CyberArk helps leading European manufacturer cut operation time by 87% while improving security

Summary

Arçelik is among the top three white goods manufacturers in Europe, has used two CyberArk Identity Security solutions to replace slow, manual security with fast, efficient and automated processes that ensure personal information, classified projects, critical financial and retail applications, and manufacturing control systems are protected.

Company profile

Arçelik is Turkey’s leading household appliance manufacturer and the third largest in Europe. It manufactures and markets consumer durable goods, consumer electronics, small home appliances and kitchen accessories. Key brands include Beko, Grundig, Blomberg, ElektraBregenz, Arctic, Leisure, Flavel, Defy, Altus, Dawlance and Voltas Beko. With 28 factories in nine countries – and 52 subsidiaries in Turkey, China, Romania, Russia, South Africa, Thailand, Pakistan, India and Bangladesh – Arçelik provides goods and services in more than 150 countries.

Employees: 45,000+

Challenges

If you want to know how seriously Arçelik, a leading European white goods manufacturer, takes identity security, consider this: identity security at the Turkey-based business has gone from manual identity control to a scenario where even the company’s Architect Systems and Cloud Administrator, Ömer Üçler, does not know his own password. It is held in a CyberArk Privileged Access Manager vault where it changes every 12 hours.

Üçler first started working at Arçelik — where his father also worked — as an intern. Then after university, military service and industry experience, he joined Arçelik full time to help the business improve its identity security operations. Back then, the threat landscape and business environment were very different, but it was changing. Arçelik was growing with multiple global locations and thousands of staff and endpoints. Digitization and cloud applications were increasing and so was the number and complexity of threats. The company’s existing identity security posture was no longer fit for its purpose.

User profiles were more diverse, and the company had started using robotic process automation (RPA) – business process automation technology using software robots or artificial intelligence (AI). These all required different types and levels of access. However, this access management was getting out of control, was difficult to manage and was time and resource costly because of manual processes. “Think of a single service or application that can be accessed and used by multiple devices all over the world,” explained Üçler. “Access needs to be rotated regularly, but that is impossible to do manually. And it is hard for anyone to connect and change a password at the same time.”

“The priority at Arçelik is to protect our business, personal, financial and R&D data, along with our strategic business plans,” described Üçler. “The aim is to ensure operational continuity without interrupting or hindering access to our critical systems. Identity security is essential to achieving that goal by securing user accounts, workstations, servers, and business operations.”

After a comprehensive proof of concept process, Arçelik chose CyberArk as its partner. “Arçelik wanted to use the CyberArk Identity Security platform because it provided a cost-effective cloud-based solution,” stated Üçler. “CyberArk was simple to set up in a matter of minutes. With only a few clicks, we are ready to handle anything”.

Solutions

Arçelik deployed two solutions of the CyberArk Identity Security platform: CyberArk Privileged Access Manager Self-Hosted and CyberArk Endpoint Privilege Manager. To help implement the solutions, the company used CyberArk Customer Success Manager and CyberArk Success Plan services.

CyberArk is being used to protect personal information, patents, classified information and projects, critical financial and retail applications, as well as access to OT infrastructure, such as manufacturing industrial control systems (ICS). The company started using CyberArk to accurately identify the number, location, and type of privileged accounts in the business. Now, CyberArk protects 1,500 workstations and 135 servers with SaaS applications. CyberArk Endpoint Privilege Manager agents protect servers running in Azure and AWS environments, help Arçelik create application control policies so that application stack on the servers adhere to security standards and policies. CyberArk also enables the company to provide just-in-time (JIT) administrative sessions, which, as an example, provide privileged users admin privileges for an hour to work on urgent projects without the need to request permissions for each application separately.

Arçelik utilizes CyberArk PAM Self-Hosted to secure, manage, and automatically change and log activities associated with all types of privileged passwords and Secure Socket Shell (SSH) keys. “With policies developed using CyberArk Privileged Access Manager, it is possible to reset access automatically to services and applications on multiple devices at the same time,” summarized Üçler. “For us, this is one of the main reasons for choosing CyberArk.”

To ensure that new security policies and tools did not interfere with productivity and to allay user concerns, Arçelik ran a program of education and one-to-one training sessions.

Business growth at Arçelik continues at a consistent pace while supported by CyberArk. “The goal is to implement our new cybersecurity posture in new subsidiaries and overseas locations,” elaborated Üçler. “Arçelik is a growing company, and it is important for us to implement the necessary policies and standards on an ongoing basis. For a new subsidiary or location, we evaluate and plan on how to use CyberArk and then advise the local managers so they can control their own environments.”

Results

CyberArk has provided a foundation for Arçelik to improve security and reduce time and effort spent managing security operations. A typical project such as detecting and responding to a security threat used to take one to two hours. With CyberArk and new policies, that has been cut to just 15 minutes, translating to a reduction of 87%.

CyberArk has automated many processes that once were manual, strengthened identity security, and reduced and limited the proliferation of privileged access. It also has made security tighter and more robust. As mentioned earlier, users no longer manage or even know their own passwords since they are held and rotated in a CyberArk vault. Arçelik has devolved some of its cybersecurity operations to regional offices where there are different security needs and requirements while providing assistance for more complex security issues. For instance, CyberArk Endpoint Privilege Manager allows to remove local admin rights from users and then to create region-specific policies to allow running the software they need without having to go through a complex and timeconsuming permission process. CyberArk PAM Self-Hosted vaults manage credentials for privileged and service accounts thereby making audits and regulation compliance easy.

CyberArk supports the company’s mixed on-premises and cloud environments. “The biggest benefit of being in the cloud is to streamline and simplify operational activities. So, when I need to upgrade a CyberArk Endpoint Privilege Manager agent, I can do it from the head office with one click to multiple endpoints,” explained Üçler. “Using CyberArk Endpoint Privilege Manager in this way reduces a one-hour job to 10 minutes and has provided an incredible optimization in operational time.”

Additionally, CyberArk EPM reduces risks by obtaining the authorizations of privileged users at the endpoint and moving accounts that are important for the company into CyberArk PAM Self-Hosted. As a result, the number of authorized users at the endpoint is kept to a minimum. Migration of existing authorized accounts to the vault environment is increasing day by day.

“Every day, identity security is becoming more and more important for Arçelik and indeed, all organizations. Rapidly increasing digitization unfortunately causes increases in cyber threats and vulnerabilities. But cybersecurity solutions like the CyberArk Identity Security platform enable end-to-end protection for both company data and business processes. Data loss and disruption are minimized, and business continuity is maintained while realizing significant cost and resource savings.”

ÖMER ÜÇLER, Architect Systems and Cloud Administrator, Arçelik

Key benefits

• Improves operational efficiency by 87%
• Reduces response to security threat from two hours to 15 minutes
• Provides foundational endpoint security for workstations and servers both on-premises and in AWS and Azure public clouds
• Discovers privileged accounts on endpoints and onboards them to CyberArk PAM
• Improves cloud platform security
• Releases security control to regional offices releasing valuable head office resources
• Supports future growth and business expansion