SBA Communications Replaces Microsoft AD FS with CyberArk Identity for Enhanced Security and MDM

• Cybersecurity & Privacy - Endpoint Security
• Cybersecurity & Privacy - Identity & Authentication Management
• Platform as a Service (PaaS) - Connectivity Platforms

• Telecommunications

• Business Operation
• Facility Management

• Cybersecurity Services
• System Integration

Avoid the build-out of a high-cost disaster recovery co-location for a product that was already difficult to implement and manage. Simplify app integration, address MDM requirements and SOX compliance, and ensure a more robust security stature. When SBA Communications began using SaaS-based apps like Innotas, ExpenseWatch and Yammer, they implemented Microsoft’s Active Directory Federation Service (AD FS) at an approximate total cost of $35,000 for identity management. While implementation and application integration proved challenging, the product met the company’s requirements at the time. As their environment evolved, however, the solution became increasingly difficult to manage. To assist in the implementation, they hired a consulting firm with AD FS expertise, which took six weeks to get the initial solution implemented. However, a new version of AD FS was soon released, and the company was faced with having to migrate the entire infrastructure. Integration was so painful the first time around that they dreaded having to migrate those same apps into the new environment. The unfortunate result was two live versions of AD FS, each with its own set of SaaS applications that required significant resources and a coordinated effort to maintain. The real issue arose as cloud-based solutions became more pervasive within the company’s environment. While they had previously incorporated only a few, less-critical SaaS apps, the benefits of cloud-based solutions led the company to adopt more until eventually disaster recovery became an issue.

Founded in 1989 and headquartered in Boca Raton, Florida, SBA Communications Corporation is a leading independent owner and operator of wireless communications infrastructure across North, Central, and South America. The company specializes in the development, leasing, and management of wireless communications sites, including towers, rooftops, and other structures that support wireless networks. SBA Communications provides essential infrastructure that enables wireless service providers to deliver reliable and high-quality communication services to their customers. With a strong presence in the Americas, SBA Communications plays a crucial role in the expansion and enhancement of wireless networks, supporting the growing demand for mobile data and connectivity. The company is committed to innovation and excellence in the wireless communications industry, continuously seeking ways to improve its services and infrastructure to meet the evolving needs of its clients and the market.

After eliminating AD FS as an option, the company evaluated several IDaaS solutions and selected CyberArk Identity based on product functionality, the ability to easily integrate cloud apps, MDM features for mobile devices, and company reputation. To meet disaster recovery requirements, SBA Communications first looked at creating an additional AD FS environment. They took into consideration hardware and licensing costs, the cost of more co-location space, additional consulting expenses, and internal resource requirements for maintenance and management. Because SBA Communications was now running two versions of AD FS, to ensure uptime they would either need to finally migrate all the cloud apps on the old AD FS system to the new one, or they’d need to build out two separate additional environments, which would double the costs. Not migrating was cost prohibitive and migration wasn’t a real option either. The integration process was extremely difficult with AD FS. Each new cloud app seemed to present a unique situation. Some apps took ten weeks to integrate, and sometimes entire development initiatives were required. Doing that all over again wasn’t an option for them. The ROI on the entire initiative just wasn’t there. SBA Communications decided to look at IDaaS (Identity-as-a-Service) solutions that could solve the problem and minimize management and maintenance overhead. After a preliminary evaluation, the company narrowed their choice down to two providers. In the end, it wasn’t just about dollars. It came down to product functionality and which provider would best support them in integrating new apps. Company reputation, customer interviews, and existing integrations with SaaS providers also played a significant role. MDM (Mobile Device Management) capabilities were the icing on the cake. Simultaneous to addressing its AD FS problem, SBA was also in the process of evaluating Cisco’s Meraki MDM solution for management of mobile devices. They needed an MDM solution to ensure that they could enforce passwords on devices, that mobile communication would be encrypted, and that they could eliminate proprietary SBA Communications email from any mobile device at a moment’s notice. They needed to accomplish all that without damaging the device or deleting personal information. And last, they needed control and reporting on all mobile devices connecting to their servers. Because those capabilities are inherent to CyberArk Identity, they realized they wouldn’t even need a separate MDM solution.

• CyberArk Identity saved SBA an estimated $50,000 a year in AD FS costs and negated the need for a separate MDM solution.
• Low maintenance requirements have freed up IT staff.
• Compliance with SOX regulations has been reinforced.

• Saved an estimated $50,000 a year in AD FS costs.