CyberArk Helps oXya Protect 120,000 Privileged Accounts Used by Leading Global Brands

Summary

oXya, a leading MSP, has become one of the most mature and experienced users and providers of identity security and privileged access management (PAM) services using CyberArk technologies. The business has won the trust of global brands who now rely on oXya to protect their mission-critical business systems and data. One customer replaced its existing security product with a CyberArk solution from oXya. Another insurance and banking group saw audit reporting transformed from seven people, two days a month, to one person performing the same process in minutes.

Company profile

oXya is an independent provider of managed services and cloud solutions for mission-critical applications, including SAP. The business helps global enterprises and midsized organizations increase the efficiency and flexibility of their mission-critical IT systems. With 25 years of experience and an NPS of +76, oXya helps its customers choose the best technical solution for their business needs and manages that solution for them. It runs customers’ IT systems on various cloud platforms, including private cloud, AWS, Azure and Google Cloud. oXya, is headquartered in France and has operations and local support teams in the US, Canada, UK, Belgium, Denmark, Spain and China.

Employees: 950

Challenges

oXya protects business-critical applications, including SAP, and provides customers with a full range of managed services. The company has earned the trust of more than 400 enterprise customers because of its high-quality services and the security knowledge and expertise it has developed from working with market-leading technologies such as CyberArk.

Across its customer portfolio of global brands, over 120,000 privileged accounts and 22,000 servers are managed and protected. Those accounts have access to critical business systems and data used by some of the world’s leading businesses and organizations in manufacturing, retail, pharma, energy, automotive, government and high-tech. Many of these organizations also face demanding industry regulations and must be able to readily prove they are compliant. Trusting an external MSP with critical business assets is not easily won, but that is what oXya has achieved.

“Having built up so much expertise, experience and maturity in cybersecurity for our organization, we now offer it to our customers,” explains Geert Vandendorpe, CEO at oXya. “The expertise we have developed with security platforms like CyberArk has helped us win the trust of major global brands to be responsible for their cybersecurity.”

Alongside using CyberArk for its own security, oXya has become an established CyberArk partner, capable of delivering first-class cybersecurity services in conjunction with its other managed services. Several oXya administrators have achieved Guardian-level skills, CyberArk’s top-level expert certification.

“We chose CyberArk because we have thousands of privileged accounts that we use to deliver our managed services to customers,” states Emmanuel Dupont, Chief Security Officer at oXya. “Those customers rely on and trust us not to become the vector of attack and avoid the situations you read about daily in the press where privileged accounts have been compromised with disastrous consequences.”

Solutions

oXya implemented the CyberArk Identity Security Platform for its own protection and the delivery of security services. The solution comprises of CyberArk Privileged Access Manager Self-Hosted, CyberArk Conjur Enterprise and CyberArk Vendor Privileged Access Manager (PAM). CyberArk Professional Services and the CyberArk Jump Start Package implemented the platform.

In addition to the core CyberArk platform, oXya started developing additional features to enhance its capabilities, such as a dynamic traffic-light tool highlighting the quality and strength of passwords. oXya also developed a unique interface for CyberArk that reflects how oXya staff and customers use CyberArk. The use of Vendor PAM further improves operational efficiencies of secure third-party access by integrating with CyberArk PAM solutions and leveraging the biometric capabilities of smartphones to authenticate. Furthermore, it enables passwordless, Just-in-Time access to CyberArk PAM, eliminating the need for VPNs, agents, and dedicated devices. The result is that oXya has now established a position where no one in the company or any region accesses a customer’s environment without CyberArk.

oXya uses CyberArk solutions to protect several distinct groups: workforce, IT administrators, developers, remote or third-party vendors and machine identities. For example, oXya uses the Red Hat Ansible platform for automation and software development to streamline and improve service provisioning. oXya is maximizing CyberArk Conjur integration capabilities with Red Hat to allow DevOps teams to implement secrets management best practices as well as vaulting and rotating secrets. This helps developers avoid embedding secrets in application code, scripts, and configuration files while allowing security teams to control, protect and audit machine identities from a central location, regardless of their location. “All our secrets are stored with CyberArk,” shares Emmanuel Dupont. “And we can deliver vulnerability management, patch management, and installation, which significantly improves our and our customer’s security posture.”

To improve and streamline administrator access, oXya has integrated CyberArk with Microsoft Active Directory. An oXya customer typically has between six and eight vaults for various environments like networking or Unix. When a new administrator joins a team, his account is added to Active Directory, and CyberArk enables access to all the services they need. Additionally, oXya has integrated CyberArk with several business applications, including its SAP system and cloud platforms such as AWS, Azure, and Google Cloud.

Results

“I think it is fair to say that working with us would have been a no-go for many of the large, global customers if we did not have CyberArk as part of our range of security services.”
-Geert Vandendorpe, CEO, oXya

CyberArk is one of a few essential security solutions that oXya has partnered with to support its customers. CyberArk performs two critical operations: securing privileged accounts and improving compliance.

“Businesses and organizations come to oXya and benefit from our security solutions – not only because we have a wealth of knowledge and skills on platforms like CyberArk, but also because they trust us with their business-critical applications,” says Emmanuel Dupont. “We manage the core of their information systems and have developed long-term customer relationships. Every day, as many as 800 administrators use CyberArk to ensure our customers and their business activities are safe and secure.”

Another way oXya uses CyberArk solutions to build on and reinforce customer trust is through traceability and audit support. The company uses CyberArk technologies to implement a complete and secure record of privileged accounts and access and session activity for employees and third-party vendors. “CyberArk, combined with our multi-factor IAM tool, provides full traceability from laptop to target server,” explains Emmanuel Dupont. “One of our customers, a large insurance and banking group, was taking ages to evidence privileged accounts activity. It became our first customer to benefit from CyberArk, and immediately transformed the customer’s auditing process dramatically, cutting audit reporting from days to minutes.”

The insurance and banking customer had a team of seven that took two days a month to manually prepare reports for privileged account auditing. CyberArk automated this task, streamlining it to a few minutes and a few clicks for one person. oXya has replicated the same productivity and compliance improvements for its other customers, especially those in the financial sector.

Performance improvements like this have enabled oXya to build trust, confidence, and a reputation for customer reliability. CyberArk’s reporting and auditing functionality means that oXya can prove to customers that CyberArk is the only way to access systems and data securely.

“We have one very large customer who was using a competitor’s product, and it was not working very well,” adds Emmanuel Dupont. “Cybersecurity for this customer is mission-critical and after seeing what oXya could do, it asked us to replace its own solution with our CyberArk service.”

Key benefits

• Earns the trust of global brands to protect business-critical applications.
• Protects 120,000 global privileged accounts and 22,000 servers.
• Manages and rotates 180,000 secrets.
• Transforms audit reporting from two days and seven people to minutes for one person.
• Global business replaces its security solution with CyberArk.
• 800 administrators worldwide using CyberArk every day.
• 70 third-party vendors use Vendor PAM every day.