ICERTIS protects its rapid expansion with a robust, flexible security strategy

Leading Software Provider Protects Proliferation of Admin Rights with Endpoint Privilege Manager.

Side view of young busy employees working on computers while sitting at desk in modern open space

Company profile

With unmatched technology and category-defining innovation, Icertis pushes the boundaries of what’s possible with contract lifecycle management (CLM). The AI-powered, analyst-validated Icertis Contract Intelligence (ICI) platform turns contracts from static documents into strategic advantage by structuring and connecting the critical contract information that defines how an organization runs. Icertis has operations in more than 90 countries and is headquartered in Bellevue, Washington.
– Employees: 1700+


“There is absolutely no doubt in my mind about the criticality of managing endpoint access privileges to protect the overall integrity of Icertis,” stated Aman Sood, general manager of IT infrastructure. “If an endpoint gets compromised, so does our data and our code. At this stage in the evolution of Icertis, everything must be flawlessly executed and even a hint of compromise would have significant implications on the trajectory of the company.”

Icertis has spearheaded a transformation in the way organizations across the globe manage contracts. Its AI-powered technology has liberated paper documents from filing cabinets and transformed them into dynamic, business-focused content. Global brands such as Microsoft, Google, Best Buy and Johnson & Johnson have put their trust in Icertis to govern the rights and commitments stipulated in their contracts: So far, this extends to over 10 million agreements, totaling more than US$1 trillion, in 40+ languages.


Managing Rapid Growth

The stunning success of Icertis has seen the company grow into a global powerhouse, growing at a rate of 60% and achieving a market capitalization of US$2.8 billion. Sood’s experience at brands such as Cisco and Fidelity Investments positioned him perfectly to tailor the company’s security strategy as it transitioned from start-up to market leader.

One of Sood’s first challenges was to address the proliferation of administration rights across the company. The desire to avoid restricting productivity resulted in almost every user having some degree of an elevated access credential. The findings motivated Sood to investigate endpoint privilege management (EPM) tools as a means of granting users access to the operating system functionality and programs needed to remain productive without giving them elevated access rights.

For Sood, it was important the solution chosen could closely support the company’s business needs, systems and operational environment. He analyzed EPM candidates based on criteria such as analyst opinions, industry reputation, ease of use, as well as maintenance, support and cost consideration.

Another challenge was how to overcome skepticism in the business – resulting from past poor experiences – around the performance impact of security products. Shortlisted solutions were tested with 35 custom scenarios involving the company’s most challenging and demanding groups of users.

CyberArk Ease of Use

“Our research taught me a lot about the EPM space, so I was pretty knowledgeable when we started looking at CyberArk. As we got into the proof of concept, it was evident that CyberArk had the edge over the other solutions, in part because of its ease in creating and managing policies. Also, similar to Icertis, CyberArk is the clear market leader and that’s when the needle moved in the company’s favor,” explained Sood.
Sood’s very effective approach to gain widespread user acceptance for the new solution was to get buy-in from senior management. He approached his CTO and inspired them to communicate the importance of an effective EPM strategy to Icertis, resulting in a faster, smoother deployment across the global enterprise.

Working with CyberArk partner Unique Performance, Icertis deployed CyberArk Endpoint Privilege Manager to a phase one group of 1,000 seats in 45 days.

“Based on experience with other vendors, I was impressed by the speed of deployment and how quickly CyberArk was able to deliver.”

– Aman Sood, General Manager of IT Infrastructure Icertis

The initial rollout proved so successful that the second phase added another 2,000 endpoint licenses to cover the entire company, and was executed in five months. With the company’s rapid expansion – taking on at least 100 new employees every month, with many using multiple devices – the number of endpoints is expected to increase significantly.


Rigorous, Enterprise-Standard Security

CyberArk has enabled Icertis to develop a more rigorous and enterprise-standard security infrastructure that is protecting the business and its customers.

Icertis’ development group is one of the company’s fastest growing departments. Here, users are highly skilled engineers who need access to business-critical systems, applications and data. But they have the potential to be one of the teams most impacted by inflexible security policies that could limit access and hinder productivity.

Granting and managing access rights that struck a workable balance had previously been getting increasingly complicated. However, Sood could use CyberArk to enable developers to access a specific level of privilege when and where they need it without opening up universal access.

“CyberArk Endpoint Privilege Manager can easily scale from 10 to 10,000 users, but equally important, it also is scalable in terms of all the applications and systems in our current environment, and whatever comes in the future.”

– Aman Sood, General Manager of IT Infrastructure Icertis

Icertis found learning to use CyberArk simple and straightforward. That ease of use helped the organization with the complex challenge of understanding the structure and type of privileged access policies it needed. For example, the company uses Microsoft PowerShell to automate processes, but a considerable risk perpetually gave developers the admin rights required to perform certain tasks. So Icertis identified the scenarios and specific subset of PowerShell commands needed by the development team and then used CyberArk Endpoint Privilege Manager to tailor individual security policies to permit the seamless elevation of those commands to avoid a negative impact on developer productivity.

Using CyberArk, and the policies it has enabled the business to put in place, also has helped make development operations more mature, structured, and process driven. Sood commented, “Previously, we didn’t have a lot of granularity in terms of who does or does not get administrative access. But because of the policies that we created using CyberArk – by role, department and function – our rules are now tightly aligned to the overall company goals. Now the right people get the right access when they need it.”

He concluded, “We know that attacks are going to happen, so by investing in CyberArk, we are investing in the future of Icertis.”

Key benefits

  • Implemented robust, scalable, easy to use endpoint privilege manager solution
  • Balanced security without compromising productivity
  • Minimized the window of vulnerability by deploying Endpoint Privilege Manager to 1,000 endpoints in 45 days
  • Fostered a structured and mature development operation

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey