Background & Challenge

Challenge

They newly built the data center and needed to pass the HKMA audit requirement within 6 months.

• Scaling and Cost Issues with CyberArk: The IT team was deploying applications for a newly independent data center and initially used CyberArk. However, they found that CyberArk's costs were too high for large-scale sizing, and its low efficiency could not meet the daily demands of a massive application team consisting of 450 to 500+ users.

• Manual Management Bottlenecks: Every server had default accounts (like root/rootbrg/rootbak), but the security team did not have the time to manually collect and upload all other OS and database accounts.

• Database Blind Spots: Management lacked visibility into what application operators and developers were doing, specifically regarding the SQL statements being executed within databases like Oracle and MySQL.

• Strict Compliance Requirements: Independent auditors mandated that the bank must follow stringent Hong Kong Monetary Authority (HKMA) regulatory requirements, even during the initial building stage

Solution

• Seamless Migration & Discovery: The team transitioned their existing CyberArk data to RankEZ. RankEZ implemented automated discovery for unmanaged application accounts at the OS and DB levels, allowing for batch management.

• Comprehensive One-Stop Management: RankEZ provided a unified platform to manage all operating systems, databases, network devices, and security devices.

• Advanced Auditing: RankEZ enforced DB SQL command auditing and control for all developers to ensure full visibility into database operations.

• Automated Policy Framework: RankEZ fully automated the initialization of all security policies and access controls based on the business application (appCode), significantly reducing manual labor.

• Custom Plugin & CAPTCHA Support: RankEZ developed over 50 custom plugins for global and local vendors, and utilized OCR technology to support CAPTCHA auto-fill during logins.

Benefit

• Rapid Deployment: RankEZ successfully helped onboard over 4,000 devices and 900 policies within just 2 weeks.

• Regulatory Success: The implementation enabled the bank to successfully pass the Hong Kong Monetary Authority (HKMA) CRAF compliance test.

• High Automation & Low Cost: The solution proved to be highly automated and convenient to use, drastically lowering the daily operational costs compared to their previous setup.

• Enhanced Visibility: RankEZ provided custom dashboards that delivered powerful analysis and visual statistics of operating statuses for the management team

Quote

"We initially deployed CyberArk for our new data center, but as we scaled to over 500 users, it quickly became apparent that CyberArk does not have a good user experience for our large application teams. Furthermore, the customization fees for their PSM/CPM plugins were simply too high to justify. Switching to RankEZ was the best decision we made. RankEZ not only delivered a highly automated, seamless user experience that our teams love, but they also easily handled our custom requirements—developing over 50 plugins for our diverse devices without the exorbitant fees. It significantly lowered our operational costs while helping us effortlessly pass our HKMA compliance audits."