Svensk Travsport builds identity security strategy centered on workforce access protection

Swedish Sports Body Leverages Saas-Based Identity Security Controls to Protect Staff and Customers’ Access

Summary

Faced with multiple attacks on its sensitive data, Sweden’s trotting sport association, Svensk Travsport, has fortified its IT infrastructure with an identity security strategy founded on CyberArk. Driven by Arnold Johansson, Enterprise Security Architect, in days the organization had enabled secure access for 600 staff and over 200 applications. As well as improving security compliance and assurance, Svensk Travsport raised its NIST rating several steps.

Company profile

Svensk Travsport is the governing body for Swedish trotting: horse and two-wheeled cart racing. The organization looks after areas such as competitions, horse welfare, horse ownership, breeding and sports information. Svensk Travsport is owned by 33 trotting racetracks across Sweden. On behalf of the racetracks, the organization provides IT, data, and information services used for operations and horse race betting. Although a small organization, because of the sensitivity of its data—especially information used to inform betting decisions—Svensk Travsport gets an unusually high level of cyberattacks.

Employees: 600

Challenges

Every day, Arnold Johansson faces myriad challenges; high on the list is an unusually high number of cyberattacks that hit his organization. Johansson is Enterprise Security Architect at Svensk Travsport, the governing body for Swedish trotting. While Svensk Travsport don’t manage the actual bets, it provides information about and around the races and transactions related to the horses. This is often sensitive data as it includes data on rider and horse performance, history of wins and horse pedigrees. Owners and trainers use this data to decide where to invest and how best to train horses. The public uses this data to inform betting decisions which makes it highly valuable and the focus of attack. In addition, compliance and regulations such as GDPR are constantly changing. The data includes information on staff and around 15,000 external members such as riders, owners and breeders.

If that was not a challenge enough for Johansson, the cybersecurity landscape is changing. Having managed security for many different organizations, Johansson has seen a slow but gradual shift from on-premises to the cloud. “Cybersecurity was like an onion,” stated Johansson. “When I started, everything was on-premises and protected ‘onion’ layers. But once you can cut through the layers, you are in. Now, the onion is opening up to enable distributed environments, so a different protection approach is needed.”

Under Johansson’s guidance, and with backing from his CISO, Identity Security is a core business strategy at Svensk Travsport. There are two key goals which Johansson believes need to go hand-in-hand. First, it is achieving a high level of assurance for data and stakeholder protection, and second is making access to data and applications easy for users. The strategy comprises several approaches including deploying a user-friendly single sign-on solution and using high-assurance MFA methods such as smart cards and securing privileged access.

Solutions

Johansson evaluated multiple vendors before selecting CyberArk to bring his Identity Security strategy to life.

Svensk Travsport has deployed CyberArk Workforce Identity as the foundation of its Identity Security management platform. The solution provides continuous identity threat detection and protection, and manages identities. The organization also uses CyberArk Privileged Access Manager Cloud to protect and isolate access to critical systems. Implementation was managed in partnership with CyberArk Services using the Jump Start Service Package. Using CyberArk’s Identity Security SaaS-based solutions and Jump Start Service Package has helped Svensk Travsport rapidly meet its initial goals and create a strong foundation to expand and mature its Identity Security program.

“Svensk Travsport chose CyberArk because it met our needs, is easy to customize and can evolve as our business changes. I felt CyberArk’s approach towards securing identities was one of the best solutions I have seen.”
– Arnold Johansson, Enterprise Security Architect, Svensk Travsport

The other key factor was the partnership with CyberArk. “CyberArk is a business that is always on its toes, ready to help Svensk Travsport achieve the best solution and meet compliance standards,” commented Johansson. CyberArk Workforce Identity was one of the few solutions that combined both privileged access and identity and access management capabilities as well as integrating seamlessly with other business applications including Microsoft Active Directory.

The CyberArk Workforce Identity deployment:

  • Protects 600 head office staff and around 200 core applications
  • Integrates with physical smart cards for seamless access to devices, applications, data and buildings
  • Next phase deployment will be staff and systems at 33 racetracks

Similarly, Privilege Access Manager Cloud helps Svensk Travsport to vault critical-infrastructure access credentials and isolate and monitor sessions accessing these sensitive systems and data.

From his long experience in the industry, Johansson knew it would be a challenge getting staff to understand that distributed – compared to on-premises work – demanded a different approach to cybersecurity. When CyberArk Workforce Identity was first introduced, Johansson focused on usability. He stressed that rather than being restrictive, the solution would improve access and reduce complexity. For example, users can store passwords securely once rather than use sticky notes strewn across a desk. “If people use a square wheel, it is an effort to convince them a round one is better,” offered Johansson.

Next in Johansson’s campaign to improve cybersecurity at Svensk Travsport is extending CyberArk Workforce Identity to support and protect mobile operations. Case in point: staff at race locations use mobile devices to gather track-side performance information. Additionally, Svensk Travsport data is accessed and used by third-party apps.

Results

Since he was brought into Svensk Travsport, Johansson has overseen a transformation in cybersecurity management and protection. Johansson commented that, having worked in healthcare and finance, Svensk Travsport now has a level of protection higher than many of those organizations even with far more sensitive data.

“CyberArk Workforce Identity is the flagship driving the Identity Security strategy at Svensk Travsport,” explained Johansson. “The solution is one of our key security products. The versatility of integration and useability make CyberArk Workforce Identity a must for us and the stakeholders who use our data and rely on our protection. It has made my job much easier and now our CISO would not be without CyberArk Workforce Identity.”

Using the NIST Cybersecurity Framework, CyberArk Workforce Identity has helped take Svensk Travsport bring its levels several steps. NIST (US National Institute of Standards and Technology) integrates industry standards and best practices to help organizations manage cybersecurity risks. CyberArk has become essential to enabling Johansson and his team to manage Identity Security effectively across the organization. CyberArk is a keystone and one of the most important and significant security solutions at Svensk Travsport.

“CyberArk Workforce Identity has made it easier for me to talk to users about security. Before, it was always about encryption and people like me were seen as techie scientists,” concluded Johansson. “Now everyone understands the importance of Identity Security and how solutions like CyberArk Workforce Identity make daily operations so much easier.”

Key benefits

  • Improved security compliance and assurance – raising NIST Cybersecurity Framework levels
  • Helped meet strict cybersecurity and data protection regulations
  • Streamlined secure access for 600 staff, 15,000 members and 200 applications
  • Increased staff productivity by simplifying daily operations and applications and data access
  • Set the foundation for an enterprise-wide Identity Security strategy

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey