FS moved its data center off-premise to the cloud, so there was an opportunity to strategically build the security infrastructure up front to manage more than 300 machines on AWS. Each of the servers has its own SSH key and a local user for development. Multiple people need to connect to the servers all the time. Managing the security of these privileged accounts was a complex and complicated endeavor. Also, the company wanted to have a system in place to track all changes to ensure each was approved for deployment and documented for long term analysis and audit. Having proactive security measures in place to mitigate risks associated with privileged accounts was not only important to the IT team supporting a growing business, but it was also a priority for the CEO who understands the business benefits of protecting digital assets.

As an investment firm, this company is required to generate and send 1099 tax forms to its American clients each year. These forms are used to report additional earned income, including that from investments and interest payments. Since many of this firm’s clients hire Certified Public Accountants (CPAs) to prepare their taxes, these forms must first be shared by the firm with its clients and then by the clients with their CPAs. A key challenge the firm has faced is that these 1099 forms, which contain sensitive personal and financial data, must be handled with the highest degree of security. In the past, once these forms were generated in January each year, the firm would mail the forms to its clients since electronic means of file sharing were considered too risky and insecure. Clients, in turn, would mail or physically deliver these forms to their external CPAs. This highly manual process was costly and inefficient for both the firm and its clients. The firm’s IT team began searching for an easier, more secure way to send these sensitive tax documents to their clients and to enable their clients to share these tax documents with their external CPAs.

To enhance global collaboration and integration, Shiseido planned to move to an entire portfolio of cloud-based applications but needed a single sign-on capability to provide robust user authentication for both Active Directory and external users. Shiseido’s legacy environment utilized an on-premise application, accessible via a domestic portal for its Microsoft Windows-based users. The company recognized that it would be impractical for the existing corporate infrastructure to support new cloud applications because it would force users to set up individual IDs and passwords for each application that needed to be accessed. Worse still, it would significantly increase the security risk with so many different passwords having to be created and memorized. In addition, the company estimated there would be a significant reduction in user productivity associated with managing the numerous log-ins, and an associated increase in IT support and administrative work to keep everything running smoothly. Leveraging the portal concept, Shiseido’s plan called for implementing an Infrastructure-as-a-Service (IaaS) environment but to be successful, there was an urgent need for an authentication infrastructure that could enable single sign-on access to cloud-based applications via a globally available portal.

Since its launch, Quanta Services has acquired over 200 businesses and amassed 16,000 endpoints dispersed around the world. That growth, while welcomed, has created a major privileged access management (PAM) challenge for the company. Richard Breaux, senior manager, IT security at Quanta Services, outlined the problem, “As we acquire companies, the challenge is to integrate them – taking their privileges, their computer systems and how they operate – and to make them part of our own ecosystem and to keep everything secure.” Alongside this, Quanta also faced issues common to many businesses. Breaux stated, “We have the same challenges around privileged access that many companies do, whether with local administrative rights on a desktop or laptop, or privileged access for server administration and web application development. We’re all confronted with a similar set of issues.”

Icertis faced the challenge of managing rapid growth and the proliferation of administrative rights across the company. Almost every user had some degree of elevated access credential, which posed a significant security risk. Additionally, there was skepticism within the business about the performance impact of security products due to past poor experiences. Sood, the general manager of IT infrastructure, needed to find a solution that could support the company's business needs, systems, and operational environment while addressing these challenges.