虽然数字化正在提高效率并显着增加客户参与度，但它也带来了一些挑战，尤其是网络攻击的风险越来越大。这促使该公司的澳大利亚、太平洋和印度尼西亚业务部 (CCEP API) 制定了一个为期三年的路线图，用于开发和实施增强的安全措施。该计划的一个关键要素是改进现有的特权访问管理流程，并加强对提升凭证的使用的监督和控制。

Capcom 是全球领先的互动娱乐开发商、发行商和分销商，在改进安全措施方面面临着重大挑战。公司的游戏业务以先进的技术开发能力着称，在基础技术的基础上开发自己的游戏引擎。这种专有技术方法使 Capcom 成为游戏行业的领导者。然而，游戏开发部门为每个项目使用专用的开发环境来处理重要的数据资产，这需要严格的安全措施并遵守每个国家和地区的法律法规。 Capcom 一直专注于加强安全措施，但为了研究更先进的措施和更高级别的保护，成立了专门的开发安全工作组。该工作组开始研究引入技术和机制来保护宝贵的信息资产。

土耳其第二大私人银行 Garanti BBVA 在保护其 DevOps 和云环境中使用的特权帐户和身份方面面临着重大挑战。由于其广泛的业务线和 18,000 名员工，该银行面临广泛的攻击面，因此需要防止特权凭证被盗。该银行还必须确保遵守土耳其和全球金融部门严格的数据安全法规。作为土耳其互联网银行的先驱之一，Garanti BBVA 正在推进其数字化转型之旅，增加了内部开发运营 (DevOps)，以改善应用程序和服务交付。这种转变导致需要更强大的安全工具。

Healthfirst 是纽约州最大的非营利性健康保险公司，在发展其网络安全业务方面面临着重大挑战。随着会员数量快速增长至 180 万，医疗保健环境日益复杂，该组织需要一个强大的网络安全计划。 Healthfirst 拥有一个包含会员相关信息的综合数据库，包括注册、计费、客户服务、付款、处理索赔和健康数据。保护这些高度敏感的医疗记录以及会员和工作人员的身份至关重要。该组织采用了云优先策略，大约 70% 的系统和应用程序现在基于云，有 10,000 个端点，其中 70% 是远程的。这需要一个复杂且强大的安全解决方案。该组织旨在通过数字化支持其成员来改变行业，其中包括对数字应用程序、基于虚拟社区的办公室和移动解决方案的大量投资。

Kainos 是一家总部位于英国的数字技术公司，在保护其全球员工的敏感数据方面面临着重大挑战。该公司在 22 个国家/地区拥有 3,000 多名员工，必须确保远程工作和客户位置操作的安全。该公司的员工可以自由选择、下载和安装应用程序，这虽然方便，但也带来了安全风险。审计显示，全球有 50,000 个不同的应用程序在使用。该公司还面临着持续的威胁，例如网络钓鱼、假冒 Office 365 密码重置诈骗以及针对新员工的 LinkedIn 诈骗。面临的挑战是在不妨碍不同用户组（包括开发人员、业务人员和高级管理人员）工作的情况下增强安全性，他们需要不同的访问权限。

o9 Solutions 是一家领先的人工智能规划、分析和数据平台提供商，在确保财富 500 强客户数据的安全方面面临着重大挑战。该公司通过基于 AWS、Azure 和 Google 的多租户云环境提供服务，这使得身份保护和管理对于访问控制至关重要。然而，随着网络威胁变得更加普遍和复杂，身份和威胁的可见性变得很差且脱节。没有集中的方式来监视和控制公司使用的各种云环境。该公司需要开发更强大、更有效的特权访问管理 (PAM) 功能，以匹配或超越其大型全球客户的网络安全和公司治理策略。客户需要了解 o9 Solutions 如何管理和控制对其数据和环境的访问。

Pacific Dental Services (PDS) 是一家领先的牙科支持组织，面临着管理和控制其分布在各地的团队中的大量特权帐户、密码和移动设备的挑战。该公司支持 900 多家牙科诊所，并负责保护全美牙医及其患者的个人和敏感医疗保健信息。 PDS 团队成员可以访问大约 20,000 个临床服务网站，这些网站的密码记录在托管的 Intranet 上电子表格，导致安全问题和混乱。此外，PDS 还为国家支持办公室的团队成员和大量远程/移动团队成员管理 5,000 多台笔记本电脑和移动设备。管理员权限被授予，通常用于安装网络摄像头或更新驱动程序等基本操作。然而，这些管理员帐户会保留在设备上，有时会保留数年，从而带来安全风险。 PDS 需要一种更好的方法来监控和管理此环境中的用户访问。

一家领先的欧洲银行为超过一千万客户提供服务，希望通过 Kubernetes 和云原生计算环境增强其数字银行服务。然而，随着服务数字化程度的提高，安全性成为银行利益相关者和客户最关心的问题。随着该银行开启云之旅，它采用了多种基于云的技术来快速解决和响应新的业务需求，例如为客户提供安全的家庭银行服务和安全的手机应用程序。该银行意识到，采用云和相关开源技术会在管理和安全限制方面付出代价。云之旅最关键的方面之一是如何跨不同云服务正确管理身份和秘密（特权凭证或授权）。跨不同云和混合服务管理机密通常是每个组织的云之旅中的一个痛点。

巴西北部司法机构 Tribunal do Trabalho da 8ª Região (TRT8) 面临着激增的网络攻击，考虑到其处理的数据的敏感性，这种情况尤其令人担忧。该组织最近对其法庭案件管理系统进行了数字化，使所有与法庭程序相关的信息（包括涉及雇佣纠纷的个人的高度敏感的个人信息）数字化。尽管拥有强大的安全策略，TRT8 对访问这些信息的用户和密码几乎没有控制权，而且特权访问是分散的。强制执行安全信息策略（例如定期更改和更新密码）是一个手动且耗时的过程。端点保护依赖于基本的防病毒工具，使组织容易受到病毒或恶意攻击的影响，这些病毒或恶意攻击可能在整个网络中传播并损害法院的运作。

A Financial Institution overwhelmed with the administrative privileges sprawled across their end-user environment needed a solution which would reduce the attack surface these network entry points exposed without affecting the strict Service Level Agreement’s (SLA’s) they have with their customers. With thousands of applications in use, the company’s immediate need was to remove local administrative rights from end-user machines. This was necessary to prevent end-users from granting themselves privileged access to applications they hadn’t been authorized to use. Since both Windows and Mac computers were being used to access applications, they needed a solution that would account for both operating systems. Beyond reducing insider risk, the lack of controls around local privilege management could also make it easy for attackers to establish a foothold in the company through these machines, escalate privileges and move laterally across the environment until a jackpot of data is discovered that can be exfiltrated outside of the network. To add to this, the institution needed to implement a simple process for their users to request access to the applications they may have had unrestricted access to previously, but are now being restricted by the solution. The goal was to keep the users with the minimum rights they needed to do their day to day tasks.

巴西司法机构阿马帕州法院面临不可预测、复杂且紧迫的网络安全威胁，面临着更新和精简司法系统的挑战。巴西高等法院此前曾成为勒索软件攻击的目标，导致该法院停止运营一周，并影响了多达 12,000 起未决诉讼。为了应对这些威胁，巴西国家司法委员会推出了“司法 4.0”，这是一揽子改革，旨在通过采用技术来改善准入、透明度和速度，实现司法系统现代化。这要求每个州司法机构实施身份安全和管理系统。阿马帕法院需要加强其安全程序，特别是身份安全，以满足这些合规性要求并更好地适应更大的业务和市场趋势。 COVID-19 大流行期间向远程工作的转变进一步凸显了对强大的身份管理解决方案的需求。

橘子集团是一家台湾企业集团，业务涉及在线游戏、电子商务、电子支付服务和 IT，面临着严峻的网络安全挑战。该组织在全球拥有超过 1000 万注册会员，是黑客和勒索软件攻击的主要目标。该集团的旗舰业务游戏橘子（一家手机游戏发行商）由于其业务性质而特别容易受到影响。该公司管理着世界上最著名的大型多人在线角色扮演游戏之一，MapleStory，该游戏吸引了各种各样的参与者，包括意图造成损害或试图从企业及其客户身上榨取金钱的恶意个人。该集团的其他业务，例如GASH Mall在线支付系统和GAMA PAY支付服务，也是网络攻击的主要目标。意识到所面临的高级威胁，橘子集团着手建立现代而强大的网络安全防御策略。

Federated Insurance 是一家位于明尼苏达州奥瓦通纳的全国性保险公司，在管理网络安全风险方面面临着挑战，特别是在特权访问管理和身份保护领域。该公司意识到网络攻击的威胁日益增长，特别是对于金融领域的组织而言。几年前，该公司审查了其网络安全能力，并意识到其可以改进。该公司发现大多数密码都写在某处或与用户 ID 相关联，这构成了重大的安全风险。该公司希望使特权帐户更易于管理，这样人们就不必一直记住或写下长密码。此外，该公司意识到围绕网络安全的法规和保险标准变得越来越严格，因此需要更强大的特权访问和身份保护。

Maximus 是一家全球性政府服务公司，正在实施数字化转型战略，以提高项目效率、更智能地工作并提高生产力和质量。该战略的一个关键部分是通过将关键系统和应用程序迁移到云来向云优先企业过渡。这一变化为重新思考和加强公司在整个组织内的特权访问管理 (PAM) 方法提供了机会。然而，为 Maximus 遗留环境选择的现有 PAM 解决方案需要大量定制，集成能力有限，并且无法处理复杂的用例。我们面临的挑战是，如何利用规模适中的团队和有限的资源，在这家价值 34 亿美元的公司中实现广泛的改进。

瑞典快跑运动管理机构 Svensk Travsport 的敏感数据面临大量网络攻击。这些数据包括有关比赛、与马匹相关的交易、骑手和马匹的表现、获胜历史以及马匹血统的信息。这些数据被业主、培训师和公众用来做出投资、培训和投注决策，使其成为网络攻击的主要目标。除此之外，该组织还必须遵守不断变化的法规，例如 GDPR。该数据还包括员工和约 15,000 名外部成员（如骑手、业主和饲养员）的信息。网络安全格局也在发生变化，从本地转移到云端，需要不同的保护方法。该组织的目标是实现数据和利益相关者保护的高水平保证，同时让用户轻松访问数据和应用程序。

Turkcell 是土耳其领先的数字运营商，在保护土耳其、乌克兰、白俄罗斯和北塞浦路斯的 4000 万客户、300,000 台网络设备以及 40,000 名员工和合作伙伴身份方面面临着重大挑战。作为土耳其最大的电信公司，Turkcell 提供广泛的服务，使网络安全成为关键的业务运营。该公司因其数字安全产品荣获多项奖项，在土耳其网络安全行业发挥着关键作用。然而，该公司积极的数字化转型路径，包括即时通讯、电视和音乐平台、个人云服务、搜索引擎和电子邮件服务等新数字服务，增加了其攻击空间。由于大多数员工开始远程工作，COVID-19 大流行使事情变得更加复杂，这可能使 Turkcell 面临新的不可预见的风险。一项风险评估计划强调了 Windows 服务器中的潜在漏洞，促使该公司寻求强大的安全解决方案。

To improve services, reduce costs, and increase business efficiency, a digital transformation initiative was launched that embraced a cloud-first, mobile-first strategy. Previously outsourced services were brought in-house, and most infrastructure was transferred to a multi-cloud environment using Microsoft Azure and AWS. As the IT team expanded from seven to over 140 employees, ensuring the security of this increasingly complex environment became a priority. A three-year strategic roadmap was put in place to focus on improving identity governance, administration, and privileged account management. The company needed a solution that went beyond traditional password vaults to address operational efficiency and end-user experience.

The organization was facing challenges in managing its privileged accounts in a complex and growing environment, especially as it moved into the cloud. Previously, the infrastructure management was chaotic, with sysadmins having excessive privileges and access to everything all the time. This lack of control and auditing posed significant security risks and inefficiencies.

Appen was using Active Directory as a central location for managing user access and privileges, but the process was manual and time-consuming. The inability to manage identities and privileges at scale was impacting every department, reducing their overall effectiveness and potentially impacting security. Appen needed an effective, secure, and easy way to automate access controls. Additionally, Appen's systems and processes are subject to regular audits to comply with customer and regulatory requirements, necessitating easier access to user data and the ability to securely manage user privileges across their environment.

One of Rockwell Automation’s most important IT priorities was to proactively identify the privileged access risk while ensuring that all accounts complied with regular but flexible password policies. With multiple employees, servers, privileged accounts and password policies established across their platforms, standardization and control would be imperative to ensuring that Rockwell identified and mitigated the risks associated with unmanaged privileged accounts. The company sought a solution to enforce and automate role-based privileged access control and policies in order to secure accounts, mitigate password vulnerabilities and support audit and compliance requirements such as those defined within Cobit’s DS5.4 User Account Management. Moreover, reflective of Rockwell’s process-oriented business, the company required detailed access to metrics that demonstrated the extent of privilege access vulnerabilities, including any risks associated with unmanaged accounts and administrative rights.

As a large communications services company, BT's infrastructure is complex and vast, spanning numerous business units and geographical regions. BT had several point solutions in place to manage privileged access and identities but found that these solutions were inconsistent and did not scale well to meet its requirements. Following a significant internal report, BT decided to improve its existing architecture and extend its security of privileged access to the enterprise. The company wanted a single solution, standardized across the global organization, that could be scaled up easily as required. This solution would complement BT's existing portfolio of managed security services, providing its rapidly expanding customer base with privileged access management to help them better meet compliance requirements.

CDW, a leading provider of technology solutions and services, faced challenges in managing and storing system passwords and user credentials to meet audit and compliance requirements. With a growing managed services business, CDW needed a solution to handle credentials for accessing remote systems at customer sites and systems under a hosting model. The manual process of generating and managing credentials was time-consuming and inefficient, requiring a more automated and secure approach.

As one of the largest telecommunications providers in France, Bouygues Telecom is entrusted with vast quantities of sensitive customer data and is conscious of its duty to protect this information. Prior to the deployment of CyberArk solutions, Bouygues Telecom had two custom-built in-house systems in place to manage their privileged accounts, including one repository through which the company stored and managed internal passwords. However, both custom-built systems were becoming outdated and would have been extremely costly to overhaul. Crucially, the existing models were also unable to deliver the level of security and scalability necessary to meet the company’s growing needs. As a result, Bouygues Telecom looked to vendor solutions in a bid to better secure and manage the large number of privileged credentials existing in the corporate network.

The information that is handled by Clearstream on a daily basis is extremely sensitive. In order to address security concerns surrounding this, Clearstream initially needed to automate its manual administrator password management process to control access to privileged accounts based on pre-defined security policies. As the connection and transfer of data was regularly password protected, Clearstream required a more mature, professional solution to manage and control its passwords to ensure that corporate and customer information was appropriately protected. Strong authentication, information integrity and encryption were also essential so that only the right people had access to the right information and that this access could be adequately tracked, logged and monitored. In order to satisfy auditors as regulations continue to evolve, Clearstream sought a forward thinking solution that offered a clear overview of administrator activity and that could facilitate secure storage of this information in logs. Due to auditors having to adhere to extremely strict and tight timelines, Clearstream needed a solution that could quickly and accurately deliver the information required. This is a constant regulatory requirement and Clearstream wanted to work with a technology partner that could continue to evolve with the company to meet these needs.

Financial services companies deal with highly sensitive information on a day-to-day basis, with customer and corporate data at the heart of routine operations. These businesses operate in not only one of the most competitive industries, but also one of the most tightly regulated sectors in the world. Rabobank prides itself on being a market-leader and as such not only adheres to industry regulations, but imposes strict security policies and procedures on itself to ensure watertight security across all of its operations. Following an internal review of its systems, Rabobank International, Rabobank Group’s wholesale banking and international retail banking division, saw a major opportunity to update and improve security procedures, as well as its operational efficiency, by replacing its existing manual process for managing passwords. Rabobank International sought a security solution that could remove the physical labour of managing highly privileged passwords manually, while simultaneously augmenting its operational efficiency – reducing costs and boosting productivity – and dramatically improving security standards.

As an IT service provider to the banking industry, IT security is a top priority for Fiducia. Fiducia continuously strives to enhance the protection it provides its customers and their data, and as such, turned its focus to privileged password and account management. With a highly complex, heterogeneous data center environment consisting of more than 10,000 UNIX and Windows servers, five IBM mainframes, some 400 databases and 1,500 network components, Fiducia had more than 20,000 privileged accounts that needed to be secured and managed. Previously, Fiducia employees managed all of these privileged accounts and identities manually. To reduce the time and effort and risk involved in managing privileged accounts, Fiducia decided to introduce an automated password management system. The system needed to be easy to implement and integrate with the existing complex system environment while offering high reliability and absolute data security. Requirements included a secure central password repository, 24/7 application availability, access to stored passwords in a disaster scenario, logical and physical access protection, end-to-end monitoring, full traceability of all activities and rapid recovery in an emergency.

National Gypsum faced significant security and compliance challenges due to the lack of management and monitoring of privileged accounts. The company used a single 'domain admin' level account across all applications and servers, with poorly documented and infrequently changed passwords. This created substantial database vulnerabilities and compliance weaknesses. The CFO and controller demanded that IT pass audits related to access control, but the existing setup posed a high risk of security breaches. Recovery from a serious security compromise could be devastating, as changing compromised account passwords would break the systems where they were embedded.

Finansbank faced daunting IT security and compliance challenges associated with its highly manual, time-consuming approach to managing privileged passwords to its core banking systems. There was one dedicated password for each server and each device in the network. All passwords were stored in approximately 200 separate paper envelopes in a physical vault. If anyone needed access to an application, server, or necessary system, password requests were processed through a service center and issued by hand by the IT team. If there was ever a server crash or the need for a password to be accessed immediately, as in a break-glass scenario, it could take more than 30 minutes just to get the right envelope. Additionally, password inventory was stored in an Excel file, audit reports were limited, and the process for manually resetting passwords after each use wasn’t efficient. The manually-intensive approach to password management was impeding the bank’s ability to scale operationally, it was difficult to manage power users, and meeting audit and compliance requirements put a serious strain on resources.

As one of the largest pediatric medical centers in the United States, Boston Children’s Hospital offers a complete range of health care services for children from birth through 21 years of age. To support this world-class medical center, the hospital’s IT department has created state-of-the-art work and patient care environments to support the evolution and practice of the world’s most advanced and compassionate pediatric care, most sophisticated research, and high-level teaching and training. Like many large organizations, Boston Children’s Hospital needed to find a way to automatically administer and protect the most powerful identities in the company – the privileged accounts and administrator passwords. They allow access to a wealth of sensitive data and powerful systems within the hospital and must be managed very carefully. Sharing administrator privileges or allowing people to jot down passwords on sticky notes was simply unacceptable. The hospital wanted a way to not only protect the identities against unauthorized use, but streamline the process of issuing and revoking special privileges and rights. Previously, it was difficult to keep track of not only who had been issued a privileged password, but it was impossible to determine who was using them, when and what they were accessing. In an IT environment involving children’s patient information, it was critical to be able to have greater visibility into the use of powerful system accounts.

With $21.4 billion in annual sales, AstraZeneca is one of the top five pharmaceutical and health care services providers in the world. The pharmaceutical industry is highly competitive and regulated. In 2004, AstraZeneca invested $3.8 billion into new drug research and development, employing 11,900 people dedicated to this task. The company needed a secure and manageable way to collaborate internally and with external partners. Previously, AstraZeneca used an in-house secure collaborative application requiring a VPN client on each user’s system, which proved to be a high-management burden. Frequent help-desk calls and firewall adjustments were common issues. AstraZeneca needed a seamless, web-based solution with no setup overhead or firewall concerns.