of Salesforce and NetSuite, adding complexity to the project. The company also faced the decision of whether to build a custom integration or use a prebuilt solution.

With booming business comes growing pains. Businesses that accept various forms of payments from their customers need to be efficient in managing their finances. A lack of visibility leads to various issues and redundancies. About 7 years ago, Spectrio was entering each receivable manually and using a check scanner. This resulted in countless errors and double-entry work, which prompted them to secure a bank lockbox 4 years ago. This allowed them to print out lockbox reports and manually reconcile those numbers. Still, they encountered issues due to the company doubling in size since 2011, requiring one full-time employee to spend about 30 hours per month on data entry, which was not an efficient use of company resources.

Similar to many companies, Spectrio manually processed cash application. With a monthly subscription business model, Spectrio processed about 3,000 check payments per month. Even after setting up a lockbox account with their bank, a full-time employee spent 30+ hours per week on data entry to manually reconcile lockbox reports against invoices in NetSuite. This was in addition to hours spent in investigating discrepancies and correcting data entry errors. Furthermore, Spectrio had to wait until close of business to view cash flow and payment statuses. These challenges were at a time when the company was facing rapid growth.