E-GLOBAL PROTECTS MILLIONS OF CARD TRANSACTIONS WITH CYBERARK

COMPANY PROFILE

Servicios Electronicos Globales (E-Global) is Mexico’s principal electronic payment processor. It provides switching and card processing services for a wide range of merchants and manages hundred of thousands point-of-sale devices. It also provides switching services to two of the largest acquirers in the Mexican market.

Industry: Financial Services
Employees: 1,400

CHALLENGES

E-Global, Mexico’s leading payment processor, operates in one of the most at-risk industries in the world: financial services. Every day it handles seven million electronic transactions processed through hundred of thousands point-of-sale devices that add up to billions of Mexican pesos.

Ensuring that money, and the details of millions of citizens and businesses are secure, is a huge responsibility. In addition, E-Global must meet the strict security measures – and undergo over 15 audits each year – demanded by multiple national and international financial institutions and regulators. Each of these require different types of evidence to prove compliance. Some regulators ask for a variety of different criteria such as what policies are in place, who requests and who authorizes access, while others want more details about who accesses specific privileged accounts and when. Some even want details about modified configurations on transactional servers that process credit card payments.

Meeting Tough and Demanding Financial Compliance

In particular, E-Global required a solution that would help meet one of the most important regulations in the financial services industry; the PCI DSS (Payment Card Industry Data Security Standard). This is an international regulation for organizations that handle credit cards and is administered by the Payment Card Industry Security Standards Council.

E-Global has a broad and multi-layered security infrastructure protecting its customers, partners, staff and payment processing operations. However, as the volume of card holders and transactions increased, and the threat from cyber-attacks grew and became ever more sophisticated, one area of security that needed improvement was privileged access. Not only does the company process millions of Mexican pesos; millions of people and businesses – from families shopping in supermarkets to local storekeepers and international businesses – rely on E-Global services every minute of the day. E-Global needs to provide high availability of the access process to its services, without compromising security. The company has 4,400 privileged accounts and staff using thousands of devices, servers and applications.

“The challenge we faced was to find the most effective way of establishing the least privilege needed to minimize risk, while still enabling the business to operate efficiently and deliver first-class services to our customers.” said Daniel Castillo, information security manager at E-Global.

The company evaluated several different privileged access management (PAM) solutions. “After an extensive evaluation process over many weeks, CyberArk stood out as the best solution because of its technological capabilities and adaptability, and also for the business knowledge and expertise of the CyberArk team,” stated Castillo.

SOLUTIONS

Working closely with CyberArk and local partners, E-Global carried out several consultations on security auditing and compliance with internal control teams and business stakeholders to understand all the challenges and requirements. This led E-Global to deploy a range of CyberArk solutions to enhance the company’s PAM and least privilege strategy. E-global uses CyberArk to securely manage access for use cases including administration of critical transactional systems, highly isolated and regulated environments, and just-in-time, multistep workflow approvals to implement least privilege.

A key benefit of partnering with CyberArk that enabled E-Global to develop its Identity Security strategy was access to the CyberArk Blueprint. This best practice framework is backed by years of CyberArk’s cyber security experience and expertise in people, processes and technology. E-Global used Blueprint to analyze its alignment to identity security best practices and then plan, customize and design the optimal implementation roadmap to enhance its security posture. This involved fully implementing credential protection controls alongside session isolation and monitoring controls to help satisfy audit and compliance needs. Additional Blueprint recommendations that enhance security include multi-factor authentication, management of local admin rights on loosely connected endpoints, and secure remote access for third-party access to privileged accounts.

From Security Challenge to Business Enabler

“With the CyberArk PAM solution, the E-Global security team has become an enabler of the business; simplifying the way all areas of the organization can securely access privileged applications, systems and the infrastructure”
– Daniel Castillo, Information Security Manager, Servicios Electronicos Globales (E-Global)

Now, E-Global has a much better overview and control of privileged access for all relevant users, devices and applications. The CyberArk solution enables nearly 100% availability, providing the highest levels of security and always available access for 4,400 privileged accounts with adaptive multifactor authentication. Privileged accounts are protected from risks such as insider threats, vertical and lateral movement, and human errors.

Moreover, E-Global has significantly reduced risk by identifying and removing 75% of privileged accounts that were inactive and unnecessary for any business function. CyberArk’s flexibility and robust set of features – to centrally manage and deploy privilege access controls – enables E-Global to detect unmanaged privileged accounts and automatically onboard them for secure management through CyberArk.

Privileged credentials are rotated across thousands of accounts, privileged sessions are isolated and recorded, and permissions are highly delineated and segmented to provide just enough access. “Our goal with privileged access management is to ensure no one could know the credentials to our most sensitive systems and critical infrastructure as well as provide just-in-time and highly limited access. CyberArk enables us to do just that,” said Castillo.

Hundreds of E-Global managers, administrators and developers now have a seamless and resilient remote access experience to critical infrastructure and systems. Leveraging a Zero Trust approach, users have a password-less and VPN-less access to critical infrastructure and systems combined with biometric multifactor authentication.

The company has replaced often difficult and complex user provisioning processes with one that is simpler, granular and easier to manage. Simultaneously, E-Global also can demonstrate full monitoring and audit trail of privileged activity to prove compliance to regulators.

RESULTS

Establishing a Rigorous Auditing Methodology

“The auditing capabilities of CyberArk enable E-Global to efficiently and rigorously meet over 15 compliance and regulatory audits every year. No matter how detailed the audit is, CyberArk clearly and accurately shows highly granular information about how, who, where and when we are controlling privileged access accounts,” outlined Castillo.
Since deploying the PAM solution, E-Global and CyberArk have built up a strong and collaborative relationship. As a result, CyberArk has become E-Global’s main security partner and trusted advisor for identity security.

“The goal for E-Global was to be able to implement an effective and audit-ready privileged access management solution to protect the credentials for our most sensitive systems and critical infrastructure. CyberArk enables us to do just that,” concluded Castillo.

KEY BENEFITS

• Removed 75% of unnecessary privileged accounts to improve security hygiene
• Achieves nearly 100% availability of the CyberArk Privileged Access Manager Self-Hosted solution
• Helps easily satisfy over 15 compliance-driven audits every year
• Provisions just-in-time, Zero Trust access for hundreds of remote users accessing privileged accounts
• Provides visibility to, and control over, 4,400 users, devices and applications