WWLW Ep. 6: The case of the unmanageable privileged access

‍

What we know 

Jason Trunk is working with a global airline who wants to solve an IT operations challenge. They have about 1,200 IT staff who need occasional access to the administration credentials for critical IT systems. As an airline, 24𝗑7 operations are mission critical so they have robust governance rules to prevent any accidental or malicious misuse. 

What we learned 

The airline was using a privileged access management platform called CyberArk to store and retrieve credentials. Good governance of these credentials is essential and IT staff need to retrieve the right credentials as part of their operations workflow. Working with Jason, they made the Island Enterprise Browser the only way to access CyberArk and improve both usability and governance for IT operations. 

What happened next 

First, they improved the user experience by selectively hiding or showing the credentials within CyberArk based on the particular user’s role or group. Now, when an IT operator logs in through Island they see a condensed list of only the credentials they need. Next, the airline improved IT operations governance by enforcing business rules within the browser. For example, when IT staff login to the Azure portal and create a virtual server, they are only allowed to choose the options that fit the airline’s IT policies. They also have increased visibility for all IT operations so an auditor can easily trace a change through the full cycle.