As Australia’s leading mid-market managed services provider (MSP), blueAPACHE provides services that require both trusted network connectivity and privileged access to and from customer systems. To strengthen its security posture the company utilizes the diverse capabilities of the CyberArk Identity Security Platform to protect its business and offer enterprise-level Identity Security controls as a managed service to its customers.
Company profile
blueAPACHE is a leading managed services provider that offers IT management, IT strategy and converged IT services to clients across Australia, UK, Asia and North America. Since 1998, blueAPACHE has been revolutionizing the way organizations access technology and communications by providing affordable solutions that offer true scalability, elasticity and agility. The company is headquartered in Melbourne, Australia, with additional locations in Sydney and Brisbane.
Employees: 280
Challenges
With the increasingly sophisticated and severe rise in cyberattacks in the last year, it has become even more crucial for Managed Service Providers (MSPs) to prioritize their security measures and strengthen their security position. Trusted by their enterprise clients, MSPs are given access to their systems and applications – and in turn sensitive resources such as customer data. These relationships put MSPs at the frontline and they play a decisive role in defending their client’s digital landscape and critical infrastructure. Of particular importance is protecting and properly identifying identities, which is becoming the standard route for threat actors to initiate and spread attacks by leveraging compromised or fake identities. One of the leading players addressing these challenges in Australia is blueAPACHE. The company has held the prestigious ARN ‘‘Partner Innovation – Mid-Market” title for a record-breaking four consecutive years since 2019, was recently named as a top MSP in Australia by Cloudtango (the world’s largest MSP directory) and is ranked in the Channel Futures MSP 501 Rankings.
Because of the ever-changing cybersecurity threat landscape, General Manager of Technology at blueAPACHE, Michael Zuppa, knows the company needs to be “at the top of its game” when it comes to cybersecurity, reputation and marketability. Additionally, the company recognizes the critical importance of constantly strengthening its security posture, securing its client’s data, and aligning to increasing government standards.
To better protect its identities from being compromised, blueAPACHE started to uplift identity security by implementing Privileged Access Management (PAM). Previously, blueAPACHE was using password vaulting solutions that did not have automated password rotation or session recording capabilities. This made it challenging to uphold robust enforcement of identity and roles, particularly during onboarding and offboarding processes. “Identity security is extremely challenging for MSPs that have hundreds of employees providing services to customers,” explained Zuppa. “To create hundreds of identities in each customer is a risk because we are only as strong as our onboarding and offboarding process. And since we work with a very dynamic workforce, credentials could be left behind within a customer directory when someone leaves the business.”
In addition to privileged access, blueAPACHE wanted to improve protection for all of its staff by applying better workforce access controls. For instance, by implementing PAM, the company is better protecting internal staff access to the customer environment in addition to how staff action approved changes through recorded sessions.
Aware of the growing challenges and the company’s responsibility to customers, blueAPACHE wanted a leading identity security solution that strengthened its security position, aligned with government regulations and set them up for future enhancements as the needs arises. The company did a comprehensive review of potential solution providers. “As a market leader in privileged access management with a premium product set, the CyberArk Identity Security Platform was clearly able to meet all, and more, of our complex requirements,” said Zuppa. “But it was CyberArk’s strategy for securing all identities that really resonated with us because now we can extend privileged controls to IT users, workforce access, endpoints and non-human identities as well.”
blueAPACHE also expanded on CyberArk’s focus on managed service providers to partner with CyberArk and make sophisticated, enterprise-class security solutions accessible to mid-market organizations.
Solutions
blueAPACHE has implemented numerous capabilities of the CyberArk Identity Security Platform to protect its business and offer managed services.
Because of the complexity of its multi-tenanted environment, blueAPACHE used the CyberArk Jump Start Service Package and CyberArk Strategic Consulting Services to ensure the solution was implemented in the most effective way. This made it easy and fast for blueAPACHE to launch its identity security program. The platform is deployed across the company’s emPOWER ITaaS offerings “emPOWER Cloud, emPOWER Connectivity, emPOWER Collaboration, emPOWER Managed Services as well as protecting its own internal IT operations. Internally, there are over 200 users in CyberArk Privilege Cloud, over 250 users in CyberArk Workforce Identity and hundreds in CyberArk Vendor PAM. CyberArk now manages all customer support and administration access. The next phase of the program is looking at increasing additional security controls by implementing Credential Providers (CP/CCP) & CyberArk Conjur Secrets Manager Enterprise.
CyberArk Workforce Identity provides blueAPACHE’s workforce simple, secure access to cloud, mobile and legacy apps with Single Sign-On (SSO), Adaptive Multi-factor Authentication (MFA) and Workforce Password Management.
blueAPACHE has also deployed CyberArk Workforce Password Management solution to simplify access to business apps that do not support SSO standards and require individual usernames and passwords. With CyberArk Workforce Password Management users can seamlessly access these apps in the same way as SSO applications. However, on the back end, their business app credentials are vaulted, encrypted and centrally managed by CyberArk.
Moreover, blueAPACHE has leveraged CyberArk Vendor PAM to enable passwordless, VPN-less and agent-less access to remote users with privileged access. blueAPACHE’s remote users easily authenticate with biometric Adaptive MFA and are provided just-in-time access to applications and systems secured by CyberArk Privilege Cloud with session isolation and monitoring.
By using the CyberArk Identity Security Platform to centralize password rotation and remove password ownership from individual users, blueAPACHE has regained control of credentials and removed credential re-use. This applies to both the hundreds of credentials blueAPACHE controls for internal operations and for staff supporting customers. “We can easily show customers audited records of automatically rotated passwords used to manage their services and share session recordings,” elaborated Zuppa. “If an employee leaves blueAPACHE tomorrow, they would have no idea of passwords or credentials used to access customer services.”
As blueAPACHE deployed CyberArk, it simultaneously became a CyberArk MSP partner offering the CyberArk Identity Security Platform solutions to customers. For large businesses, blueAPACHE sets up and manages dedicated CyberArk tenants. For smaller organizations, there is a multi-tenanted platform giving customers a cybersecurity solution they could not otherwise achieve.
blueAPACHE customers enjoy a trusted and reliable managed service provider supporting their Identity Security needs. From provisioning and deprovisioning IT and workforce users, onboarding critical infrastructure and business apps into their CyberArk Privilege Cloud or CyberArk Workforce Identity instances managed by blueAPACHE, to configuring fast and secure remote privileged access leveraging the capabilities of CyberArk Vendor PAM.
Results
CyberArk has made a significant difference to blueAPACHE security operations. “CyberArk provides a very consistent, predictable approach to managing highly sensitive credentials,” noted Zuppa. “And the automation it provides means that we can deliver that level of security at scale. This has made blueAPACHE a safer and more efficient organization.”
Zuppa mentioned that because of the level of credential control, automation, and protection it has reached with CyberArk, there is a ten-fold efficiency increase. He estimated that to do the same without CyberArk could require four-times more staff.
One of the efficiency gains is time spent managing incidents. “There is a time savings when it comes to incident response,” noted Zuppa. “In multi-tenanted environments, incident logs are scattered everywhere. But with CyberArk, everything is in one place and one source of data makes our job much easier and faster.”
Furthermore, is the impact CyberArk has on blueAPACHE as an MSP. “CyberArk helps blueAPACHE build credibility and strengthens our value proposition to organizations that trust us to manage their environments,” added Zuppa. “We aim to partner with enterprise-level technology leaders and pride ourselves on offering best of breed solutions. CyberArk gives us a level of differentiation, especially in the mid-market, because there are not many companies like blueAPACHE offering CyberArk services and solutions.”
Achieving a successful CyberArk implementation was essential to blueAPACHE as an MSP. “We want to capitalize on the learning and IP we generate through taking our own advanced cybersecurity approach, based on CyberArk,” divulged Zuppa. “We want to remove the complexity and allow customers to consume the CyberArk Identity Security Platform as a Service, making an enterprise-layer technology accessible to mid-market customers.”
blueAPACHE is continuously investing in cybersecurity defense across detection and response, protective measures, segmentation and Zero Trust, as well as Identity Security.
“Certainly, from an identity perspective, we feel more confident and can sleep better at night knowing that we have the CyberArk Identity Security Platform controlling, rotating and protecting our identities, and allowing us to offer and streamline this enterprise-level of protection to our customers. blueAPACHE has a small number of vendor partners that are critical to the way we support and deliver services to our customers. CyberArk is one of those strategic partners.”
–Michael Zuppa, General Manager of Technology, blueAPACHE
Key benefits
- Builds credibility and strengthens value proposition as an MSP
- Increases defense against supply-chain attacks
- Makes enterprise-level security solutions accessible to mid-market businesses
- Delivers a 10-fold increase in operational efficiency
- Avoids having to invest in four-times more staff
- Makes credentials easier to manage and control