BT implements PAM at scale to reduce risk and satisfy compliance

BT manages privileged access to critical infrastructure across numerous business units and regions with CyberArk.

Technical Controller Working at His Workstation with Multiple Displays

BT is one of the world’s leading communications services companies and the largest communications services provider in the UK. It serves the needs of customers in more than 170 countries, providing fixed-line services, broadband, mobile and TV products and services, as well as networked IT services

  • Annual Revenue: GBP 22.9 billion+ (USD 30.5 billion+)
  • Employees: 92,600


As a large communications services company, providing a range of products to an enormous mix of business and consumer customers, BT’s infrastructure is complex and vast – going across numerous business units and many geographical regions.

BT already had several point solutions in place to manage privileged access and identities but found that having several different solutions was inconsistent and did not scale particularly well to meet its requirements. Following a significant internal report, BT decided that it needed to improve its existing architecture and extend its security of privileged access to the enterprise.

What the company wanted was a single solution, standardized across the global organization that could be scaled up easily, as required. This solution would be complementary to BT’s existing portfolio of managed security services, providing its rapidly expanding customer base with privileged access management to help them better meet compliance requirements.


Having conducted its internal review and deciding upon replacing its existing solution, BT sought to easily replace what was installed already. BT reviewed the market and selected the CyberArk Privileged Access Manager Solution. CyberArk solutions enable organizations to enforce an enterprise policy that protects a business’s most critical systems, managing the entire lifecycle of shared and privileged accounts across data centers.

BT opted for a staged rollout, as it did not wish to rush a process that would eventually impact on its entire global business. The deployment has been smooth with no added delays or problems to date, as BT continues to expand the use of CyberArk solutions throughout the business.

Critically, the CyberArk solution could be easily hosted by BT and sold as a service to existing and new customers. Paul Lacey, BT Identity Services Manager, commented, “We pride ourselves on offering market-leading, effective and reliable solutions – in this case providing market-leading privileged access security to our customers for security and audit compliance. The CyberArk solution was therefore an ideal addition to our range of services.”

One of the key components of the CyberArk solution is a master policy engine that allows BT to automate and manage privileged password resets on all types of target systems. In addition, CyberArk solutions can leverage multiple policy engines for managing accounts within different network segments, all managed and administered from a single CyberArk solution installation, for ultimate convenience and agility.

In order to match its business processes, BT has customized the user interface of the CyberArk solution. This has enabled staff to work more efficiently and in line with their existing systems and business processes. Even a relatively minor adjustment such as this did not impact the overall performance and efficiency of those managing the CyberArk solution.

Overall, the CyberArk solution has impressed BT with the extent of its reach and depth of impact.

“CyberArk Privileged Access Manager really is a great, all-round solution – not only does it manage, secure and monitor our privileged accounts, it also allows us to maintain compliance with a number of regulations, such as Sarbanes Oxley, which is hugely beneficial to us.”

– Karon Davies, Global Security Privileged Access Manager, BT

“The CyberArk solution has been intelligently engineered, allowing us to easily sell it on as a hosted service to businesses while ensuring that our customers also enjoy service benefits from compliance delivered by CyberArk solutions.”


The smooth deployment and immediate effectiveness of CyberArk Privileged Access Manager has meant that the BT implementation has been a great success. As Davies said, “With the deployment now at a significant size – and of course still smoothly expanding due to the CyberArk Shared Technology Platform’s ability to scale – we have seen a string of benefits. We have managed to bring together a previously disparate infrastructure into a consolidated system for managing a large number of privileged accounts, and with a fully automated system for password management, retrieval and regeneration, we have significantly boosted our operational efficiency.

For large, global organizations with complex and far-reaching infrastructure and activities, being able to satisfy auditors is crucial to maintaining proper business processes. With the accountability, logging and overview of privilege that CyberArk solutions delivers, BT has been able to meet the ever-increasing demands of its auditors more easily.

BT has also seen the strength of its security services offering enhanced. Paul Lacey added, “A core part of the business case for selecting CyberArk was the potential to go on and sell this as a hosted service to our customers. With such an effective solution offered by CyberArk complementing our existing services, we believe we are in a strong position to enable our customers to better meet compliance regulations and audits through the provision of privileged access, critical for any organization.”

Looking ahead, Karon added that, “We fully intend on expanding use internally and with our customers. With a strong relationship established, built on trust, transparency and excellent service, we’ll certainly be looking at how we take advantage of other CyberArk solutions in the future.”

Key benefits

  • Consolidated infrastructure for managing privileged accounts
  • Greatly enhanced security and reduced risk
  • Ability to easily sell CyberArk Privileged Access Manager as a hosted service to end-customers
  • Significantly enhanced security offering
  • Automated password management
  • Flexible and scalable for a global rollout
  • Satisfied compliance regulations and auditors

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey