MSP’s Pursuit of Zero-Trust and Least Privilege Boosts Efficiency and Security

Netron’s journey has started by granting monitored and just-in-time access to critical cloud infrastructure using hidden passwords and targets zero-standing privileges next

Business data dashboard analysis

Summary

Netron, a Managed Service Provider (MSP) and cloud consultancy has been enhancing multi-cloud strategies and cloud security services for businesses since its founding. In response to growing compliance and the need for secure management of highly privileged accounts, it has embarked on a journey to implement a comprehensive zero-trust strategy centered on least privilege. Netron adopted CyberArk Privilege Cloud and Vendor Privileged Access Manager (Vendor PAM). These solutions have streamlined privileged access management operations, improved compliance with ISO 27001:2022 standards, and reduced operational costs. Netron also plans to adopt CyberArk Secure Cloud Access to implement zero-standing privileges across its practice.

Company profile

Founded in 2017, Netron is a cloud consultancy that started by providing information security services and has achieved many memorable milestones, such as becoming the largest DDoS mitigation technology service provider in the Asia Pacific region, becoming AWS‘ advanced tier service partner within just four months, and obtaining multiple certifications including AWS MSP, MSSP, and Migration. Netron is the distributor for more than 20 international brands and is one of the unique one-stop cloud consultancy firms in APJ.

Challenges

Netron’s strength is in their multi-cloud strategy planning and guidance. The company’s services range from cloud migration and architecture planning to consulting and cloud security

In 2023, Netron noticed that due to the increasing demand for its cloud-managed service, the company often needs to use highly privileged accounts to manage their clients‘ assets on their behalf. Knowing that these operations must be scrutinized for compliance purposes, the company started evaluating PAM (Privileged Access Management) solutions suitable for the cloud environment. After rigorous testing, Netron decided to introduce two capabilities of the CyberArk Identity Security Platform, CyberArk Privilege Cloud and CyberArk Vendor Privileged Access Manager (Vendor PAM), with plans to add CyberArk Secure Cloud Access.

Solutions

On-demand and out-of-the-box feature accelerates product deployment

Netron stated, „Netron was planning on introducing a PAM strategy mainly due to the company’s realization that manual management of privileged accounts could not effectively prevent human errors, protect privileged credentials and offer robust audit capabilities. We decided to introduce commercial solutions to reduce operational and maintenance (O&M) costs, ensure effective operational management, and significantly improve security.“

Before finalizing its PAM procurement target, Netron had clear requirements in mind. First of all, the solution must be able to keep a detailed record of all operations in the cloud. Netron wanted the ability to track all operations to the source, keeping track of any engineers‘ operations at any given time. Secondly, the solution must be compatible with Netron’s current operation and satisfy all security needs from Netron’s cloud-managed services.

Why did Netron choose to use CyberArk?

  1. First, it is a SaaS solution, helping the company gain financial flexibility by turning capital expenditures into capital expenses.
  2. Secondly, CyberArk Privilege Cloud can be onboarded quickly with minimal impact on the existing infrastructure. Weiyang Wang further explained that it took Netron less than three months to move from the Proof of Value (POV) stage to being fully deployed.
  3. Thirdly, Netron wanted its engineers‘ access to be as seamless and secure as humanly possible. CyberArk Vendor PAM offers Netron’s engineers a secure, native, and seamless access experience to cloud service providers, such as AWS, that grants them just-in-time, monitored, and recorded access.

With CyberArk Privilege Cloud and Vendor PAM being SaaS products, Netron did not have to engage in complicated operations, such as building and maintaining the product itself, procuring equipment, planning a network topology, setting firewall policies, among other complicated and costly operations.

Netron set out to protect highly privileged accounts such as DBA, Linux Root, and IAM Root accounts. Different roles in the O&M team (such as the administrator or those responsible for reviewing reports) can all utilize CyberArk Privilege Cloud’s privilege separation of duties capabilities to ensure that no role will be granted excessive privileges. For example, members responsible for reviewing reports do not have the privilege to modify or turn on/off the machine. In contrast, administrators do not have the privilege to access financial, HR, or other classified information.

With a remote workforce supporting a fluctuating number of projects, Netron required capabilities to quickly provision and deprovision users, no matter their location. CyberArk Vendor PAM helps Netron’s security team set specific periods for just-in-time (JIT) access and limited privileges that are revoked afterward. Similarly, adaptive multi-factor authentication (MFA) helps users rapidly and securely access their targeted systems, all without needing VPNs, agents, or passwords.

Results

No Time Wasted on Password Reset With O&M Engineer Changes

CyberArk has been a great asset to Netron ever since its implementation. For Example. In the past, when O&M engineers were deprovisioned, Netron had to manually reset between 20 to 80 sets of passwords to comply with the ISMS requirements, which would consume a considerable amount of labor cost. Ever since the deployment of CyberArk Privilege Cloud, with passwords being vaulted and rotated automatically, all Netron has to do is suspend the account of any O&M engineer without wasting time on resetting passwords.

There was no suitable mechanism to document the entire process of Netron engineers engaging in sensitive operations, such as deleting a VM on the cloud on behalf of a client. Now, engineers rapidly authenticate their access using CyberArk Vendor PAM while CyberArk Privilege Cloud, in the backend, isolates, monitors, and documents all logins, operations, and clicks made on the cloud console.

„Netron, as a start-up, is still working to build its reputation. Our adoption of CyberArk, a world-renowned identity security solution, certainly helps Netron earn the trust of customers“, stated Netron. When Netron’s clients hear that the company manages privileges with CyberArk products, they trust Netron even more. Adopting CyberArk solutions increased the company’s internal tech support and O&M efficiency by 20 to 30%. Netron no longer has to waste time resetting passwords or worry about the lack of operational records for audits.

Netron Helps More Businesses Enhance their Cloud Security by Partnering with CyberArk

Netron has based its cloud migration consulting service, MSP, and MSSP on the cloud-native logic. Netron understands better than many other companies the „zero-standing privileges“ concept in the cloud world, which means no more need for permanent Admin or Root accounts. Instead, different and granular privileges are assigned to different roles as needed. Netron does not limit itself to on-premise audit records, orchestration approval, logging on to the system on behalf of the clients using a jump host, and other methods of the past. This has helped Netron to implement a modern SaaS-based PAM program, which, combined with its own experience in building and using systems, has become a great source of consulting knowledge for Netron. Netron, a happy customer of CyberArk, naturally became a distributing partner of CyberArk.

Netron pointed out that console is not the only way to operate machines on the cloud. You can also use API, CLI, and other commands. The adoption of diverse offerings from CyberArk can totally modernize operations and give users better control over their information security. In light of this, Netron is evaluating its phase 2 project to use and distribute CyberArk Secure Cloud Access (SCA). Netron’s O&M team members have already learned and familiarized themselves with this product and have been amazed.

CyberArk SCA will help Netron manage access to Cloud consoles and CLI for their cloud estate and their customer’s cloud estate. CyberArk SCA Will permit them to secure access natively without impacting the workflows of their teams. Using Zero standing privileges to reduce risk without deviating away from accepted cloud access realities like identity federation.

The old version of ISO 27001 certificates expired in May 2024, prompting businesses to start introducing ISO 27001:2022. In light of this, Netron started providing corresponding transition or introduction services to comply with the new requirements for different control measures. CyberArk Privilege Cloud, SCA, and other solutions are perfect for this scenario. These solutions help Netron to help cloud-native start-ups or mature businesses migrating to the cloud to obtain ISO 27001:2022 certification while reducing their information security risks in the cloud.

Key benefits

  • Enable Operational Efficiencies: automated credential vaulting and rotation and privilege management reduces labor costs and increases efficiency.
  • Improved Reputation: Using a world-renowned identity security solution like CyberArk enhances Netron’s reputation and builds client trust.
  • Granular Access Control: CyberArk solutions provide detailed privilege separation, ensuring no role has excessive privileges.
  • Satisfy Audit and Compliance: CyberArk assist Netron in meeting stringent audit and compliance regulations, including ISO 27001:2022.
  • Future-Proofing: CyberArk’s innovative solutions, such as CyberArk Secure Cloud Access (SCA) helps Netron prepare for future challenges and foster even stronger cybersecurity practices.

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey