TIAA protects investor interests with CyberArk

Fortune 100 uses CyberArk Identity Security solutions to improve productivity and protect the interest of millions of investors

couple planning with advisor

Company profile

TIAA Founded in 1918 by Andrew Carnegie, TIAA is a leading provider of financial services to the academic, research, medical, cultural and governmental sectors. The company serves over 5 million active and retired employees and has $1 trillion in combined assets under management.

  • Annual Revenue: $40.45 billion (2020) $1.3 trillion in assets under management
  • Employees: 16,000


One of the biggest challenges facing people as they progress through life’s stages is how to fund a comfortable retirement. TIAA aims to do just that. Founded over 100 years ago, initially for retired teachers, it now helps over five million people from all walks of life. The not-for-profit organization is a leading provider of financial services including investing, banking, advice and education, and retirement services.

To support customers’ aspirations for a secure retirement and deliver a high-quality service, TIAA has a sophisticated IT infrastructure comprising a hybrid mix of on-premises and cloud-based systems. This infrastructure – including Red Hat OpenShift with Microsoft Azure and Amazon Web Services – is used to develop and host systems and services for customers.

Improving customer service

As it revamps the infrastructure, TIAA is pushing more systems to the cloud. Adam Powers, lead info security engineering manager at TIAA, said, “Digital transformation at TIAA is all about improving customer services and business operations, so we always want to increase the speed of deployment, as well as reduce the cost and overhead of hardware and data center operations.”

Due to the nature and sensitivity of its business activities, security is an essential part of all TIAA operations. The digital strategy prompted the need for an infrastructure upgrade and a scalable, secrets management solution. TIAA also wanted to up-level specific components of its security stack.


The company carried out an extensive evaluation process and CyberArk was chosen for its functionality and value. TIAA wanted secrets management for applications and privilege access management (PAM) for people to coexist on one integrated platform and enable the organization to take a holistic view and approach to securing privileged credentials. Also, other solutions could not secure both the company’s internal and external environments. Powers stated,

“It was stunning: We compared the number of applications and secrets that CyberArk Conjur could concurrently manage against competing solutions, and the difference in cost was utterly compelling.”

-Adam Powers, Lead Info Security Engineering Manager, TIAA

TIAA has deployed a portfolio of solutions comprising CyberArk Conjur Secrets Manager and several additional products: CyberArk Privileged Access Manager, CyberArk Credential Providers, as well as CyberArk Endpoint Privilege Manager. Conjur has been rolled out across two cloud production environments, a disaster recovery system, and a variety of additional on-premises domains. CyberArk provides a single view for auditing and a central location for users to manage and monitor passwords.

Powers noted, “For us, it’s so important to have the secrets management solution – Conjur – handle a complete range of application types, from mission critical systems running on mainframes to the latest containerized applications, for efficient management.”

Delivering exemplary support

TIAA found the successful CyberArk deployment was significantly enhanced with exemplary support from CyberArk Professional Services. TIAA has a dedicated CyberArk technical account manager responsible for managing support tickets. Powers noted, “I have not run across an inquiry that CyberArk has dropped; the company is very good at addressing questions and finding solutions.”

Since implementation, CyberArk has managed more than 100,000 accounts and is protecting over 1,200 applications, a number that grows daily. CyberArk Endpoint Privilege Manager is handling 10,000 systems. In the Red Hat OpenShift development environment alone, CyberArk is protecting dozens of clusters with hundreds of nodes, each spun up every day. Powers stated, “CyberArk has been an integral part of our deployment in OpenShift and the fact that we can pull usernames and passwords right from the very beginning of a project has been a really big plus for us.”


CyberArk helps TIAA increase productivity and minimize application downtime. By supporting dual accounts, it ensures seamless and safe access to applications that are deemed high-load and critical to ongoing operations. The dual account concept assigns two parallel accounts to a user so that one is always active during password changes: competing products invariably inflict a period of unavailability while the password update takes place.

TIAA also is developing an automated one-stop-shop process using Conjur and the ServiceNow cloud-based workflow automation platform to speed up application deployment. Powers said, “Onboarding will be even faster and more accurate because the process is automated and removes human error.”

CyberArk innovation

Another area where CyberArk improves productivity is among application developers. “The fact that we’re rotating passwords and preventing system breaks has been a huge benefit for our development teams. The ability to pull usernames and credentials at the end of development saves them a lot of time,” commented Powers.

CyberArk has enabled TIAA to set up several processes that increase security. Metrics on compliance are fed into a dashboard and sent to the CIO every day to prove applications are being appropriately protected. Also, if an employee requests an ID, they must receive a username and password via CyberArk after sign-off by a manager, eliminating the need for any embedded passwords in the system.

Powers concluded, “CyberArk is very innovative and at the forefront of technology; that’s why Gartner rates CyberArk solutions so highly. The company is constantly developing new tools and plug-ins as well as acquiring companies to build out its portfolio of security offerings, which is really impressive.”

Key benefits

  • Secures mission-critical applications running in hybrid and multi-cloud environments
  • Saves $800K a year compared to other nominally comparable solutions
  • Protects 10,000 endpoints, 1,200 applications, 100,000 accounts
  • Increases productivity, speeds up application deployment.
  • Delivers exemplary implementation and support services
  • Removes passwords embedded in the applications

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey