Holiday Tour Operator
One of the leading holiday tour operators fortifies privileged access control with ARCON PAM
Information systems managed bytravel and tour operators are a treasure-trove of critical information. Passport and credit card details of tourists amongst many other forms of confidential information related to tens of millions (or even billions) of patrons are stored for operational purpose.
As this vital information is stored in a host of servers, files and applications, tour operators recurrently face data breach threats.
Such high risk operations necessitate a robust information security system to be in place in order to thwart any attempt from malicious actors.
Our client is one of the most prominent and oldest travel operators. To safeguard critical information on its networks, the client wanted to ensure all privileged access sessions were monitored. It required ahighly-advanced tool that would help in building a comprehensive security framework.
More than 500 unique IPs with 2-3 privilege IDs on each server. More than 300 users.
Accepting credit payment requires a very robust security around critical information. The Payment Card Industry Security Standard (PCI DSS) clearly defines the framework for data security. ARCON PAM solution allowed our client to become PCI compliant.
The client engaged with multiple vendors on project basis to manage critical operational tasks. Privileged accounts were shared with vendors. However, vendors had uncontrolled and unmonitored access to servers. There were certain instances where an incident had happened and the Forensic Team was unable to find the root cause.Therefore, secure third-party access was the biggest concern faced by our client.
Further, the tour operator managed four Data Center environments located in four different cities spread across 3 continents. ADMINs used VPN to connect to Local Data Centers, but had unsecured access to servers.
ARCON’s enterprise-class suite enabled the client to overcome these challenges in a seamless manner. Our product’s unique range of functionalities also enabled our client to comply with regulatory and audit requirements.
That our client had four different Data center environments had no impact during the implementation process. ARCON server was installed at the client’s central Data Center whilst other three Data Centers were integrated in one Setup.
Everyprivileged account in the client’s networknow had a secure access as ARCON PAM integrated at all layers of the IT infrastructure whilst the solution provided Audit Trails for each session. All end-users (Admins and Vendors) had restricted access to all devices in Data Center. Access was monitored. The solution enabled the client to control all privileged sessions as every end-user located at all locations around the globe had access to any Device through ARCON Server.
Likewise, all Third-party access was now regulated, monitored, and controlled after the deployment of ARCON Privileged Access Management (PAM) Suite.
Additional Value Adds:
Our client had limited bandwidth and wanted to accumulate Video Logs on a Local server and then move them to a Central Location (Where ARCON server was installed). We installed a staging server at each location to suit our client’s environment. A staging Server at each location enabled the client to accumulate logs during Production Hours. During off Production Hours, Logs were transferred automatically to the Central Location. This architecture helped in significant reduction of network bandwidth utilization thus ensuring there was no impact on productivity during production hours.
ARCON is a leading Information Security solutions company specializing in Privileged Access Management (PAM) / Privileged Identity Management (PIM) and Continuous Risk Assessment solutions. With its roots strongly entrenched in identifying business risks across industries, it is in a unique position to comprehend and identify inherent security gaps in an organizations infrastructure framework and build and deploy innovative solutions/products to significantly mitigate potential risks.