Remote Access Security for The Insurance Sector
A remote access solution for internal employees and third-party contractors.
The national subsidiary of a leading insurance company was looking for a remote access solution for internal employees and third-party contractors. Â
The IT team that is made up of 10 admins currently manages more than 400 desktops and laptops. It is responsible of securing the access of 200+ employees, working from the office and from home. Furthermore, the IT team works with three external third-party contractors.
The Chief Security Officer reached out to cyberelements looking for a flexible solution that can provide full security on different levels. He needed a solution that can help him manage both external third-party access and internal administrators’ access, whether they are connecting from home or from the office.
We needed a PAM solution to strengthen our defenses and identity protection. We were looking for a solution that provides actions’ monitoring and control to secure external partners’ access. We needed a solution that can protect our systems from external vectors of attack.
The CISO
Challenges:
> Managing privileged accounts:Â
When working with many partners, managing privileged accounts becomes complicated and time consuming. For instance, manually disabling partners accounts every time they finish their work can be easily forgotten. Organizations end up having many unused accounts.
> Password vault:
Since IT admins work with a high number of passwords and accounts, they needed a solution that can manage these passwords securely with a password vault.
“The continuous reusing of passwords, the use of simple passwords, and the lack of centralized password management are big problems for all companies.”
> Surveillance of third parties’ activities:
To make sure that no malicious acts has been done and that the partner doesn’t access any sensitive information, IT admins had to supervise third parties which can be highly time consuming.
“Manually managing privileged accounts and the necessity to assist third parties were time consuming and we desperately needed a solution that provide control over third party access.”Â
> Lacking detection of anomalies:
The team lacked traceability. If detection of anomaly is not strong enough, a data breach will be hard to identify before it is too late.
“We wanted a solution that can help us manage and control everything that is happening on our infrastructure.”
> Compliance:
They take part of a global company that should comply to security standards. The subsidiary didn’t have a PAM solution in place that is required to comply to several standards such as ISO 27000, NIST, and DORA.
Solution Highlights
After setting the key functionalities needed, our client carried out a market review to choose the right solution for them. They were looking for a highly secure solution that fit in their budget without compromising any previously set functionality.
After shortlisting two solutions, the IT team tested both of them to make sure that user experience is not compromised. The final criteria were deployment, the ease of use, and maintenance. The team chose cyberelements, which was the best fitting solution for their needs and was the easiest to deploy and integrate to their infrastructure.
The Implementation
A pilot group was in charge of the solution deployment. It included internal IT admins, external vendors, and members who were working from home to test remote access via cyberelements. Within few months all the functionalities were configured for all users and the solution was ready to use. “We were very happy with our choice of solution.” Says the CISO.
Main Features:
> Managing privileged accounts:Â
Our client can now seamlessly manage all their privileged accounts using cyberelements. Whether it is an internal admin or an external third party who needs to have access to their systems, a dedicated account is easily created and securely disabled afterwards.
> Password vault:
They now have full control on passwords life cycle thanks to the password vault. Forcing a strong password policy and imposing the renewal of passwords after a period of time is now possible thanks to cyberelements. All the passwords are now securely stored in the vault making the life of IT admins easier.
> Session Recording:
With cyberelements, IT admins don’t need to supervise their third parties anymore thanks to the session recording functionality.
“We’re just giving our external partner access through cyberelements and if something happens, we can see it through the console. It is much easier to just look at the console if needed instead of supervising the whole process and lose time. The effect of the implementation cyberelements is huge and we are very glad that we’ve made this choice.”
> Abnormal behavior automatic detection:
cyberelements goes beyond traceability, with the automatic detection of abnormal behavior giving our client full control over their systems. The platform is very flexible and adaptable to the need of each organization. For instance, our client set an additional detection for uploading/downloading files and for copying and pasting into their systems.
“An external vendor was executing a JavaScript which was not part of the initial plan. We were able to detect it and stop it thanks to cyberelements. We were happy it happened because it shows that we took the right decision implementing cyberelements PAM solution.”
> Multi-Factor Authentication:
Our client is now using the MFA feature for their partners. The smartphone app for authentication adds an extra layer of security and it is easy to use.
> Compliance:
Thanks to cyberelements, our client can now comply to various security standards.
At the end, IT admins found it strange at the beginning. Because they thought that cyberelements would hinder their work by changing their habits and the way they are used to do their activities. However, when they saw the potential and the reasons behind it they accepted it with a smile.
The cyberelements user experience allowed admins to work smoothly with it. The feedback we have from internal and external admins is very positive.
If our external partner needs some additional flexibility, like pasting a piece of code, it is very easy for an internal admin to enable the copy/paste functionality within a minute in the console and disable it again. It's very easy for our administrators to manage the solution.
The CISO