Maximus implements PAM as a service to create an efficient and strategic rollout

Company profile

Founded in 1975, Maximus helps governments around the world improve services for their citizens. Covering a variety of health and human service programs, Maximus provides business process management and technology solutions to increase efficiency for public sector agencies in North America, Europe, the Middle East, Far East and Australia.

• Industry: Government Services
• Annual Revenue: US $3.4 Billion
• Employees: 35,000
• CyberArk Product & Services: CyberArk Privileged Access Manager

Challenges

Maximus is implementing a digital transformation strategy to improve program efficiency, work smarter, and drive productivity and quality. A core component of this strategy has been the transition to a cloud-first enterprise through the migration of key systems and applications to the cloud. The change provided an opportunity to rethink and strengthen our approach to privileged access management (PAM) across the organization.

Previously selected for Maximus’ legacy environment, the company’s existing PAM solution required a lot of customization, had limited integration capabilities, and could not handle complex use cases.

Maximus hired Nigel Miller into the pivotal role of senior manager for identity and access management to drive forward the company’s PAM strategy. Miller’s first challenge was to determine how to create widespread improvements across the $3.4 billion corporation with only a modest-sized team and limited resources.

Miller reviewed multiple solutions from different PAM vendors before finally deciding to partner with CyberArk and implement CyberArk Privileged Access Manager. The solution offered Maximus the flexibility, scalability and futureproofing needed to support business goals, coupled with comprehensive out-of-the-box features such as ease of integration with other applications and rapid deployment.

“The number one factor in our decision to choose CyberArk was my comfort level with the CyberArk team. The support and understanding it offered and the commitment to get us up and running fast were exceptional,” said Miller. He added, “Since choosing CyberArk, we have not looked back: it has truly been a great experience. Given what we wanted to accomplish and the number of accounts we wanted to lock down, CyberArk has been a 100% slam-dunk.”

Solutions

Gaining user acceptance and managing change are often significant challenges with any new solution. However, Maximus holistically approached privileged access management — comprised of people, processes and technology — with CyberArk acting as the centerpiece. Also, Miller engaged senior leaders early in the process, which helped build an understanding of the need for change at the top level. Then it was a step-by-step process understanding day-to-day access needs and starting with key users such as domain administrators followed by server administrators.

Miller recalled, “Although some people were not immediately happy about the proposed changes, we were able to share the exposed risks and to and give them the correct levels access. We also took time to listen, communicate, test and train.”

CyberArk proved invaluable in helping the small security team implement the PAM solution. “I had a lot of faith from the discussions and collaboration with CyberArk, which proved critical in deploying the solution in record-breaking time,” Miller said. “We went from zero to having CyberArk up and running within two weeks, and over the next month we were pulling domain administrators into the system. I have never had an implementation that was so smooth. I would love to have more.”

In the first three months of deployment, all domain administrators were secured; in six months Windows servers were protected; and by the end of eight months, all Linux administrators had been enrolled. Around 350 users were onboarded, and access privileges were reduced to more appropriate levels for approximately half of all users.

Results

Miller described CyberArk as “The single place for users to get access to systems they need, when they need it, but not before. It is a place where we have oversight, where we have credentials rotating and where we can control privileged access.”

Miller explained why CyberArk is central to the company’s PAM strategy: “With CyberArk, we can increase awareness, direct users in their processes, and create more precise scope of privileged access for our users. Although that might seem bold, our users have been very involved in streamlining processes. In this way, we are changing the way Maximus thinks about and embraces privileged access.”

Maximus applied CyberArk Privileged Access Manager across the whole spectrum of users from those who only have one access-related function to those that need continuous, multiple access points. Miller said, “Before, power users would try a slew of different passwords to see what worked. Now they understand why we use CyberArk, and the advantage is huge for them because they have one consistent location to gain access to all the systems they need.”

Miller cites multifactor authentication (MFA) as a huge win from CyberArk. Maximus uses MFA to consistently rotate credentials, even for those who need continual access. They now go through CyberArk for all access and the MFA capability gives the company an extra level of verification which has elevated security and compliance significantly.

CyberArk security services helped Maximus scale its PAM capability. When a specific scenario requires a non-standard modification, CyberArk has been very proactive in coming up with a solution – often within a month – which Miller found unusual for a company as large as CyberArk. This kind of support has enabled the company to maximize security resources while also saving time and money: And in turn, removing the need to dedicate resources to manage the backend operations.

Maximus values its CyberArk partnership highly.
“I have worked at three different companies with CyberArk, and each time the team has been highly engaged and focused on our needs. It has done a great job of being involved in our implementation and our success. I wish I could say that about more companies,”
– Nigel Miller, Sr. Manager of Identity and Access Management, Maximus

Key benefits

• Delivered a centralized solution to manage and control privileged access
• Solution deployed in just two weeks, full integration in a few months
• Enabled a 50% cut in administrative access without disrupting productivity
• Cut costs and reduced burden on valuable skills and resources
• Helped a small team roll out an enterprise-wide PAM strategy