U.S. Travel Technology Company, Fareportal, Improves The Efficiency Of Security Management And Control By Up To 60%

Summary

Fareportal, a leading travel technology company, launched a strategy to improve how it manages identity security and privileged access to key systems. Earlier, the company had to put in additional effort to manage and control privileged access to infrastructure systems hosting sensitive financial and personal customer information. By using CyberArk in the first phase of the strategy, Fareportal has improved security management efficiency by up to 60%, reduced risk, and gained greater control and visibility over privileged access. This has streamlined regulatory compliance and audit management, enabling skilled staff to focus on high-value, customer-facing work instead of addressing security challenges.

Company profile

Fareportal is a U.S. travel technology company powering a next-generation travel concierge service. Utilizing its innovative technology and company-owned and operated global contact centers, Fareportal has built strong industry partnerships providing customers with access to over 500 airlines, a million lodging options and hundreds of car rental companies around the globe. With a portfolio of consumer travel brands including CheapOair and One Travel, Fareportal enables consumers to book online using mobile apps for iOS and Android, by phone or through live chat. Fareportal provides its airline partners with access to a broad customer base that books high-yielding international and domestic flights, hotels, and other travel and add-on ancillaries.

Employees: 2,500

Challenges

Every month the websites of U.S. travel technology company, Fareportal, handle over 500 million hits from customers looking for low-cost, high-value travel experiences. Domains such as CheapOair and One Travel give customers from the U.S. and Canada access to thousands of airlines, accommodations and car rentals around the world. The performance and availability of its online services are critical to Fareportal, and its customers trust that the financial and personal information they hand over for bookings is safe and secure.

Although Fareportal had established several cybersecurity measures to protect customers, staff, assets and operations, visibility in managing and controlling – especially privileged access – was becoming increasingly complex and burdensome.

Fareportal manages multiple domains for its online services. Yet over time, the number and complexity of privileged accounts in these domains have increased making them difficult to track and monitor. Administrators who manage these domains have separate privileges for each domain they access.

“Managing all of these different privileges was a big challenge,” said Pooja Bansal, Director – Information Security, at Fareportal. “We had to manually onboard and off-board the privileged user accounts and passwords, but there was no single pane of view to help manage these privileges. Passwords were recycled at different and irregular times. We even had some admins using the same password for several domains.”

Fareportal has around 100 privileged users comprising IT, data and information security staff spread across the company’s U.S. and India offices. The company has established several security policies and procedures, but ensuring their consistent application and credential management required considerable effort. Fareportal also aimed to enhance its compliance with regulations like the ISO 270001 information security certification and PCI DSS credit card security standards.

The company’s IT infrastructure is mainly on-premises with a few cloud-hosted virtual machines for SaaS services. However, the COVID-19 lockdown forced staff to work remotely, while continuing now in a hybrid home/office working model. The company could no longer rely solely on premises-based security for protection. This prompted Fareportal to initiate a new strategy to target and improve identity security and access management, strengthen its security posture and improve operational efficiencies for the whole enterprise.

Solutions

Fareportal wanted a more organized and structured method of managing and controlling privileged access. It evaluated most leading products with privileged access management for the first phase of Fareportal’s program to deliver its identity security strategy. To advance the strategy, the company is looking at other solutions such as CyberArk Endpoint Privilege Manager.

Deployment of CyberArk Privileged Access Manager (PAM) Self-Hosted, was smooth and took just three months. “Additionally, we work very closely with the local CyberArk team,” added Bansal. “They have been and continue to be extremely helpful and responsive in supporting Fareportal, sometimes resolving issues and questions in under half an hour.”

The solution has enabled the company to map all privileged accounts to the existing corporate user directory. Now privileged users only need their corporate IDs to access their respective privileged accounts. Credentials and passwords, which are hidden from users, are automatically granted and rotated within CyberArk.

CyberArk integrates with the company’s cloud platforms and on-premises infrastructure including Linux and Windows server environments, network devices and security applications.

Results

CyberArk gives Fareportal increased control and visibility over its privileged accounts, improving management and reducing risk. “CyberArk has significantly improved visibility and monitoring,” disclosed Bansal. “If something goes wrong, we review it either text-based or by screen capture. We also get real-time alerts about any risky activity in our environment. In addition, we can control access and turn down certain commands to manage access effectively.”

One of the key objectives for using CyberArk was to improve security and operational effectiveness while increasing the visibility of privileged accounts. “CyberArk has made it easier for us and our administrators to manage privileges,” explained Bansal. “We just onboard users and the privileged accounts they need into CyberArk. When someone leaves a team or there is a change in a department, we do not have to worry about them retaining any privileges which could then be misused.”

Fareportal estimates that operational efficiency on several processes has improved by as much as 60% due to the reduced number of identities each employee needs. For example, when new staff joined the IT team, multiple privileged accounts had to be created for each user – which could take up to two hours. Because CyberArk now controls privileged access and users only need their corporate identities, onboarding takes a few minutes.

“With CyberArk, we have managed to reduce risk and minimize human error,” said Bansal. “Before, administration staff managed their access, but now they do not even know what passwords and credentials are assigned to them. In addition, we can use CyberArk to protect highly sensitive applications and data by only allowing access to authorized admins and blocking others.”

In addition to helping meet regulatory compliance, CyberArk also streamlines audit and reporting processes to increase efficiency. Because of sensitive data like credit card information, Fareportal is externally audited to ensure it meets regulations. Just-in-time (JIT) access is used to protect further sensitive data. CyberArk ensures access is only granted to these environments when and for as long as it is needed. It replaces a process where managers manually granted access and then removed when the task was completed.

“With CyberArk, we have better visibility into who is accessing what and worry less about privileged access. Now we focus on delivering high-value customer service and experience improvements,” concluded Bansal. “With CyberArk, we are getting users to a state where they do not log into devices until and unless there is a need – such as a change, service request or incident. This is something we can enforce and monitor via CyberArk, and which is helping in risk reduction and achieving operational efficiency.”

“With CyberArk, we have better visibility into who is accessing what and worry less about privileged access. Now we focus on delivering high-value customer service and experience improvements. With CyberArk, we are getting users to a state where they do not log into devices until and unless there is a need – such as a change, service request or incident. This is something we can enforce and monitor via CyberArk, and which is helping in risk reduction and achieving operational efficiency.“
–Pooja Bansal, Director – Information Security, Fareportal

Key benefits

• Delivers up to 60% operational efficiency improvement through a reduction of the number of identities
• Reduces risk and increases privileged access visibility and transparency
• Replaces multiple privileged access accounts with a single corporate ID
• Passwords and credentials are regularly and automatically rotated and hidden from users
• Redirects focus from security admin to high-value actions especially prioritizing customer experience
• Makes it faster and easier to meet regulatory compliances