How Apttus manages the access to its cloud-based environment with CyberArk

Apttus uses CyberArk Identity to manage its cloud-based environment, citing Mac management and MDM capabilities.

Woman using smartphone with icon graphic symbol cyber security network protection of connection devices and secure personal data in mobile phones

Company profile

Based in San Mateo, California, Apttus delivers Quote-to-Cash, category defining software that drives the vital business process between the buyer’s interest in a purchase and the realization of revenue.

Apttus software is delivered on the Salesforce1 Platform, the world’s most trusted and comprehensive cloud delivery infrastructure.
– Employees: 850

Challenges

Restrict and guard against unauthorized access to patient health information per HIPAA regulations. Simplify password management for key healthcare apps. Minimize expensive helpdesk requests for password resets.

Apttus is a cloud-based company with a very small on-site infrastructure — virtually all of its server and storage needs are met in the cloud. Salesforce, NetSuite, Concur, Dropbox, Office 365 and other SaaS apps comprise the majority of the Apttus environment, and Microsoft’s Azure platform is configured to house domain controllers and cloud connectors in the cloud, with a VPN connection back to headquarters.

As a result of its cloud focus, the majority of the company’s employees access SaaS apps on a daily basis, and that was creating significant challenges in terms of administration and security. Compounding the problem was rapid company growth. “Within a two-year timeframe, we’d grown from 120 to 850 people,” says Vice President of Information Technology Erich Hilkemeyer. “And user authentication and provisioning became increasingly difficult as those numbers grew. We needed an identity service provider.”

Before using CyberArk Identity, in order to onboard an employee the IT team would have to create accounts across all of the different services individually. Then came the challenge of maintaining unified credentials and logins, not all of which had the same password change policies or complexity requirements. “It was a manual process on each system. Password complexity rules had to be enforced within individual apps, and the result was between five and a dozen password reset requests every business day,” says Apttus IT Director Steve Winter.

When audits were required to monitor who had access to these applications, manual, labor-intensive reports were run, which also became more difficult as employee numbers rose. Apttus decided to find a vendor that could bring access management, provisioning and reporting together under one central solution to deliver greater simplicity, visibility and security.

Solutions

With help from technology partner SoftwareONE, Apttus evaluated a few vendors and chose CyberArk Identity for its Mac management capabilities and its Mobile Device Management functionality, both of which did not exist in competitive offerings.

Apttus wasn’t yet using Active Directory as a directory service. The team simply managed stand-alone computers all with individual accounts. “We knew we had to roll out Active Directory, and once that was done, we could extend that secure identity platform to our key applications,” says Winter. “We just needed the solution that would bring those apps under the set of credentials inside Active Directory — it all made sense from a security, user and an auditing perspective.”

Winter decided to look at a handful of solutions, but found many of them lacking in complementary functionality. “We looked at a couple of cloud-based solutions that seemed capable of providing the basic identity management we were looking for at that time, but we were also shopping with an eye on the future. For example, none one of the other products offered Mac management, and I have a rapidly growing number of Mac users, particularly in the executive ranks.”

MDM (Mobile Device Management) was another feature that was lacking in alternative solutions. “CyberArk Identity’s MDM functionality has a lot of benefits: A more secure BYOD strategy, integrated single sign-on to mobile business apps and remote lock and wipe are all increasingly important features,” Winter said.

Leveraging CyberArk Professional Services and technology partner SoftwareONE, Apttus rolled out Active Directory, integrated its employees into the system and quickly implemented CyberArk Identity.

Results

Apttus is saving time and reducing costs. The authentication process has been simplified via single sign-on, eliminating a significant percentage of help desk requests. IT activities have been reduced by bringing identity management under one centralized solution.

CyberArk Identity has aided the Apttus IT team in saving time and reducing costs. The authentication process has been simplified for users via single sign-on, eliminating a significant percentage of help desk requests. IT activities have been reduced by bringing identity management under one centralized solution, taking significant pressure off the team.

“With CyberArk Identity, we have a 100% cloud- based identity solution that provides authentication, provisioning and deprovisioning, MDM, Mac management, and the ability to track which users are logging into which apps and services.”

– Steve Winter, IT Director at Apttus

“CyberArk Identity is an essential enabler in the ability to support 850 employees with a relatively small IT team of six,” says Winter. “Password resets can now be accomplished through a self-service user portal. And provisioning is as simple as one administrator creating one Active Directory user, and assigning them to the proper security groups. Corresponding accounts are automatically provisioned when the service synchronizes. And for de- provisioning, rather than having to act manually, we can remove access with the click of a button, in a fraction of the time.

Key benefits

  • 100% Cloud-based Identity Solution that provides Authentication, Lifecycle Management and Audit capabilities
  • Self-service capabilities to reset passwords for business users
  • Simple administration of workforce access to business applications

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey