Leading Retail Mortgage Lender Streamlines Password Management and Accelerates Secure Access with CyberArk

Summary

A leading retail mortgage lender replaced a patchwork of password management practices with the CyberArk Identity Security Platform. By centralizing control and simplifying sharing, the company shut down risky habits, satisfied compliance demands, and laid a smarter foundation for secure, scalable growth.

Company profile

Founded more than 10 years ago, this non-bank mortgage lender has quickly grown to become one of the largest in the United States, helping millions of customers achieve their dreams of homeownership. Since its inception, the company has led the industry with a digital-first approach that transforms the home buying and refinancing experience—making it faster, more efficient, and significantly less stressful for their customers. Providing a broad range of lending solutions — including personal loans, home purchase and refinancing loans, home equity loans, and online mortgage services. This company operates through multiple distribution channels such as consumer direct centers, retail branches, wholesale centers, and servicing hubs.

Employees: Approx. 5,000

Challenges

The mortgage lender’s business success and growth created new security challenges, which include a need to improve password management across the company. The previous patchwork approach to sharing business application credentials created operational headaches for employees and IT teams. Credentials were scattered across a variety of tools: spreadsheets, digital sticky notes, browser plugins, shared folders, and email threads. This lack of central oversight meant credentials were not only stored in risky places but were also updated manually using cumbersome spreadsheets that created confusion and delayed access.

Tracking who accessed which accounts, or when, was nearly impossible. Auditors were left guessing, and the security team struggled to demonstrate compliance with SOX, FIPS 140-2, and cyber insurance audit standards.
“There were nine different password manager solutions being used across the business, none of them enterprise grade or centralized,” explained the senior information security systems engineer. «We needed to rethink our approach and get enterprise-level security with a solution that improved the experience for our end users.”

Specifically, the business aimed to replace the open-source and consumer-focused Keepass password manager across its organization, due to feature limitations and the need for an enterprise-ready solution.

The risks weren’t limited to IT; teams across the organization — software engineers, loan officers, business users — lacked safe, repeatable ways to share or update credentials, which left risk exposed.

Solutions

To reduce their security risks for credentials, the organization deployed the CyberArk Identity Security Platform, leveraging the platform to secure high-risk PAM users and employees with sensitive workforce application credentials.

With CyberArk Workforce Password Manager (WPM), the security team eliminated the chaos of managing personal password tools and scattered spreadsheets. Secure, shared folders replaced outdated practices, enabling teams to safely share credentials without ever exposing the actual passwords. The WPM policy-driven controls around access permissions streamlined the process for managing business application credentials, ensuring sensitive information was both accessible and secure across departments, at the right time. This approach provided clarity and control, while at the same time making it easier for teams to securely store and manage credentials.

“For us, it’s about striking the balance between security and making sure information is highly available and easy to use,” explained the senior PAM engineer. “Ease of use is key, especially for non-IT users. Workforce Password Manager is customizable and intuitive, which helps users adopt it quickly.”

The rollout was methodical and results driven. Starting with 200 users, the program quickly expanded to nearly four times the original users as early wins gained traction, converting IT skeptics and power users into advocates. By reducing risk and simplifying workflows, the security teams are achieving deeper adoption, one secure process at a time.

Key highlights of the Workforce Password Manager solution include:

• Standardized onboarding with team folders: Permissions are set once, apps are added, and scalable access control has replaced sprawling, per-app sharing.
• Mobile and remote access readiness: CyberArk Identity workflows ensured loan officers could securely access systems from anywhere, supporting a distributed workforce.
• API-based support for ecosystem integrations: The team was able to expand the functionality of the CyberArk solution and create tailored workflows to meet their needs.
• Ability to enable one-click access to privileged web apps: With the CyberArk Privilege Cloud and workforce password manager solutions working together, privileged users could easily gain access to web apps in one click.

“Securing workforce application credentials is part of our overall identity security program. It’s one holistic approach instead of disconnected pieces.”

– Senior Information Security Systems Engineer at Leading Retail Mortgage Lender

Credentials are securely stored as part of the native integration between Privilege Cloud and WPM.  Through privileged access management the team secures the highest risk users with strengthened password security. Automated session recording added an extra layer of oversight, satisfying compliance requirements and reinforcing accountability.

To secure developers and endpoints, the team deployed CyberArk Secrets Hub, Central Credential Provider (CCP), and Endpoint Privilege Manager (EPM). EPM began in monitoring mode, laying the groundwork for a smooth transition to removing local admin rights—executed with a clear, drama-free plan.

This unified approach not only enhanced security but also streamlined operations, empowering retail mortgage lender to scale securely and efficiently.

Results

With the successful deployment of CyberArk solutions, the retail mortgage lender has developed a program to secure its ongoing operations and improve the experience of accessing business applications. The team eliminated fragmented tools, personal vaults, and scattered spreadsheets.

Operational efficiency took a leap forward as CyberArk’s auto-capture and auto-fill of credentials replaced slow, manual processes. Onboarding for new users and teams became dramatically simpler. With team folder permissions, new apps inherit access effortlessly, and shared test accounts for quality assurance now streamline automated logins, reducing delays and boosting productivity.

The benefits of scalability and adoption played out well beyond IT. Secure access controls and detailed audit trails are now standard across business units and non-technical teams. The groundwork is set for growth, with plans in motion to expand to other teams. From an audit perspective, the organization has session recording and end-to-end visibility for high-risk user personas which allowed auditors to follow the breadcrumb trail with precision. “We’ve got enterprise-level visibility and insights now around shared accounts. It’s clear who accessed which account and when,” explains the senior information security systems engineer, “The auditors love that functionality, it’s a huge shift, we are in a dramatically better position to answer questions for SOX, FIPs or cyber insurance.”

Meanwhile, privileged account access is now almost passwordless—users click, privileged credentials are auto-filled through CyberArk’s password manager, and security keeps pace with the speed of the business. “Looking ahead, it’s about building on this foundation we’ve put in place. CyberArk continues to innovate, and that gives us confidence we’ll be able to take advantage of new features and capabilities as they’re released. That steady innovation helps us stay ahead and continuously strengthen our security posture.”

Key benefits

With CyberArk, the retail mortgage lender moved from risky, scattered, and labor-intensive password practices to a centralized, auditable identity security platform with strengthened security controls.

• Replaced 9 fragmented password tools with a centralized, enterprise-grade solution.
• Strengthened password security and protections against credential-based attacks
• Delivered full audit traceability for shared accounts, supporting compliance with SOX and FIPS 140
• Enabled collaboration and sharing through intuitive workflows for both IT and non-IT teams
• Simplified onboarding and access control using shared folders with inherited permissions