Privileged Identity Management Suite

Billion-dollar Financial Services Company Secures Key Databases by Removing Application Identities

Using Cyber-Ark's Application Identity Manager, a New Jersey-based company with billions of dollars in annual transactions with major banking and financial clients was able to secure key customer data by removing and actively managing the embedded application identities within their infrastructure.

The Situation

With thousands of annual transactions and gigabytes of valuable customer data stored within their core databases, one New Jersey-based financial services firm faced a major security risk posed by unmanaged, hard-coded application credentials stored in clear-text within their scripts and applications. These credentials, used by critical applications to log into and access key customer data stored within their Oracle, Sybase and MSSQL databases instances, were susceptible to being discovered and misused by unauthorized IT and development personnel, and thus put their critical data at risk of being exposed.

While removing these embedded credentials would address the security risk, the regular rotation and updating of the passwords within the target applications and databases was also raised as a concern. Ensuring corporate password policies were also being applied within the application space was a key consideration and requirement of the project. Current manual processes to accomplish this credential rotation required significant time and resources from the IT department, but also created downtime situations for these critical applications that impacted the organizations ongoing, daily business.

The Solution

The company evaluated various options to address the embedded credential challenge, while also considering solutions to solve the traditional administrative identity challenge they faced via unmanaged shared, generic accounts such as Root, Enable and SysAdmin. In looking for a single solution that could address both issues across their organization, they chose Cyber-Ark's PIM Suite as their overall Privileged Identity solution and deployed both the Application Identity Manager and the Enterprise Password Vault products within their environment.

In the process of implementing the Application Identity Manager, the organization took advantage of Cyber-Ark's unique Application Password Provider technology on their Windows, Linux and Solaris systems to solve their requirements around distributed applications and databases, credential availability and application responsiveness. With the Provider technology in place and interfacing with the core PIM infrastructure in the background, they were able to address their security and availability concerns, while also ensuring that the credential were automatically and reliably rotated in order to also meet their audit requirements as well. In addition, the organization leveraged the Application Password SDK in Java, C++ and CLI formats to address the embedded identities found within their script and custom application environments.

Furthermore, the organization chose to move forward with Cyber-Ark's Disaster Recovery and High-Availability modules to ensure uptime, accessibility and continuity for these critical applications, while also taking advantage of Cyber-Ark's complete LDAP integration for ease of administration and management.

By using the Application Identity Manager solution in conjunction with the Enterprise Password Vault (for managing administrative accounts), the Cyber-Ark PIM Suite has become an integrated, key part of the organizations infrastructure that continues to address both their security and audit challenges around privileged accounts of all types.