Quanta Services protects privilege in over 200 subsidiaries

Quanta Services Implements Least Privilege Controls In Over 16,000 Endpoints

 

Company profile

Quanta is a specialized contracting services company that delivers comprehensive infrastructure solutions for the utility, renewable energy, communications, pipeline and energy industries. Founded in 1997 when four companies merged, Quanta has grown to become a $12 billion organization.

  • Industry: Business Services
  • Annual Revenue: 12 Billion USD
  • Employees: 40,000+

Challenges

Since its launch, Quanta Services has acquired over 200 businesses and amassed 16,000 endpoints dispersed around the world. That growth, while welcomed, has created a major privileged access management (PAM) challenge for the company.

Richard Breaux, senior manager, IT security at Quanta Services, outlined the problem, “As we acquire companies, the challenge is to integrate them – taking their privileges, their computer systems and how they operate – and to make them part of our own ecosystem and to keep everything secure.”

Alongside this, Quanta also faced issues common to many businesses. Breaux stated, “We have the same challenges around privileged access that many companies do, whether with local administrative rights on a desktop or laptop, or privileged access for server administration and web application development. We’re all confronted with a similar set of issues.”

Solutions

With his previous experience with CyberArk – including successful deployments at three other companies – Breaux was keen to use the solution at Quanta. He explained, “We decided to partner with CyberArk to solve our privilege challenges because I knew we could get the solution up and running quickly and that it would do exactly what we needed. I also was very confident that it would help us to become more IT-efficient.” Under Breaux’s guidance, Quanta has implemented CyberArk Privilege Cloud™ and CyberArk Endpoint Privilege Manager. Having CyberArk-as-a-service solutions in the cloud meant minimal extra infrastructure was needed. This also helped deploy the CyberArk solutions quickly and easily, removing the need for weeks or even months of planning and setting up new servers.

“I have deployed CyberArk in companies as small as 150 users, all the way up to Quanta with 16,000 endpoints and numerous individual accounts. In every case, my approach has been identical. And I again was pleased that I did not have to pivot my strategy; the rollout with CyberArk works, no matter the size of the company.”

  • Richard Breaux Senior Manager, IT Security Quanta Services

Taking a Risk-based, Phased Approach Quanta took a measured approach to deploying CyberArk, starting with goals such as removing local admin rights from devices; beginning with Windows-based endpoints, then including platforms like Apple MacOS, with servers planned for the next phase.

Protecting thousands of endpoints in subsidiaries across North American and Australia might present a problem for some, but not Quanta. Breaux described, “It can be a very daunting task: just getting started without a tool like CyberArk is very challenging and very burdensome on a service desk. However, with CyberArk we were able to accomplish this goal. It is critical to remove admin rights across the entire enterprise, especially with a decentralized model like ours. Being able to achieve that while not impacting the business was very important, and a huge win.”

Quanta runs a lifecycle process for CyberArk, gathering feedback from users and data points to help tailor the way the solution is used. This could include, for example, modifying how policies operate, adapting to a changing threat detection landscape and best practices to onboard newly acquired businesses.

CyberArk solutions bring everything together into a single ecosystem so the security operations group can administer the CyberArk platform and associated products with minimal IT and administration overhead. This means Quanta can manage its expanding business operations and ensure access rights are appropriately managed without having to employ more IT staff.

Results

The impact of CyberArk has had broad process improvement ramifications. Breaux explained, “In addition to the benefits we’ve experienced in the security team, we’ve also seen a dramatic impact to our IT service desk and service delivery groups. Now they don’t have to run around granting and removing administration rights to get things installed. We build the appropriate access policy in CyberArk and that enables everybody to deploy and manage the relevant software without having to directly involve the IT service desk to make the changes or manage users through the process.”

Breaux cited another win that he was able to announce to his board, “For the first time – with a combination of CyberArk Endpoint Privilege Manager and Privilege Cloud – every single computer in our organization now has a unique local administrative password. This is something we are very excited about and were able to seamlessly achieve using CyberArk.”

The next phase for Quanta is partnering with CyberArk to look at how third-party contractors and vendors connect to the company’s systems, expanding into privileged session management and investigating other product lines like CyberArk Vendor Privileged Access Manager. For organizations starting a PAM journey, Breaux had this to say: “Think through use cases as much as possible and try to have a progress-overperfection approach. Things will be discovered along the way but focus on the primary objectives and have a specific timeframe. This was very important for Quanta. We’ve tried other PAM vendors in the past and it never went well: quickly becoming a burden on IT and really messed up our adoption rate. This time around, I cannot stress enough how partnering with CyberArk has enabled us to achieve our goal of elevating our security posture and, at the same time, make IT more efficient.”

Key benefits

  • Enhanced security and reduced demands on IT team
  • Scalable PAM solution alleviates need for additional staff when acquiring new companies
  • Seamless rollout of unique local administrative passwords to every device diminishes vulnerabilities associated with access rights

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey