After a major merger, DJO grew from $400M to nearly $1B in revenue, as well as increased in employee size by more than 60 percent. Starting with one IT department, DJO, LLC now had multiple IT departments with numerous support channels and a veritable hodgepodge of support tools. This led to confusion, lack of productivity and increased support costs. IT leadership, with the assistance of systems integrator and trusted advisor RightStar Systems, determined that they needed a single, streamlined solution that would enable each support desk to support employees in any location, so they began an evaluation of what they coined, “borderless support” solutions.

Quintiles Transnational, a leading global pharmaceutical services organization, manages over 13,000 end-user computers. The company wanted to remove the local administrative privileges from all end-user accounts and run a Least Privilege user environment. This would help Quintiles achieve compliance with the FDA’s Title 21 Code of Federal Regulations, increase security, and better protect client and patient data. However, with administrative privileges removed, end-users would no longer be able to run dozens of critical third-party, off-the-shelf software, as well as many in-house developed applications. End-users would also no longer be able to install local printers or any software on their own. No workaround that they had identified would allow applications that required administrator privileges to run, and writing custom install scripts or frequently visiting individual desktops to install software was not a secure or productive solution.

Birmingham Women’s and Children’s NHS Foundation Trust faced the challenge of providing quick, efficient, and secure assistance to their remote staff. The staff often connected to the network from home via VPN, particularly on smart devices such as tablets, which had been a challenge for many years. An additional issue was accommodating third parties or contractors who required access to the Trust’s network. It was essential for the Trust to maintain absolute control and oversight of third-party access, only granting entry to the necessary systems and data. The Trust and its staff handle incredibly sensitive information and are accountable under regulations including the Data Protection Act, the General Data Protection Regulation (GDPR), and local governance policies.

Eide Bailly, a top 25 accounting firm in the US, performs audits for a number of banks and financial institutions. As part of their audit process, they often look beyond the balance sheet to assess if computing systems are up-to-date and meet industry regulations. This is where Eide Bailly’s technology consulting division steps in. They work with clients to improve performance and profitability, but before they can do that, they need to address security. For those in the financial sector, this isn’t just a business issue but a regulatory one. External vulnerability assessments are required in order to comply with regulations. The challenge was to find a comprehensive vulnerability scanning solution to serve as the foundation for penetration testing services.

Carbonite, an online backup and restore service provider, was already using Bomgar’s hosted solution for remote support. However, the company wanted to expand its use of Bomgar to take advantage of additional features such as collaboration functionality, recording features, and analytic capabilities for viewing key support metrics. The company had two specific business objectives: to monitor customer support interactions to recognize where additional training gaps existed, and to observe customer satisfaction levels during interactions with customer support agents. The company also wanted to fully integrate the solution into their CRM system and reduce their licensing costs.

RWE Supply & Trading, a leading energy trading house and a key player in the European energy sector, was facing a challenge of reducing the attack surface while meeting budgetary and regulatory constraints. The European energy sector is undergoing fundamental changes, with subsidised expansion of renewables causing margins and utilisation of conventional power stations to decline, thereby requiring energy providers to reduce costs. But against this cost reduction, energy providers such as RWE Supply & Trading cannot sacrifice security. As the IT Security Architect for RWE Supply & Trading, Loucas Parikos needed to protect the infrastructure while meeting these cost and regulatory constraints. “We wanted to reduce the attack surface and minimise our chances of being exploited.” In taking a phased approach, RWE addressed individual problems separately and then brought the solutions together under a common reporting and management platform.

The healthcare company, with approximately 3,000 employees in the United States and Canada and 150 office locations, operates a virtual network environment with the majority of employees logging into virtual desktops to do their work. The demographics of the company’s workforce runs the gamut from millennials, who in general are very computer savvy, to older employees who often have little experience with computers and other electronic devices. Many of these employees are involved with data entry and commonly perform tasks such as scanning and printing documents. The company has grown rapidly over the past several years through multiple acquisitions and is segmented into multiple, unique brands. The company routinely accesses medical records and, as a result, takes numerous measures to comply with HIPAA and the Common Security Framework of HITRUST.

The article discusses the challenges faced by organizations in securing their infrastructure from cyber threats. These threats can come from various sources, including criminals infecting networks with ransomware, hacktivists making political statements, careless mistakes by insiders, or ethical hackers compromising poorly defended infrastructure. Many companies take a lax approach to cybersecurity, either thinking they will never be breached or worrying that it's too expensive and will slow down their operations. Resistance to change associated with additional security controls and monitoring is common. Another hurdle is integration, with organizations often dealing with third-party apps, in-house customizations and software, on-site operating systems like UNIX, Linux, Windows, and OSX, and off-prem cloud-based apps that run on AWS and Google Cloud.

Oxford Properties Group, a leading global real estate investor, asset manager, and business builder, was facing a challenge in securing its operational technology (OT) and non-traditional endpoints. The company was looking to improve endpoint security for IoT, desktops, servers, and other devices. The IT team identified the need for a solution that would allow the many vendors that serviced the buildings access to what they required, but without installing any local software or VPNs. These tools can create security gaps, especially with regards to privileged access. The company was also looking for a solution that would not require the vendor to install any local applications—they simply request access and can connect to the network with any internet-enabled device.

Powersolution, a New Jersey-based IT services company, was facing challenges in providing remote assistance to its clients. The company was using the Microsoft remote assistance feature on each customer’s operating software, which was a time-consuming and complex process. The company was also facing difficulties in supporting users who were working remotely and not connected to the client’s virtual private network. Powersolution recognized the need for an alternative solution to fulfill its promise of superb customer service.

DSM was working on an internal project to migrate 18,000 desktops from Windows NT4 to Windows XP. A new group was created to design the XP desktop environment to be as secure as possible. The group identified a critical component to improving security was to remove local administrator rights from end users and to enforce a Least Privilege environment. To achieve this, DSM set a policy that all end users must log on as standard users without elevated privileges. However, DSM relies on a long list of applications that require administrative privileges to do business. If end users no longer had administrative rights, these applications would not work. Additionally, DSM’s sales force must be able to manage certain settings, such as connecting to local printers and configuring an IP address when connecting to a new wireless network. Without administrator privileges, end users would not be able to make necessary system changes when they traveled.

The University of Texas M.D. Anderson Cancer Center, a world-leading institution for cancer treatment and care, was facing challenges with its Unix network infrastructure. The network, which hosts over 500 Unix servers, houses confidential patient information and several critical financial and healthcare applications. With the Health Insurance Portability and Accountability Act (HIPAA) requirement deadlines quickly approaching, and critical patient care dependant on the reliability of network computer systems, the institution needed to find a secure way to manage and protect its IT infrastructure. The previous Unix environment was not centralized, and it was difficult to understand what activities were being performed at each machine.

Standard Bank of South Africa Ltd purchased the Retina vulnerability management solution to reduce the risk of security breaches and shrink the organization’s attack surface. The bank frequently uses Retina's capabilities such as agentless network scanning, web application scanning, virtual environment scanning, patch management module, configuration compliance, and regulatory reporting module. The bank addresses compliance regulations such as PCI DSS and SOX with their Retina vulnerability management solution.

Debitsuccess, a third-party payment processor, was undergoing a digital transformation and needed to review its vulnerability and patch management solutions. The company wanted to reduce risk through better vulnerability visibility, reporting, and remediation, while also improving operational efficiency. Another challenge was to strengthen the ability to effectively prioritize which vulnerabilities to fix first. The company needed a solution that could provide strong vulnerability discovery capabilities without being resource intensive, ease of use, intelligent visibility to help prioritize IT risk management decisions, risk remediation with clear visibility and reporting into how vulnerabilities were fixed, ability to configure how and when remediation is done, and integration with existing infrastructure.

Horizon Beverage’s support team was faced with the common issue of giving third-party vendors access to their internal network to perform software upgrades and routine maintenance. Prior to Bomgar, they were allowing vendors to connect via RDP and VPN, which allowed for unfettered network access. When Horizon purchased Bomgar Remote Support more than eight years ago, remote support licenses were assigned to vendors to better control and monitor their access. Over time, Horizon Beverage’s vendor access needs matured, requiring a solution purpose built to manage privileged access and broker connections between the company’s vendors and its secure network.

Axiom Medical, a healthcare company based in Houston, Texas, was using VPN connections and Skype for Business to remotely connect to end user devices and servers. However, the help desk team experienced instances in which the VPN would drop due to problems with the end user’s internet connection, leaving them without a means to connect remotely to a user’s device. The basic remote desktop access products had a very limited set of features, restricting the scope of tasks the techs could perform remotely. Additionally, the IT department had concerns that the security of these remote support sessions was inadequate. As a result, the organization began looking for a better solution, with more advanced features and top-grade security.

A leading retail clothing company was operating multiple brick-and-mortar enterprises using a complex patchwork of systems for identity management across its Unix, Linux, and Windows systems. When the company created a new division to handle consolidated online sales for all its enterprises, the complexity of their systems came to a head. The online division was having difficulty complying with the Payment Card Industry (PCI) Data Security Standard. The problem was that the organizations has too many different operating systems, domains, and directory services made it impossible to manage user ID and passwords systematically. The company also needed to address issues of inefficiency. For the end users, engineers and developers, it’s very difficult to maintain continuity for their day-to-day work with multiple account IDs and passwords across the enterprise.

The company, one of the world's largest payment and processing companies, has been aggressively expanding in the fintech space through acquisitions. This rapid growth has necessitated the scaling of all support systems and personnel to meet the increased demand for expertise. The company had accumulated seven different remote support websites and several data centers due to the acquisition of other companies and the launch of new products. The challenge was to streamline these systems and improve the efficiency and security of their support operations.

The University of Utah faced a unique set of IT challenges due to its diverse blend of students, professors, contractors, staff, visitors, and IT personnel. Many individuals held multiple roles concurrently, and roles could change or pause over many years. The university's hospital environment added to the complexity, as some students were also employees with access to Protected Health Information. Managing all these permissions, privileges, and access was exponentially more difficult than in a more traditional organization. The university needed to increase visibility into its accounts and reduce its risk, specifically improving the way it handled privileged accounts.

Asklepios Kliniken, one of the largest private clinic operators in Germany, faced the challenge of meeting highly complex requirements for IT password management. They needed to manage, monitor, and control privileged credentials and control access to on-premises, cloud, and hybrid infrastructures. The IT division of Asklepios Kliniken required a solution for efficient and secure password storage, session management, and allocation of credentials. The company needed to comply with comprehensive compliance guidelines, and legally compliant logging of all administrative work was indispensable. They needed to track who worked with which server and when, even with external partners.

ACME Truck Line’s seven-man tech support team is responsible for 500 employees located throughout the country. Approximately 80% of these employees are located within the company network or are connected to it via VPN, but the remaining 20% are outside the company network. This is a significant segment of the organization. Because the VPN client software issues make up a majority of the issues needing attention, finding an effective remote support solution was critical for the team. While Symantec’s pcAnywhereTM1 could be used to support employees inside of the company firewall, employees outside of the company network had to be supported by phone. This required ACME support reps to relay complex instructions to end-users. Because of the support team’s size and the scope of its responsibilities, on-site visits were often necessary to troubleshoot complex problems and put a strain on its already limited workforce.

CETREL S.A., a Luxembourg-based company specializing in electronic transfers and payment technology, was facing challenges with managing their complex IT environment. They had been using sudo to manage their Unix/Linux assets and trace access from their support teams to applicative or generic users. However, as they continued to add Unix and Linux servers to their operations, they found that sudo was not providing adequate security over their logs as required by PCI DSS mandates. The process of reviewing sudo logs was time-consuming as it required accessing every server individually. Additionally, sudo logs could be altered by the super user, and the time required by system engineers to configure sudo was deemed unacceptable.

In 2010, a North American college approached B Virtual looking to offer their certification exams online in a proctored environment. The college had students taking online courses but writing paper-based exams. When the semester ended, the student needed to travel to a physical location to write a paper-based exam. The college sought a way for the student to take an online test while ensuring the integrity of the exam session. B Virtual knew they needed a trusted and forward-thinking technology partner offering a scalable, fast-growing solution for their live online proctoring program. They required a versatile technology to remotely log into a student’s computer while they were taking their exam. Having this monitoring ability prevented the student from compromising the integrity of the exam and provided a higher level of reliability to the colleges who were administering the exams.

CSC, a global leader in providing technology-enabled business solutions and services, faced several challenges in its help desk operations. The company's clients are geographically dispersed, leading to language and cultural barriers. The company also had to support multiple platforms and comply with various federal security and privacy regulations due to its clients being in highly-regulated industries such as government, healthcare, and banking. Previously, CSC used a combination of applications to access certain client desktops. However, many of these tools did not provide the required encryption needed to connect securely, and they either did not have sufficient logging and reporting capabilities for auditing or created disconnected silos of reporting data.

Fidessa, a provider of trading and investment technology and services, was facing challenges in supporting its global customers. The company's support technicians had to rely on the user's description of the issue and screen shots of the user's computer screen to diagnose and solve issues. This process was often cumbersome and could lead to extended support calls due to the complex nature of Fidessa’s trading platforms. The company was in need of a solution that could introduce efficiency and improve customer experience while ensuring total platform security.

Meander Medical Centre, an award-winning healthcare institution in the Netherlands, moved into a new facility in 2013. The new facility was designed with a state-of-the-art information communications technology (ICT) infrastructure. The hospital's IT team needed to provide secure access to the hospital's IT network for its extensive medical equipment and application suppliers. These suppliers needed access to maintain and support their solutions and track and report on results. The hospital had approximately 80 suppliers who needed access to their network, making it critical to provide access in a way that complies with government regulations concerning healthcare information security. Setting up virtual private network (VPN) connections for each of the suppliers was an unattractive option due to the high skill level required, the maintenance costs, and the inability to audit what was happening during remote sessions.

The customer purchased the PowerBroker privileged account management solution to reduce risk from security breaches, meet compliance regulations, tighten operational practices, and lower the total cost of ownership. The solution was deployed to remove local admin rights from users, elevating privileges only when needed. The PowerBroker solution was also used to address compliance regulations such as Sarbanes-Oxley (SOX).

Standard Bank of South Africa Ltd purchased the Retina vulnerability management solution to reduce the risk of security breaches, shrink the organization’s attack surface, and meet compliance regulations. The bank needed a solution that could provide visibility into exposures across multiple layers of infrastructure, profile previously unknown assets on the network, report risk to IT administrators, management and/or auditors, and identify and prioritize remediation tactics.

Genscape, Inc. purchased the Retina vulnerability management solution to reduce the risk of security breaches, shrink the organization’s attack surface, and meet compliance regulations. The company was facing challenges in gaining visibility into exposures across multiple layers of infrastructure, profiling previously unknown assets on the network, understanding the operational implications of vulnerabilities, reporting risk to IT administrators, management and/or auditors, identifying and prioritizing remediation tactics, and patching or updating assets with greater efficiency.

The Workplace Safety and Insurance Board (WSIB) in Toronto, Canada, was facing a challenge with its IT infrastructure. The IT staff had anonymous privileged access to hundreds of Windows servers. WSIB needed to track and audit this access to protect sensitive data. The question of who in the IT group was doing what and when needed to be resolved to maintain strict control over access to approximately 250 Windows servers across two sites in the IT infrastructure. When the IT staff did find the time to update privileged passwords, they would do so manually – a cumbersome change process that was not guaranteed to encompass every account on the network.