Svensk Travsport's Identity Security Strategy: A Case Study on Workforce Access Protection

• Cybersecurity & Privacy - Security Compliance
• Sensors - Level Sensors

• Buildings
• National Security & Defense

• Quality Assurance

• Cybersecurity
• Personnel Tracking & Monitoring

• Cloud Planning, Design & Implementation Services
• Cybersecurity Services

Svensk Travsport, the governing body for Swedish trotting, was facing a high number of cyberattacks on its sensitive data. The data included information about races, transactions related to horses, rider and horse performance, history of wins, and horse pedigrees. This data was used by owners, trainers, and the public to make investment, training, and betting decisions, making it a prime target for cyberattacks. In addition to this, the organization had to comply with constantly changing regulations such as GDPR. The data also included information on staff and around 15,000 external members such as riders, owners, and breeders. The cybersecurity landscape was also changing, with a shift from on-premises to the cloud, requiring a different protection approach. The organization aimed to achieve a high level of assurance for data and stakeholder protection while making access to data and applications easy for users.

Svensk Travsport is the governing body for Swedish trotting, which includes horse and two-wheeled cart racing. The organization oversees areas such as competitions, horse welfare, horse ownership, breeding, and sports information. Svensk Travsport is owned by 33 trotting racetracks across Sweden and provides IT, data, and information services used for operations and horse race betting on behalf of the racetracks. Despite being a small organization, it faces an unusually high level of cyberattacks due to the sensitivity of its data, especially information used to inform betting decisions.

Svensk Travsport deployed CyberArk Workforce Identity as the foundation of its Identity Security management platform. The solution provided continuous identity threat detection and protection, and managed identities. The organization also used CyberArk Privileged Access Manager Cloud to protect and isolate access to critical systems. The implementation was managed in partnership with CyberArk Services using the Jump Start Service Package. CyberArk Workforce Identity was one of the few solutions that combined both privileged access and identity and access management capabilities as well as integrating seamlessly with other business applications. The deployment protected 600 head office staff and around 200 core applications, integrated with physical smart cards for seamless access to devices, applications, data, and buildings. The next phase of deployment would be staff and systems at 33 racetracks. Privilege Access Manager Cloud helped Svensk Travsport to vault critical-infrastructure access credentials and isolate and monitor sessions accessing these sensitive systems and data.

• Since the implementation of CyberArk Workforce Identity, Svensk Travsport has seen a transformation in cybersecurity management and protection. The solution has become a key security product for the organization due to its versatility of integration and usability. It has made the job of managing security easier and has become indispensable for the organization's CISO. The solution has also made it easier to communicate about security with users, shifting the perception of security from a technical issue to an essential part of daily operations. The organization is now planning to extend the solution to support and protect mobile operations, with staff at race locations using mobile devices to gather track-side performance information.

• Improved security compliance and assurance, raising NIST Cybersecurity Framework levels
• Streamlined secure access for 600 staff, 15,000 members, and 200 applications
• Set the foundation for an enterprise-wide Identity Security strategy