Fiducia IT AG Relies on CyberArk to Manage 20,000+ Privileged Accounts in Support of Security & Compliance Requirements
Customer Company Size
Large Corporate
Region
- Europe
Country
- Germany
Product
- CyberArk Privileged Account Security Solution
- CyberArk Enterprise Password Vault (EPV)
- CyberArk Central Policy Manager (CPM)
Tech Stack
- UNIX
- Windows
- IBM Mainframes
- Oracle
- SUSE
- Red Hat
- Microsoft
Implementation Scale
- Enterprise-wide Deployment
Impact Metrics
- Cost Savings
- Customer Satisfaction
- Productivity Improvements
Technology Category
- Cybersecurity & Privacy - Database Security
- Cybersecurity & Privacy - Identity & Authentication Management
- Cybersecurity & Privacy - Security Compliance
Applicable Industries
- Finance & Insurance
Applicable Functions
- Business Operation
Services
- Software Design & Engineering Services
- System Integration
About The Customer
Fiducia IT AG is the leading IT service provider for banks in Germany and offers comprehensive IT services together with its subsidiaries. The company supports the value creation of affiliated banks by providing secure IT solutions that meet the needs of the market and offers one of the leading bank systems in Germany. With an annual revenue of 640 million Euros in 2011 and over 2,400 employees, Fiducia IT AG is a significant player in the financial services industry. The company is headquartered in Karlsruhe, Germany, and is dedicated to enhancing the security and efficiency of its banking clients through advanced IT solutions.
The Challenge
As an IT service provider to the banking industry, IT security is a top priority for Fiducia. Fiducia continuously strives to enhance the protection it provides its customers and their data, and as such, turned its focus to privileged password and account management. With a highly complex, heterogeneous data center environment consisting of more than 10,000 UNIX and Windows servers, five IBM mainframes, some 400 databases and 1,500 network components, Fiducia had more than 20,000 privileged accounts that needed to be secured and managed. Previously, Fiducia employees managed all of these privileged accounts and identities manually. To reduce the time and effort and risk involved in managing privileged accounts, Fiducia decided to introduce an automated password management system. The system needed to be easy to implement and integrate with the existing complex system environment while offering high reliability and absolute data security. Requirements included a secure central password repository, 24/7 application availability, access to stored passwords in a disaster scenario, logical and physical access protection, end-to-end monitoring, full traceability of all activities and rapid recovery in an emergency.
The Solution
Fiducia briefly considered developing a solution in-house. However, after a thorough research and evaluation phase that included a cost/benefit analysis, Fiducia selected the CyberArk Privileged Account Security Solution. Stephan Zimmermann, responsible for IT services, compliance and security at Fiducia, said, “With the sophisticated security, rich functionality and excellent scalability of the CyberArk Privileged Account Security Solution, it didn’t take long for us to reach a decision in favor of this product.” CyberArk Enterprise Password Vault (EPV), part of the Privileged Account Security Solution, provides all the functionality required to securely manage shared, generic and privileged accounts across the entire lifecycle. EPV provides secure password storage, automates password management such as scheduled password changes, and policy-driven access control with flexible workflow definition. At the heart of the solution is the patented Digital Vault, a special hardened server with multiple layers of security offering reliable protection from unauthorized access to the privileged identities it holds. Fiducia runs a highly available disaster recovery solution with a master and a backup vault. The integrated authentication and access control features such as OTP tokens, certificates, RADIUS, password and LDAP make sure that only authorized users can access the system and the passwords, which are encrypted and stored in the Vault. A second person’s authorization can be specified as a requirement for access to particularly sensitive information—a standard procedure at Fiducia. CyberArk’s solution meets Fiducia’s stringent requirements regarding comprehensive logical and physical access protection. This aspect was extremely important to Fiducia because they wanted to rule out any risks associated with centralized password storage. Passwords are regularly and automatically changed on the target systems by the CyberArk Central Policy Manager (CPM). The policies which define parameters such as password complexity or the change cycle are centrally managed by the Compliance & Security Department within IT Services. At Fiducia, passwords are verified on a weekly basis and change automatically every month. Depending on the target systems, communication takes place using different protocols. Fiducia uses a total of five Central Policy Managers (CPMs) to enforce the defined policies on the target systems, which are installed in different network segments. This means that protocols do not have to communicate across firewall boundaries, supporting a distributed architecture with a central repository for passwords and single administration interface for managing the multiple network segments.
Operational Impact
Quantitative Benefit
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
Related Case Studies.
Case Study
Real-time In-vehicle Monitoring
The telematic solution provides this vital premium-adjusting information. The solution also helps detect and deter vehicle or trailer theft – as soon as a theft occurs, monitoring personnel can alert the appropriate authorities, providing an exact location.“With more and more insurance companies and major fleet operators interested in monitoring driver behaviour on the grounds of road safety, efficient logistics and costs, the market for this type of device and associated e-business services is growing rapidly within Italy and the rest of Europe,” says Franco.“The insurance companies are especially interested in the pay-per-use and pay-as-you-drive applications while other organisations employ the technology for road user charging.”“One million vehicles in Italy currently carry such devices and forecasts indicate that the European market will increase tenfold by 2014.However, for our technology to work effectively, we needed a highly reliable wireless data network to carry the information between the vehicles and monitoring stations.”
Case Study
Safety First with Folksam
The competitiveness of the car insurance market is driving UBI growth as a means for insurance companies to differentiate their customer propositions as well as improving operational efficiency. An insurance model - usage-based insurance ("UBI") - offers possibilities for insurers to do more efficient market segmentation and accurate risk assessment and pricing. Insurers require an IoT solution for the purpose of data collection and performance analysis
Case Study
Smooth Transition to Energy Savings
The building was equipped with four end-of-life Trane water cooled chillers, located in the basement. Johnson Controls installed four York water cooled centrifugal chillers with unit mounted variable speed drives and a total installed cooling capacity of 6,8 MW. Each chiller has a capacity of 1,6 MW (variable to 1.9MW depending upon condenser water temperatures). Johnson Controls needed to design the equipment in such way that it would fit the dimensional constraints of the existing plant area and plant access route but also the specific performance requirements of the client. Morgan Stanley required the chiller plant to match the building load profile, turn down to match the low load requirement when needed and provide an improvement in the Energy Efficiency Ratio across the entire operating range. Other requirements were a reduction in the chiller noise level to improve the working environment in the plant room and a wide operating envelope coupled with intelligent controls to allow possible variation in both flow rate and temperature. The latter was needed to leverage increased capacity from a reduced number of machines during the different installation phases and allow future enhancement to a variable primary flow system.
Case Study
Automated Pallet Labeling Solution for SPR Packaging
SPR Packaging, an American supplier of packaging solutions, was in search of an automated pallet labeling solution that could meet their immediate and future needs. They aimed to equip their lines with automatic printer applicators, but also required a solution that could interface with their accounting software. The challenge was to find a system that could read a 2D code on pallets at the stretch wrapper, track the pallet, and flag any pallets with unread barcodes for inspection. The pallets could be single or double stacked, and the system needed to be able to differentiate between the two. SPR Packaging sought a system integrator with extensive experience in advanced printing and tracking solutions to provide a complete traceability system.
Case Study
Transforming insurance pricing while improving driver safety
The Internet of Things (IoT) is revolutionizing the car insurance industry on a scale not seen since the introduction of the car itself. For decades, premiums have been calculated using proxy-based risk assessment models and historical data. Today, a growing number of innovative companies such as Quebec-based Industrielle Alliance are moving to usage-based insurance (UBI) models, driven by the advancement of telematics technologies and smart tracking devices.
Case Study
MasterCard Improves Customer Experience Through Self-Service Data Prep
Derek Madison, Leader of Business Financial Support at MasterCard, oversees the validation of transactions and cash between two systems, whether they’re MasterCard owned or not. He was charged with identifying new ways to increase efficiency and improve MasterCard processes. At the outset, the 13-person team had to manually reconcile system interfaces using reports that resided on the company’s mainframe. Their first order of business each day was to print 20-30 individual, multi-page reports. Using a ruler to keep their place within each report, they would then hand-key the relevant data, line by line, into Excel for validation. “We’re talking about a task that took 40-80 hours each week,” recalls Madison, “As a growing company with rapidly expanding product offerings, we had to find a better way to prepare this data for analysis.”