Download PDF
Global Real Estate Services Company Implements CyberArk Okta MFA Integration to Harden Authorized Access
Technology Category
- Cybersecurity & Privacy - Identity & Authentication Management
- Cybersecurity & Privacy - Security Compliance
- Cybersecurity & Privacy - Application Security
Applicable Functions
- Business Operation
- Facility Management
Use Cases
- Cybersecurity
Services
- System Integration
- Cybersecurity Services
- Software Design & Engineering Services
The Challenge
According to the 2017 Verizon Data Breach Investigative Report, 81 percent of data breaches involve weak or stolen credentials. Understanding that many cyber attackers focus their efforts on harvesting privileged credentials, the real estate services company has trusted CyberArk for more than six years to protect, control and monitor privileged access to critical information—including 500+ systems and one of its primary data centers. In the past three years, the organization has accelerated its move to the cloud to improve efficiencies, scale processes, deliver enhanced client services and maintain its edge in the ultra-competitive real estate market. Despite its many benefits, the cloud’s multiplier effect has created exponentially more privileged account credentials and secrets that are highly targeted by attackers and need to be properly managed and protected. As part of their cloud journey, the organization’s security team sought a way to further enhance security around these powerful, privileged account credentials through an additional, complementary security layer: multi-factor authentication (MFA).
About The Customer
Focused on empowering independent sales agents to best serve today’s consumers, a leading residential real estate services provider delivers brokerage, franchising, relocation, mortgage and title and settlement services around the globe through its well-known industry brands. A long-time CyberArk customer, the organization recently implemented an additional layer of security to protect its most sensitive privileged account information. The company has a global presence and employs 288,000 people. They have been using CyberArk solutions for over six years to protect, control, and monitor privileged access to critical information, including 500+ systems and one of its primary data centers. The company has also been accelerating its move to the cloud to improve efficiencies, scale processes, deliver enhanced client services, and maintain its edge in the competitive real estate market.
The Solution
After an exploratory phase, the organization selected Okta to support its comprehensive MFA approach. After testing Okta Adaptive Multi-Factor Authentication with Azure and Exchange Online, the organization was impressed with the reliability and flexibility of the solution and began sending nearly all of its applications to Okta for authentication. Employees can access virtually all of their applications—from internally managed applications such as email to externally managed applications like AWS and a third-party benefits portal—through a user-friendly landing page. The CyberArk Okta integration took place in December 2017 to help secure and centralize authentication to resources throughout the organization via a single sign-on to the CyberArk solution. The integration was timed with an upgrade to the latest version of the CyberArk Privileged Access Security Solution. Thanks to straightforward documentation and helpful support on both sides, the CyberArk Okta integration deployment was simple and pain-free, taking less than half a day to get up and running. As part of this seamless integration, the CyberArk Privileged Access Security Solution was added to the organization’s Okta application management dashboard. The CyberArk solution enables the security team to efficiently manage privileged credentials and access rights, while proactively monitoring and controlling privileged activity. Through SAML integration, Okta’s Adaptive Multi-Factor Authentication solution hardens access to the CyberArk Enterprise Password Vault by enforcing MFA policies based on device, user, and location attributes. This integral security layer ensures that only authorized privileged users can access their accounts.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Enel Secures Italian Power Generation Network
Electric energy operators around the world are working to increase the reliability and cyber resiliency of their systems. This includes Enel, a global power company that manages and monitors the Italian power grid. This grid:• Serves 31 million customers• Has a net installed energy capacity exceeding 31 gigawatts• Includes more than 500 power generation plants,including hydroelectric, thermoelectric, and wind• Is managed and monitored by Enel 24/7/365• Is operated by Terna, the Italian Transmission System Operator (TSO)Enel is responsible for the availability of the grid’s underlying ICS and industrial network. It also manages Regional Control Centers and Interconnection Centers which connect with the TSO. The TSO manages the flow of energy to the grid plus controls and remotely regulates the power generation of power plants, increasing and decreasing power production as required. The complex system of interaction and cooperation between Enel and the TSO has strong security implications as well as operational and business challenges.
Case Study
Securing the Connected Car Ecosystem
In-vehicle communications and entertainment system hosts high-value or sensitive applications. API libraries facilitate communication and sharing of vehicle data. These API libraries are vulnerable to reverse engineering and tampering attacks and may even result in loss of passenger safety. Attackers can inject malware that may be able to migrate to other in-car networks such as the controller-area-network (CAN) bus which links to the vehicle’s critical systems. Software provided for dealers to interface with cars through the OBD2 port is vulnerable to reverse engineering and tampering attacks. Hackers may be able to abuse these tools to inject malicious code into the ECUs and CAN bus. Attackers can lift the cryptographic keys used, and use that to build their own rogue apps/software. Their cloned version of the original app/software may have altered functionality, and may intend to gain access to other in-car networks.
Case Study
Secure and Cloud-based Data Marketplace
The great promise of new connected concepts of industry like 'Industry 4.0' is their ability to deliver a historically unparalleled level of responsiveness and flexibility. While modern supply chains are already heavily integrated and designed to be fluid and fast moving, a large swathe of manufacturing still remains beholden to economies of scale, large production runs, and careful preplanning.The Industrial Internet of Things (IIoT) is set to change this by allowing small-batch or even custom manufacturing on a truly industrial scale. With machines whose functions are not set in stone, but flexible and determined by their operating software and with a new form of connectivity bringing industrial engineers, product manufacturers, and end users closer together than ever before. Ad-hoc adjustments to automotive parts, for example, during active product runs or the bespoke manufacturing of custom sneakers become very viable options indeed.Much of this remains a theoretical vision, but IUNO, the German national reference project for IT security in Industry 4.0 demonstrates the new capabilities in action with a secure technology data marketplace running a smart drinks mixer.
Case Study
Expedia Hosted by 2lemetry Through AWS
Expedia is committed to continuous innovation, technology, and platform improvements to create a great experience for its customers. The Expedia Worldwide Engineering (EWE) organization supports all websites under the Expedia brand. Expedia began using Amazon Web Services (AWS) in 2010 to launch Expedia Suggest Service (ESS), a typeahead suggestion service that helps customers enter travel, search, and location information correctly. According to the company’s metrics, an error page is the main reason for site abandonment. Expedia wanted global users to find what they were looking for quickly and without errors. At the time, Expedia operated all its services from data centers in Chandler, AZ. The engineering team realized that they had to run ESS in locations physically close to customers to enable a quick and responsive service with minimal network latency.
Case Study
OTA Software Updates for Smart Energy (gridX)
gridX has a requirement for over-the-air software updates for their gridBox devices and used the Yocto Project for their builds. The driver for the requirement was having the ability to quickly support new features, as well as deploying bug fixed and path known security vulnerabilities. New software updates with a US stick manually to all gridBox devices in the field would be prohibitively expensive and labor-intensive.
Case Study
Transformed IT Infrastructure Improves Business Agility
A global security, storage, and systems management software provider planned to demerge into two separate companies. To prepare, it undertook a major overhaul of its IT infrastructure and operations strategy. A key requirement: streamlining the Hosting Group, which handled compute, storage, and middleware operations. These functions had grown complex and had a wide geographic distribution. The company planned to bring them under closer in-house management.The company looked to increase its business agility so it could quickly and creatively respond to customer demands with improved internal collaboration and optimized go-to- market and IT service delivery capabilities. Modernizing IT functions, and making them more responsive, was critical to achieving these goals.