One of the first steps was to make significant improvements in routine production systems access controls. In doing so, one of National Gypsum’s goals was to make it easier to be secure, but more painful when users tried to do things they shouldn’t. As part of National Gypsum’s new security model, the team created more Active Directory accounts to accommodate roles in development, QA and production environments. They also set up new accounts for SYS and “firefighter” roles, instituting a least privilege strategy where users would be granted access ondemand only to the systems needed to perform a particular task, in a documented way. The manufacturer implemented the CyberArk Privileged Access Security Solution, leveraging its Enterprise Password Vault® to better manage nearly 2,000 passwords, making sure they are automatically updated, changed at regular intervals and fully auditable. The National Gypsum security team is now in charge of all the production accounts and can track who requested access to a system, and what was done once access was granted. Through its integration with Active Directory, the CyberArk solution alleviates the need for dual management and maintenance of roles, overall improving operational efficiency. National Gypsum also integrated the CyberArk Application Access Manager™ solution with Opalis, a process automation system. Opalis is responsible for performing numerous IT automation tasks across the manufacturer’s servers and applications. Integrating with Application Access Manager allowed National Gypsum to remove sensitive (domain/server admin level) hard-coded passwords from the Opalis jobs and benefit from secure caching capabilities to ensure business continuity even in the case of a network outage. Typically, employees are given a level of privilege that they can either apply incorrectly and do some damage to the privileged system to which they have been given elevated rights, or gain access to confidential information. Brannon says, “We have taken care at National Gypsum to ensure that people only have the level of access that is needed. This prevents users from unwittingly bringing down production systems because they have access to data and/or processes outside of their routine needs. We deny by default, then allow based on needs, granted by approval.” Working with CyberArk also helped fuel new business initiatives, such as National Gypsum’s SAP deployment, “which presented an opportunity to do things the right way,” said Brannon. For example, National Gypsum leveraged its SAP deployment in an external data center to set up stronger system controls and appropriate levels of access. According to Brannon, some internal people said that approach would not work at the company, and that National Gypsum did not have the staff.

Description is not ready yet

Description is not ready yet