Asian Paints implements PAM controls across the entire enterprise

Asian Paints enhances security and auditing with CyberArk Privileged Access Manager

Company profile

Asian Paints is India’s leading paint company and ranked among the top ten decorative coatings companies in the world: Helping millions of customers adorn their dream homes. Since its founding in 1942, the company has expanded to serve consumers in over 60 countries and has developed a worldwide network of 26 paint manufacturing facilities. Asian Paints has received numerous industry awards, including being on the prestigious Forbes ‘Top Regarded Companies’ list and Forbes Asia’s ranking of ‘Best Over a Billion’ companies.

Constant Evolution

The company believes in continuous innovation in products and services and has rolled out multiple new products in numerous paint categories. Asian Paints’ R&D center plays a very vital role in product development as well as formulation efficiencies. A significant number of innovations are aimed at reducing the company’s overall carbon footprint, as well as increasing the use of renewable raw materials and developing energy-efficient processes.

Asian Paints’ extensive technology landscape is used as a consistent differentiator in the highly competitive commercial and residential paint marketplace. The company’s extensive SAP implementation has earned the paint manufacturer an almost celebrity-level status as one of the ERP vendor’s marquee customers.

Challenges

Growing Pains

As the IT infrastructure expanded and evolved, managing privileged access rights for the amassed collection of devices and applications had become an increasingly important responsibility. For Asian Paints, enhancing visibility into privileged user activity was key to addressing potential vulnerabilities across the environment.

The company’s legacy solution for monitoring access credentials lacked granularity into individual user sessions. The absence of detailed logs containing precisely what each user had accessed and any changes they performed, resulted in additional risk.

Sindhuvihashini, solution lead for Asian Paints, recalled, “For investigating an issue, we had limited insight into who did what, and when. Our previous solution provided a very basic level of monitoring and focused primarily on restricting access based on role, rather than real-time analysis of a specific user’s activities or authorized needs.”

Although the company had established a manual process for password rotation, updating passwords on hundreds of servers was becoming an inefficient and unsustainable task for the security team. Eager to resolve the situation, Asian Paints began its search for a new privileged access management solution.

Solutions

CyberArk Delivers Heightened Security and Resource Efficiencies

After a successful proof of concept – executed with its trusted services partner, Technosprout – CyberArk Privileged Access Manager emerged as Asian Paints’ definitive first choice. To create a robust starting point for implementing the revamped security strategy, CyberArk Discovery and Audit (DNA) was utilized to deliver a detailed privileged access risk assessment of the entire global infrastructure. The scan revealed that there had been an accumulation of thousands of privileged accounts across the company’s fleet of servers.

Again working closely with Technosprout, the security team then prioritized systems holding the most critical and sensitive company data. The initial focus was on onboarding servers and virtual machines, including Windows and Linux environments. Pranesh Anantharaman, manager of information security, reflected, “By deploying Privileged Access Manager to monitor our systems, we’re able to isolate privileged sessions, and track and record any related activities: a significant enhancement to our evolving security posture.”

Results

Refined Workflows

During implementation, the opportunity was taken to create a much tighter workflow for privileged access around the company’s perimeter. “Now, every time a user logs into a server, network device or protected security device, a workflow is established that monitors and tracks all of their actions,” noted Anantharaman. “Having access to these session records represents a major advance in the level of control our security team has over the environment.”

Utilizing CyberArk Privileged Access Manager centralizes the management of credentials and automates password rotation. To ensure that its privileged identity and access management controls remain fully operational, even during system downtime, Asian Paints implemented a multi-tier disaster recovery architecture.

Multiple vault servers – both physical and virtual – are distributed throughout the global environment to provide live failover capabilities and continuous protection of privileged credentials in the event a primary or secondary vault is taken offline.

Full automation of the failover process ensures business continuity and further contributes to the IT team’s efficiency and responsiveness.

Hardened Attack Surface + 75% Drop in Privileged Credentials

With the Privileged Access Manager, Asian Paints has strategically limited the number of privileged accounts allotted to each server in the company’s environment. The accomplishment represents a more than 75% reduction in the number of elevated credentials the paint manufacturer must secure and a significant hardening of its privilege-access-related attack surface.

Enhanced visibility into activities associated with privileged accounts has helped further fortify the company’s cyber security posture. Anantharaman enthused, “With CyberArk, we have access to a record of all privileged sessions. If a situation ever needs to be investigated, we can use these logs to trace the issue back to the specific keystroke or command that caused the issue. The session recordings and audit logs also have helped at the compliance level by making it easy to demonstrate to regulators the effectiveness of the policies and controls we have in place.”

Widespread Value

A successful change management campaign has encouraged widespread adoption of the CyberArk privileged access solution, with hundreds of employees and partners using the platform daily. The Asian Paints CIO and CISO helped champion the transition and communicate the new security processes to the broader organization. “Any resistance to change quickly subsided once users started working with the solution and recognized the value and convenience that CyberArk delivers,” explained Anantharaman.

As part of its future roadmap, the paint manufacturer also plans to implement CyberArk solutions in its factories and plants to further secure the large number of IoT devices utilized in the environments. Elevating privileged access security across these operational technology (OT) domains will create a peer alignment with the IT infrastructure currently being protected, lowering overall risk and cutting vulnerabilities across the company’s entire global attack surface.

“Prior to implementing CyberArk, If there was a compromise, we had no efficient way of tracing what occurred or knowing what needed to be done to remediate the situation. CyberArk Privileged Access Manager fits well into our environment: It has become a very fluid addition to our security stack and an integral part of our core cyber security processes.”

-Pranesh Anantharaman, Manager of Information Security, Asian Paints Limited

Key benefits

  • Fortified overall protection of critical company systems and data
  • Hardened attack surface by reducing privileged accounts by over 75%
  • Enhanced security and business continuity with multi-tier vault architecture
  • Improved incident resolution relating to privileged user activities
  • Streamlined regulatory compliance efforts with detailed audit logs

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey