虽然数字化正在提高效率并显着增加客户参与度，但它也带来了一些挑战，尤其是网络攻击的风险越来越大。这促使该公司的澳大利亚、太平洋和印度尼西亚业务部 (CCEP API) 制定了一个为期三年的路线图，用于开发和实施增强的安全措施。该计划的一个关键要素是改进现有的特权访问管理流程，并加强对提升凭证的使用的监督和控制。

Coca-Cola Europacific Partners (CCEP) aimed to become the world’s most digitized bottler, launching multiple initiatives to increase efficiency and customer engagement. However, this digitization also brought challenges, particularly the growing risk of cyberattacks. To address these risks, CCEP's Australian, Pacific, and Indonesian operations (CCEP API) developed a three-year roadmap to enhance security measures. A critical component of this plan was improving privileged access management processes to gain better oversight and control over elevated credentials. The goal was to mitigate risks of both unintentional and malicious harm, while also reinforcing compliance with standards like PCI DSS and the NIST framework.

One of Rockwell Automation’s most important IT priorities was to proactively identify the privileged access risk while ensuring that all accounts complied with regular but flexible password policies. With multiple employees, servers, privileged accounts and password policies established across their platforms, standardization and control would be imperative to ensuring that Rockwell identified and mitigated the risks associated with unmanaged privileged accounts. The company sought a solution to enforce and automate role-based privileged access control and policies in order to secure accounts, mitigate password vulnerabilities and support audit and compliance requirements such as those defined within Cobit’s DS5.4 User Account Management. Moreover, reflective of Rockwell’s process-oriented business, the company required detailed access to metrics that demonstrated the extent of privilege access vulnerabilities, including any risks associated with unmanaged accounts and administrative rights.

As one of the largest pediatric medical centers in the United States, Boston Children’s Hospital offers a complete range of health care services for children from birth through 21 years of age. To support this world-class medical center, the hospital’s IT department has created state-of-the-art work and patient care environments to support the evolution and practice of the world’s most advanced and compassionate pediatric care, most sophisticated research, and high-level teaching and training. Like many large organizations, Boston Children’s Hospital needed to find a way to automatically administer and protect the most powerful identities in the company – the privileged accounts and administrator passwords. They allow access to a wealth of sensitive data and powerful systems within the hospital and must be managed very carefully. Sharing administrator privileges or allowing people to jot down passwords on sticky notes was simply unacceptable. The hospital wanted a way to not only protect the identities against unauthorized use, but streamline the process of issuing and revoking special privileges and rights. Previously, it was difficult to keep track of not only who had been issued a privileged password, but it was impossible to determine who was using them, when and what they were accessing. In an IT environment involving children’s patient information, it was critical to be able to have greater visibility into the use of powerful system accounts.

According to the 2018 Deloitte Global RPA Survey, 53 percent of organizations have already started their RPA journey to help robotize repetitive routine tasks and drive digital transformation. RPA adoption is expected to increase to 72 percent in the next two years, and if it continues at its current level, RPA will have achieved near-universal adoption within the next five years. It’s not hard to see why – the same study points to total ROI in less than 12 months, with significantly improved compliance, quality, accuracy, productivity and cost reduction. This global insurance provider has embarked on a multi-year digital transformation journey aimed at achieving agile development at scale. To help steer this strategic initiative, the company’s application development team has embraced Blue Prism’s RPA technologies to automate operational activities, test new applications and accelerate operational agility. Over the past 12 months as part of a proof of concept, the firm integrated 10 business critical applications – including SAP, Windows and Lightweight Directory Access Protocol (LDAP) – into the Blue Prism Digital Workforce Platform. To interact directly with business applications, RPA software must mimic the way applications use and mirror human credentials and entitlements. This can introduce significant risk when the software robots automate and perform business processes – whether logging into a system to access data or moving a process from one step to the next. Often times, the credentials being used are hardcoded directly within the application. If an attacker successfully steals these credentials, they can ultimately take full control over the robot and gain access to target critical systems, applications and data. Fully understanding these risks, the CVP of Privileged Access Management at the firm, made securing privileged access to these robotic credentials a top priority.

Appen was using Active Directory as a central location for managing user access and privileges, but the process was manual and time-consuming. The inability to manage identities and privileges at scale was impacting every department, reducing their overall effectiveness and potentially impacting security. Appen needed an effective, secure, and easy way to automate access controls. Additionally, Appen's systems and processes are subject to regular audits to comply with customer and regulatory requirements, necessitating easier access to user data and the ability to securely manage user privileges across their environment.

With $21.4 billion in annual sales, AstraZeneca is one of the top five pharmaceutical and health care services providers in the world. The pharmaceutical industry is highly competitive and regulated. In 2004, AstraZeneca invested $3.8 billion into new drug research and development, employing 11,900 people dedicated to this task. The company needed a secure and manageable way to collaborate internally and with external partners. Previously, AstraZeneca used an in-house secure collaborative application requiring a VPN client on each user’s system, which proved to be a high-management burden. Frequent help-desk calls and firewall adjustments were common issues. AstraZeneca needed a seamless, web-based solution with no setup overhead or firewall concerns.

The insurance company wanted to use DevOps methodologies and containerize thousands of applications to increase business agility, eliminate inefficiencies, and accelerate the pace of innovation. Containerized applications use secrets such as passwords, tokens, and SSH keys to gain access to sensitive enterprise resources such as databases, web applications, compute, storage, and networking services. The security team recognized that in some other organizations, out of expediency, developers have hardcoded secrets, access keys, and other sensitive credentials into applications. Hardcoded credentials are not only challenging to rotate but also potentially expose the business to data theft and malicious attacks. The insurer’s information security organization wanted to ensure credentials were removed from code to reduce potential vulnerabilities, such as inadvertently exposing secrets in the code stored on repositories. A key priority was to ensure applications can securely access databases and other sensitive resources without impairing developer productivity or hindering application delivery.

The organization faced significant risks related to endpoint security, particularly concerning the potential for pass-the-hash attacks and same-account harvesting. The challenge was to reduce the attack surface by removing local administrative rights on workstations, which would minimize the chance of privilege escalation. Additionally, the organization needed a solution that could provide immediate reporting to the Security Operations Center (SOC) in case of an incident. The goal was to enhance overall security while maintaining operational efficiency.

The IT services unit of Erste Digital oversees critical business systems and banking software for nearly 2,200 users across multiple locations in over 10 countries. One of their key responsibilities is supporting the bank’s SWIFT infrastructure, which enables secure and efficient information exchange with other financial institutions globally. The challenge was to adhere to SWIFT’s Customer Security Controls Framework (CSCF), which requires monitoring the activity and credential usage of hundreds of users managing multiple passwords across various systems. Some applications required SWIFT certificate passwords with extraordinary length, making manual password management cumbersome and resource-intensive. Additionally, elements of the SWIFT infrastructure were not compatible with single sign-on (SSO) protocols, further complicating the management of privileged credentials and compliance with the framework.

As one of the largest telecommunications providers in France, Bouygues Telecom is entrusted with vast quantities of sensitive customer data and is conscious of its duty to protect this information. Prior to the deployment of CyberArk solutions, Bouygues Telecom had two custom-built in-house systems in place to manage their privileged accounts, including one repository through which the company stored and managed internal passwords. However, both custom-built systems were becoming outdated and would have been extremely costly to overhaul. Crucially, the existing models were also unable to deliver the level of security and scalability necessary to meet the company’s growing needs. As a result, Bouygues Telecom looked to vendor solutions in a bid to better secure and manage the large number of privileged credentials existing in the corporate network.

Financial services companies deal with highly sensitive information on a day-to-day basis, with customer and corporate data at the heart of routine operations. These businesses operate in not only one of the most competitive industries, but also one of the most tightly regulated sectors in the world. Rabobank prides itself on being a market-leader and as such not only adheres to industry regulations, but imposes strict security policies and procedures on itself to ensure watertight security across all of its operations. Following an internal review of its systems, Rabobank International, Rabobank Group’s wholesale banking and international retail banking division, saw a major opportunity to update and improve security procedures, as well as its operational efficiency, by replacing its existing manual process for managing passwords. Rabobank International sought a security solution that could remove the physical labour of managing highly privileged passwords manually, while simultaneously augmenting its operational efficiency – reducing costs and boosting productivity – and dramatically improving security standards.

The airline has a robust e-commerce application, allowing travelers to search and book flights directly from the corporate website. This airline website was ranked the fifth largest travel site and the largest airline site in terms of unique visitors (source: Comscore MediaMetrix). As a result of its online growth, the airline was acutely aware of the need to maintain compliance with the credit card data protection standards mandated by the Payment Card Industry (PCI) Security Standards Council in its efforts to ensure credit card security. The PCI Data Security Standard (DSS) industry protocol is a common set of tools and measurements that are applicable across industries to help ensure the safe handling of sensitive credit card data and the protection of cardholder information. PCI Compliance in travel and tourism is often differentiated from other industries because of the lag time between when a flight is booked and when the credit card is processed for that booking. In this scenario, the credit card information is usually stored until the travel has actually taken place, or shortly before. This practice is not allowed in a PCI compliant environment, leaving travel companies at risk for fines and under intense pressure for ensuring their databases are protected from being wrongly accessed or altered - unintentionally or otherwise. As a result of these requirements and increased exposure due to its popular e-commerce business, the airline needed a new approach to document the steps it was taking to achieve PCI compliance with auditors. In this case, that meant proving that passwords to its database of sensitive customer data (including names, credit card numbers, billing addresses and other information) were being effectively monitored, managed and changed regularly.

Members of McKesson’s legal department need to frequently exchange sensitive documents that contain financial data, intellectual property, and information about pending lawsuits. The information within these documents is typically highly sensitive and regulated. As such, the legal team needs to be sure that their documents are safe from unauthorized access and securely stored in a way that is compliant with industry regulations and standards. When the legal team began searching for a file sharing and storage solution, they required a system that would protect their most sensitive information from unauthorized access and that would meet compliance guidelines out-of-the-box. Specifically, the team needed a solution that offered granular access controls and enabled administrators to audit access to files without having access to the files themselves. After evaluating the options available, the legal team selected the CyberArk Sensitive Information Management Solution.

Despite its success, like all enterprises BRAC Bank Limited (BBL) must face up to the many and varied challenges of security. To do this it has taken bold steps, becoming the first (and so far only) local bank to achieve ISO 27001:2013 certification for security management and BBL was the first Bangladeshi bank to deploy a Security Operations Centre to anticipate and defend against threats. Participating in the highly regulated financial sector, the bank prides itself on being at the forefront of implementing state-of-the-art security controls, policies and procedures across all operations. However, BRAC Bank must still address the familiar malware, spoofing and other familiar threat vectors. Also, it recognises that the cybersecurity threat landscape continues to change as data governance rules are adapted over time, including the Bangladeshi Guideline on ICT Security for Banks, PCI-DSS and SWIFT, while addressing payment partners’ security requirements and other local regulations. And, again typical, the bank has to fight to justify access to IT security resources and to retain security staff in a world where these skills are highly prized.

Simply Healthcare faced significant challenges due to rapid growth, including the need to transition to Office 365 and provide single sign-on (SSO) for various SaaS applications. The company aimed to minimize help desk tickets for password resets and reduce the time and effort required for IT to onboard new employees. The infrastructure team was overwhelmed with tasks ranging from server and network maintenance to help desk requests and employee onboarding. The decision to switch from on-premises Microsoft Office to Office 365 was made to alleviate some of these pressures. However, the team needed a solution to help with identity federation and to support the company's continuous efforts to remain HIPAA-compliant.

With more than 400 employees, password expirations and resets at Grupo Argos had become a significant strain on IT resources. Traveling was another challenge for staff, as logging into SAP and other apps from outside the office was difficult, impacting productivity. Employees frequently had different passwords for each SAP app, and managing passwords for both privileged users and end users had become cumbersome. Concerns were raised about security because users were re-using passwords or keeping them in unsafe locations. Macs presented an entirely different set of issues, being managed locally without IT oversight. Additionally, the company had limited visibility into third-party managed servers, which was crucial for SOX compliance and troubleshooting outages.

Capcom 是全球领先的互动娱乐开发商、发行商和分销商，在改进安全措施方面面临着重大挑战。公司的游戏业务以先进的技术开发能力着称，在基础技术的基础上开发自己的游戏引擎。这种专有技术方法使 Capcom 成为游戏行业的领导者。然而，游戏开发部门为每个项目使用专用的开发环境来处理重要的数据资产，这需要严格的安全措施并遵守每个国家和地区的法律法规。 Capcom 一直专注于加强安全措施，但为了研究更先进的措施和更高级别的保护，成立了专门的开发安全工作组。该工作组开始研究引入技术和机制来保护宝贵的信息资产。

The organization was facing challenges in managing its privileged accounts in a complex and growing environment, especially as it moved into the cloud. Previously, the infrastructure management was chaotic, with sysadmins having excessive privileges and access to everything all the time. This lack of control and auditing posed significant security risks and inefficiencies.

National Gypsum faced significant security and compliance challenges due to the lack of management and monitoring of privileged accounts. The company used a single 'domain admin' level account across all applications and servers, with poorly documented and infrequently changed passwords. This created substantial database vulnerabilities and compliance weaknesses. The CFO and controller demanded that IT pass audits related to access control, but the existing setup posed a high risk of security breaches. Recovery from a serious security compromise could be devastating, as changing compromised account passwords would break the systems where they were embedded.

Finansbank faced daunting IT security and compliance challenges associated with its highly manual, time-consuming approach to managing privileged passwords to its core banking systems. There was one dedicated password for each server and each device in the network. All passwords were stored in approximately 200 separate paper envelopes in a physical vault. If anyone needed access to an application, server, or necessary system, password requests were processed through a service center and issued by hand by the IT team. If there was ever a server crash or the need for a password to be accessed immediately, as in a break-glass scenario, it could take more than 30 minutes just to get the right envelope. Additionally, password inventory was stored in an Excel file, audit reports were limited, and the process for manually resetting passwords after each use wasn’t efficient. The manually-intensive approach to password management was impeding the bank’s ability to scale operationally, it was difficult to manage power users, and meeting audit and compliance requirements put a serious strain on resources.

CyberArk works primarily with this financial services company’s business banking segment, which provides a number of financial products and services including business checking accounts, payroll management, accounts receivable processing and accounts payable processing. Before digital transfer and storage technology was available, many of the banking and treasury management services provided to customers were highly manual, requiring significant time and physical resources. This approach restricted the company’s ability to scale its business and create new competitive advantages. In order to expand its service offerings while still addressing the increasingly complex compliance and operations requirements, this financial services company needed a more secure, automated and operationally efficient approach to handling Cash Letter processing, Account Reconcilement Processes (ARP), Automated Clearing House (ACH) transactions, and Lock-box files. At a minimum, this would require transforming these files into digital assets that could be securely transferred, processed and stored. At the time, in the early 2000s, exchanging digital files was a challenge that required companies to develop in-house expertise around technologies such as File Transfer Protocol (FTP) and/or invest in expensive solutions that small to mid-size corporate customers couldn’t always justify. Even with the in-house expertise and expensive systems, many businesses couldn’t guarantee the security of electronically transferred files, nor could they guarantee that the system management processes would be governed properly. This company turned to CyberArk to help eliminate the need for complex, expensive and time-consuming communications technologies and instead move towards a more secure, automated solution.

Due to the nature of the practice, it is of the utmost importance that the law firm’s most sensitive information be handled with only the highest degree of security. One the firm’s biggest challenges was that executives and external board members considered electronic communications too risky to use to transmit confidential information for board meetings. As a result, the executives and board members still relied on the physical distribution of paper and CDs. The process of using paper and CDs was overly cumbersome, prone to error and highly ineffective for sharing important information quickly. Additionally, the distribution of paper and CDs was a largely untrackable process, and there was a significant risk that these items could accidentally fall into the wrong hands. Jamie, the Manager of Information Security, recognized the many challenges and risks associated with the use of papers and CDs. As a result, he began to search for a highly secure solution that could safely enable the exchange of confidential information, offered granular access control and was able to track exactly who accessed what and when.

As cloud vendors including AWS and Azure make clear, security in the cloud is a shared responsibility. Though these public cloud vendors take great efforts to secure the cloud infrastructure — compute, storage, etc. — their customers are fully responsible for protecting everything above the hypervisor, including the operating system, applications, data, access to external resources and other assets and infrastructure. Fully appreciating this shared responsibility model, the TOTVS Cloud security team set out to identify a security solution that could not only bolster their cyber resilience but also add value to the TOTVS Cloud by driving automation, standardization and increased efficiency. TOTVS Information Security Cloud Team conducted an in-depth technical analysis of potential solutions, ultimately selecting and deploying the market-leading CyberArk Privileged Access Manager Solution based on overall performance, resilience, health checks, high availability/disaster recovery requirements and cost.

This global financial services firm, with $2 trillion in assets and operations in more than 60 countries, faced significant challenges in managing nearly 50,000 emergency or break-glass accounts. These accounts are essential for emergency access to over 20 target platforms across seven lines of business. The firm's Security and Risk Management Group was under immense pressure due to the manual and burdensome processes required to manage these accounts. The complexity was further exacerbated by the use of three large, regional Lotus Notes databases for managing break-glass accounts, which contributed to extended password request and fulfillment times. The primary goals for investing in a privileged identity management solution were to reduce costs through better automation, migrate from the slow and complex Notes technology, and centralize the databases.

The direct selling industry, which collects billions of personal data points from customers globally, is a prime target for cybercriminals. Beyond personally identifiable information (PII) and payment card industry (PCI) data, they gather other sensitive information such as social security and government ID numbers. Princess House’s information systems and technology (ISIT) team recognized the need to secure privileged access to this sensitive information to preserve customer trust and protect Princess House’s reputation. Before implementing a PAM solution, accounts were stored in password-protected spreadsheets without enforced password rotation, posing a significant security risk. The team initially selected a PAM solution but faced issues with its implementation, which was complicated and lacked a step-by-step guide. The platform was inflexible, requiring all accounts to be managed at once, which was not suitable for their phased approach.

Implement a cloud-based identity management solution as the basis for an entirely new cloud-based infrastructure. Include secure single sign-on (SSO) to support productivity-enhancing mobile apps. Do this in a way that reduces demand on IT. As with any Local Distribution Company (LDC), the top priority at London Hydro is literally keeping the lights on. LDCs must therefore act with extreme caution when it comes to introducing new technologies into the system that could negatively impact service to customers. But that caution must be balanced with the many benefits new technologies provide, such as the ability to significantly reduce costs, improve delivery systems and minimize waste. After months of careful evaluation of the advantages and the risks, Mike Flegel, Cyber Security Specialist at London Hydro, was tasked with finding a single sign-on platform that would support the company’s move to a cloud based infrastructure. Historically, security at LDCs has been a matter of simply keeping office and field networks physically separate, and requiring multiple passwords to access individual resources. But times have changed — complete separation can be too restrictive and users juggling multiple passwords can end up being security risks themselves. London Hydro needed to implement an identity management solution that would be the basis for an entirely new cloud-based infrastructure consisting of everything from traditional ERP datacenter applications like SAP and JDE to new, mobile apps for the field. At the same time, it was important to reduce the IT workload by minimizing password reset requests, and simplifying the process of adding or removing employee access and incorporating new apps into the environment.

Implement identity federation services for Office 365 without requiring significant new investment or added pressure on the IT team. Provide single sign-on for users. Simplify the IT tasks of user provisioning and deprovisioning. Help ensure compliance with GLBA regulations. In the process of renewing their Microsoft Enterprise Agreement, The Citizens Bank decided it was time to move to Office 365 for a more easily-managed solution. However, they’d heard that Microsoft’s complementary Active Directory Federation Services (AD FS) product comes with many challenges and considerable expense. The company decided to look for a more efficient solution that wouldn’t require significant additional investment in the transition to Office 365. As an FDIC-regulated financial institution, the company must also comply with GLBA (Gramm–Leach–Bliley Act) regulations, which require that a host of specific actions be taken to protect customer financial data. Two key components of protecting user information are tightly controlling access to the data and having the ability to quickly remove that access when employees leave the company. So, secure password management and the ability to easily provision and de-provision cloud applications are essential.

土耳其第二大私人银行 Garanti BBVA 在保护其 DevOps 和云环境中使用的特权帐户和身份方面面临着重大挑战。由于其广泛的业务线和 18,000 名员工，该银行面临广泛的攻击面，因此需要防止特权凭证被盗。该银行还必须确保遵守土耳其和全球金融部门严格的数据安全法规。作为土耳其互联网银行的先驱之一，Garanti BBVA 正在推进其数字化转型之旅，增加了内部开发运营 (DevOps)，以改善应用程序和服务交付。这种转变导致需要更强大的安全工具。

CDW, a leading provider of technology solutions and services, faced challenges in managing and storing system passwords and user credentials to meet audit and compliance requirements. With a growing managed services business, CDW needed a solution to handle credentials for accessing remote systems at customer sites and systems under a hosting model. The manual process of generating and managing credentials was time-consuming and inefficient, requiring a more automated and secure approach.