Banco Galicia protects staff, partners and exceeds financial compliance with CyberArk

Banco Galicia Uses Multiple CyberArk Identity Security Products To Enhance Security

Company profile

Banco Galicia is one of the main and largest private banks in Argentina offering a range of financial services to individuals and companies. It is part of a group that includes insurance, investment and financial tech businesses.
Industry: Finance
Annual Revenue: US$2.9 billion
Employees: 5,300

Challenges

When Banco Galicia was founded in Argentina in 1905, computing had not yet been discovered and the risk for the bank’s 2,000 or so customers was from bandits bursting in to rob a branch. Today, 66% of the bank’s 3.4 million customers have made at least one digital connection in the last month and almost 20% of customers have had no physical interaction with the bank at all. The bandit of yesteryear is now sitting at a computing screen somewhere in the world, searching for a chink in the bank’s digital armor and with that, the risk of attack has grown exponentially.

“Argentina has very diversified financial businesses compared to other parts of the world, so, the number of banks is huge. Banco Galicia is one of the most important private banks in Argentina with approximately 12% of the market,” shared Pedro Adamovic, CISO at Banco Galicia. “The bank is different from many of the more traditional Argentine financial institutions based on its innovation, as well as investment in technology to improve customer service and operational efficiency.”

Over 2,600 Local Administrators

With the growing risk of increasingly sophisticated cyber attacks and a fast-expanding business, Banco Galicia needed to improve privileged access management, boost operational efficiency, support digital transformation and better meet financial regulations.

One of the biggest security risks was the sheer number of local administrators totaling 2,600. The security team did not know how to remove access effectively. In addition, the COVID-19 pandemic meant many of those administrators had to work remotely, usually logging on to critical corporate systems via home devices. Securing human and machine identities and protecting critical assets with intelligent privilege controls in a seamlessly secure and unified approach is what drew Banco Galicia to the CyberArk solutions.

Solutions

Banco Galicia was aware of CyberArk, its Identity Security Platform’s reputation within the industry and positive feedback from other users. “CyberArk was obviously a leader in the market. When we saw the full scope of the CyberArk Identity Security Platform, we knew we had found a worldclass solution,” explained Hernan Garro, Cybersecurity Architect, Banco Galicia. Consequently, the bank—which usually tests two or three solutions—only tested CyberArk’s that in turn proved highly successful.

Banco Galicia has deployed many products within CyberArk’s Identity Security Platform to manage identities and privilege across the bank’s entire infrastructure, including Privileged Access Manager Self-Hosted, Endpoint Privilege Manager, CyberArk Workforce Identity and Vendor Privileged Access Manager (PAM). Using CyberArk, Banco Galicia centrally protects credentials, isolates and monitor sessions, sets smart authentication controls and easily proves compliance.

Transparent, Simple Implementation

“The implementation of CyberArk was very transparent and there was little work to do because of features such as the pre-set-up console,” recalled Garro.

One of the key elements of the solution is Vendor PAM, which enables the bank to intelligently connect partners, such as independent financial intermediaries, to sensitive target systems and business applications without the need for passwords or VPN. By leveraging biometric capabilities of smartphones and multi-factor authentication, Vendor PAM helps reduce cyber risk and offers just-in-time (JIT) provisioning, as well as recording and monitoring of privileged sessions done by external users.

“Vendor Privileged Access Manager was a leap in quality for Banco Galicia. The application was well received because it provided excellent protection especially during the COVID-19 pandemic. Our technical teams—who do not usually welcome new security applications with open arms—were impressed with Vendor Privileged Access Manager and the competitive advantage it offered in managing and improving cybersecurity.”

-Pedro Adamovic, CISO, Banco Galicia

Banco Galicia found that it also was able to use Vendor PAM to protect legacy, green-screen mainframe IT users and applications because of the modernization and easy adoption of CyberArk.

Results

Protect Vital Assets With CyberArk

“If someone asked me how they can best protect their vital business assets, I would tell them to start with endpoint privilege security and for this to get CyberArk Endpoint Privilege Manager. Here at Banco Galicia, one of the biggest banks in Argentina, we have an indisputable example of success with the product.”

-Pedro Adamovic, CISO, Banco Galicia

Endpoint Privilege Manager helps Banco Galicia strengthen its security posture and reduce vulnerabilities by detecting and protecting over 40 ways of stealing credentials and by setting least privilege controls across endpoints and servers.

One of the most significant benefits of CyberArk Endpoint Privilege Manager has been the ability to enumerate and seamlessly help the bank reduce over 2,600 local administrator accounts to just less than 50 and to do so in only six months. “CyberArk Endpoint Privilege Manager generated a report that told us whom had escalated privileges,” said Garro. “That report was crucial because it gave us the clarity to choose whom we should remove privileges from without degrading the service or impacting user productivity.”

The bank removed local admin rights from those accounts who had not used privilege elevation in the past 60- or 90-days. It also streamlined and strengthened security policies ending up with only a select few. There were custom policies for development, for technology, another one for a special IT projects team, and a policy for business users. For example, in Argentina, the Administración Federal de Ingresos Públicos (Federal Administration of Public Income, AFIP) has applications that require escalated privileges to enable the bank to submit accounting information.

To manage JIT endpoint privilege elevation, the bank set up a strict vetting process that is enforced before granting administrator access to those requesting it. Individuals are asked why they need to be an administrator, what for, which application(s,) and if there is an alternative route?

As a financial institution, Banco Galicia must adhere to national and international finance regulations and CyberArk is enabling the bank to meet and exceed compliance requirements. “Banco Galicia is doing a good job meeting mandatory regulations such as compliance with the Banco Central de Argentina,” elaborated Adamovic. “With CyberArk, Banco Galicia is more advanced than the compliance really demands. But more importantly, we expect new and tougher regulations in the next year and now we can comply with them easily. Key to that is how simple it is to use CyberArk to submit evidence for audits.”

Endpoint Privilege Manager makes it easy to create advanced policies such as segregating different privilege de-escalation needs or giving privileged access to an application based on a variety of parameters, such as the specific folder the application is located in. “The versatility and easy way of creating policies is very valuable for Banco Galicia. So far with Endpoint Privilege Manager, we have not found a need that has not been met,” revealed Garro.

One of the other benefits of CyberArk has been little or no impact to device performance or disruption to business operations.

“Being able to implement a technology like CyberArk—that solved a problem we found very complex and almost impossible—has been a huge benefit for Banco Galicia. The large number of local administrators we had was a significant risk and resolving this was the biggest advantage of CyberArk,” concluded Adamovic. “When I presented the CyberArk solution to our directors and showed them how it was protecting the bank, I was congratulated.”

Key benefits

  • Reduced 2,600 local administrator accounts to just less than 50 in six months with Endpoint Privilege Manager
  • Privileged account transparency and cleaning done in six months
  • Fast, simple and minimal deployment effort
  • Transformed remote worker and third-party user access and protection
  • Exceeds ability to meet financial regulations
  • Makes it simple and easy to meet future compliance standards

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey