SBA communications reduces cost and strengthens security with CyberArk

SBA communications replaces Microsoft AD FS and Cisco’s Meraki MDM solution for CyberArk Workforce Identity.

Engineers working on 5g antenna

Company profile

Founded in 1989 and headquartered in Boca Raton, Florida, SBA Communications Corporation is a leading independent owner and operator of wireless communications infrastructure across North, Central and South America.

Challenges

Avoid the build-out of a high-cost disaster recovery co-location for a product that was already difficult to implement and manage. Simplify app integration, address MDM requirements and SOX compliance, and ensure a more robust security stature.

When SBA Communications began using SaaS-based apps like Innotas, ExpenseWatch and Yammer, they implemented Microsoft’s Active Directory Federation Service (AD FS) at an approximate total cost of $35,000 for identity management. While implementation and application integration proved challenging, the product met the company’s requirements at the time. As their environment evolved, however, the solution became increasingly difficult to manage.

“To assist in the implementation we hired a consulting firm with AD FS expertise,” says Jorge Grau, Senior Vice President and Chief Information Officer at SBA Communications. “It took them six weeks to get the initial solution implemented and we continued to engage them over the next several months to do a knowledge transfer and get a handful of other SaaS providers linked into the new system.”

However, a new version of AD FS was soon released and the company was faced with having to migrate the entire infrastructure. “Integration was so painful the first time around that we dreaded having to migrate those same apps into the new environment,” says Grau. “When resources are scarce, migrating a product that’s already working never becomes a priority.”

The unfortunate result was two live versions of AD FS — each with its own set of SaaS applications that required significant resources and a coordinated effort to maintain.

The real issue arose as cloud-based solutions became more pervasive within the company’s environment. While they had previously incorporated only a few, less-critical SaaS apps, the benefits of cloud-based solutions led the company to adopt more until eventually disaster recovery became an issue.

“Once we began deploying SaaS products like Ultimate Software and Office 365 — where availability was essential – we either needed to implement an additional, separate AD FS environment in a co- location, or we needed to find a new solution entirely,” says Grau.

Solutions

After eliminating AD FS as an option, the company evaluated several IDaaS solutions and selected CyberArk Workforce Identity based on product functionality, the ability to easily integrate cloud apps, MDM features for mobile devices and company reputation.

To meet disaster recovery requirements, SBA Communications first looked at creating an additional AD FS environment. “We took into consideration hardware and licensing costs, the cost of more co-location space, additional consulting expenses and internal resource requirements for maintenance and management.”

Because SBA Communications was now running two versions of AD FS, to ensure uptime they would either need to finally migrate all the cloud apps on the old AD FS system to the new one, or they’d need to build out two separate additional environments — which would double the costs.

“Not migrating was cost prohibitive and migration wasn’t a real option either,” says Grau. “The integration process was extremely difficult with AD FS. I had understood that as long as a cloud app was SAML compliant it would be a straightforward process, but it wasn’t. Each new cloud app seemed to present a unique situation. Some apps took us ten weeks to integrate, and sometimes entire development initiatives were required. Doing that all over again wasn’t an option for us. The ROI on the entire initiative just wasn’t there.”

SBA Communications decided to look at IDaaS (Identity-as-a-Service) solutions that could solve the problem and minimize management and maintenance overhead. After a preliminary evaluation, the company narrowed their choice down to two providers. “In the end it wasn’t just about dollars. It came down to product functionality and which provider would best support us in integrating new apps. Company reputation, customer interviews and existing integrations with SaaS providers also played a significant role. MDM (Mobile Device Management) capabilities were the icing on the cake.”

Simultaneous to addressing its AD FS problem, SBA was also in the process of evaluating Cisco’s Meraki MDM solution for management of mobile devices. “We needed an MDM solution to ensure that we could enforce passwords on devices, that mobile communication would be encrypted, and that we could eliminate proprietary SBA Communications email from any mobile device at a moment’s notice.

We needed to accomplish all that without damaging the device or deleting personal information. And last, we needed control and reporting on all mobile devices connecting to our servers. Because those capabilities are inherent to CyberArk Workforce Identity, we realized we wouldn’t even need a separate MDM solution.”

Results

CyberArk Workforce Identity saved SBA an estimated $50,000 a year in AD FS costs and negated the need for a separate MDM solution. Low maintenance requirements have freed up IT staff. Compliance with SOX regulations have been reinforced.

Several recent high-profile breaches have made security a hot topic among the executives at SBA Communications and driven significant investments toward their security infrastructure including additional firewalls and intrusion prevention systems. CyberArk Workforce Identity has further strengthened the company’s security stature with an identity and mobile device management solution in one. “Security is very high on our radar. We do everything possible to secure our proprietary information,” says Grau. “Now we count on CyberArk to effectively manage who we allow into our environment.”

Key benefits

  • Saved an estimated $50,000 annually in AD FS costs
  • No longer needed a separate MDM solution
  • CyberArk Workforce Identity strengthened SBA’s security stature by bringing an identity and MDM solution together

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey