Leading ERP Provider TOTVS Secures Workloads and Infrastructure Across Cloud Environment with CyberArk

Customer Company Size
Large Corporate
Region
- America
Country
- Brazil
Product
- CyberArk Privileged Access Manager Solution
- CyberArk Privileged Session Manager
- CyberArk Enterprise Password Vault
Tech Stack
- REST APIs
- AWS
- Azure
Implementation Scale
- Enterprise-wide Deployment
Impact Metrics
- Cost Savings
- Productivity Improvements
- Customer Satisfaction
- Digital Expertise
Technology Category
- Cybersecurity & Privacy - Identity & Authentication Management
- Cybersecurity & Privacy - Network Security
- Cybersecurity & Privacy - Security Compliance
Applicable Industries
- Software
- Professional Service
Applicable Functions
- Business Operation
- Quality Assurance
Services
- System Integration
- Cloud Planning, Design & Implementation Services
- Cybersecurity Services
About The Customer
Brazil-based TOTVS is the #1 enterprise resource planning (ERP) provider in Brazil, and one of the largest in the world, delivering intelligent and integrated technology solutions that give customers a competitive edge. Organizations in more than 41 countries trust TOTVS to integrate and manage core business processes — from finance and HR to manufacturing and supply chain management — to drive visibility and efficiency across the business. The company has a cloud platform underpinned by public cloud providers such as AWS and its own cloud that allows TOTVS customers to run their TOTVS ERP solutions in the cloud, while delivering enhanced performance, pay-as-you-go flexibility and scalability. But running IT workloads in the cloud is not without risk. As the platform’s usage skyrocketed, TOTVS sought to increase the security of its cloud assets and services, while enforcing consistent privileged access policies across the environment.
The Challenge
As cloud vendors including AWS and Azure make clear, security in the cloud is a shared responsibility. Though these public cloud vendors take great efforts to secure the cloud infrastructure — compute, storage, etc. — their customers are fully responsible for protecting everything above the hypervisor, including the operating system, applications, data, access to external resources and other assets and infrastructure. Fully appreciating this shared responsibility model, the TOTVS Cloud security team set out to identify a security solution that could not only bolster their cyber resilience but also add value to the TOTVS Cloud by driving automation, standardization and increased efficiency. TOTVS Information Security Cloud Team conducted an in-depth technical analysis of potential solutions, ultimately selecting and deploying the market-leading CyberArk Privileged Access Manager Solution based on overall performance, resilience, health checks, high availability/disaster recovery requirements and cost.
The Solution
The TOTVS cloud infrastructure enables new virtual servers, data stores, containers and other resources to be provisioned as needed. When each new ERP resource is initiated and launched, it is assigned corresponding, privileged credentials to facilitate programmatic requests. But these privileged credentials are unsecured, creating countless new vulnerabilities across the environment. With the CyberArk solution in place, the TOTVS team began automating the once-laborious process of provisioning new instances, securing their associated credentials and secrets in CyberArk’s centralized, encrypted Enterprise Password Vault and managing them using the principles of least privilege. Leveraging REST APIs, these privileged credentials can now be retrieved on-demand by authorized users and applications without requiring human interaction. And when the infrastructure is deprovisioned, the CyberArk solution removes its privileges automatically. To further reduce the size of the attack surface and secure assets across the cloud environment, CyberArk Privileged Session Manager acts as a gateway (or jump server) to limit RDP and SSH access, segregate and harden the network, monitor sessions and produce tamper-resistant audit logs. This enables TOTVS Cloud analysts to access customer servers without ever having direct access to passwords for customer environments. The CyberArk solution has also enabled TOTVS to eliminate hard-coded and visible applications and scripts that utilize the cloud platform’s API while providing a highly secure method for integrations between applications.
Operational Impact
Quantitative Benefit
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
Related Case Studies.
Case Study
SET Creative Ditches Google Vault for Datto Backupify
When Kienholz first started at SET, the staff was using Microsoft Outlook for email with no form of data backup. It became apparent that something needed to change as the staff was often burdened with trying to recover emails from departed employees. Kienholz transitioned the team to Google’s Gmail and implemented Google Vault for backup purposes. While SET employees quickly adjusted to Gmail, which many use for personal email, the same could not be said for Google Vault. “Unlike most Google products, Vault was not user friendly at all. It’s very hard to search for items. We never really figured out how to do a restore either,” explained Kienholz. Due to SET’s work with high-profile brands, projects often go through many rounds of revisions right down to the eleventh hour. This means that every bit of information - especially data living in project managers’ emails - is crucial to delivering clients a polished design at deadline.
Case Study
Infosys achieves a 5–7 percent effort reduction across projects
Infosys, a global leader in consulting, technology, and outsourcing solutions, was facing significant challenges in application development and maintenance due to its distributed teams, changing business priorities and the need to stay in alignment with customer needs. The company used a mix of open source, home-grown and third-party applications to support application development projects. However, challenges resulting from distributed teams using manual processes increased as the company grew. It became more and more important for Infosys to execute its projects efficiently, so they could improve quality, reduce defects and minimize delays.
Case Study
Arctic Wolf Envelops Teamworks with 24x7 Cybersecurity Protection and Comprehensive Visibility
Teamworks, a leading athlete engagement platform, faced rising cyberthreats and needed enhanced visibility into its network, servers, and laptops. With software developers connecting from all over the world, the company sought to improve its security posture and position itself for future growth. The company had a secure platform but recognized the need for a more proactive solution to identify gaps within its technology infrastructure. Data exfiltration and malicious access were top concerns, prompting the need for a comprehensive security upgrade.
Case Study
Sawback IT and Datto Save Client From a Costly Mistake
Ballistic Echo, a software development house, faced a critical challenge when human error led to the deletion of thousands of lines of unique code. This incident occurred before the code was pushed to source control, resulting in significant loss of time, revenue, and work. The previous file-level backup solution they used was slow and inefficient, making it nearly impossible to manually recreate the lost work. The need for a more reliable and efficient business continuity solution became evident to avoid such disasters in the future.
Case Study
Opal Helps Customers Shine Thanks to Datto
SP Flooring & Design Center faced a ransomware attack that encrypted and locked their files. The attack was initiated through a compromised service account set up by an outside vendor. The ransomware infection was isolated quickly, but there was a concern about the extent of the data at risk. The company had backups in place but was unsure of how much information was compromised. The situation required immediate action to prevent further damage and restore the affected data.
Case Study
Zapier Aggregates Multiple Analytics in a Single Dashboard with the New Relic Platform
Zapier, a company that enables non-technical users to push data between hundreds of web applications, was facing a challenge in automating and provisioning servers for optimal performance. The company's environment consisted of 50 Linux servers on the Amazon Elastic Compute Cloud (EC2), a Django application split across several servers, and a backend consisting of a dynamic number of celery task workers fed by messages published to a RabbitMQ cluster. They also maintained a number of internal web services on nginx in front of Gunicorn and Node.js processes. Redis handled simple key and value stores, with logging handled by Graylog2 and ElasticSearch. However, they realized that no level of automation would be sufficient without an effective monitoring solution in place. They needed a tool that could provide immediate alerts when something was breaking and could be easily implemented into their environment.