How Vialto Secured a Global Enterprise with Automated Identity and Access Management

Our team was formed at Vialto Partners following a divestiture. The initial plan was for us to use a number of different products for identity management, Privileged Access Management (PAM), and everything in between. Unfortunately, those other solutions didn’t work that well, nor did they meet all of our requirements. In fact, when we spoke to a team member who had experienced the prior tools firsthand, among other things, they told us they had enough time to go to lunch, bake a full tray of cookies, or even work on taxes before they got connected to the privileged access management system.

That wasn’t what we wanted to hear. We had 9,000 internal identities across 10 cloud regions and 1.3 million customer identities to manage, and we couldn’t afford lengthy wait times — or future issues with scalability and performance.

With this in mind, we started shopping for a solution that offered stronger performance, a better user experience, more efficient audit controls, and greater visibility into our vast user landscape — all from the cloud with global capabilities.

When we found BeyondTrust, we discovered a strong company with numerous identity and access security solutions. These solutions had better capabilities, stronger performance, and faster response time than our existing option. Most importantly, BeyondTrust also offered amazing support to our global team.

What’s more, they are a strong cloud provider, which met our requirement of using a software as a service (SaaS) solution. Looking toward the future, we wanted to be able to contact our provider with our requirements and have everything operating correctly in less than 24 hours without worrying about procuring, paying for, and managing hardware.

BeyondTrust delivered. Within minutes of signing the contract, we were in production. It was a miracle compared to setting up our own infrastructure, and that speed made all the difference. During the Transition Services Agreement (TSA) period of our divestiture, speed and accuracy were two things that we were looking for. BeyondTrust handled everything without breaking a sweat.

We chose a few different tools from BeyondTrust to satisfy our privileged access space:

• Password Safe, a solution for managing privileged accounts / credentials and secrets, for accessing our servers

• Endpoint Privilege Management (EPM), a solution for enforcing least privilege on endpoints and applying application control, to make sure that individuals have no more access than necessary to do their work

• Active Directory (AD) Bridge, a solution for extending AD capabilities to non-Windows systems, to manage our Linux servers

• Remote Support, a solution to supercharge service desk security and productivity, so our end-user computing folks and support teams can securely connect into devices and provide application support as required

Combined, these BeyondTrust solutions gave us what we needed to simplify and secure our environment. It used to take up to ~30 minutes to connect to servers, and now, it takes just a few seconds.

One of the biggest improvements was our audit readiness. The audit process can vary depending on the auditor, and while the team rarely knows what questions the auditor will ask, a couple of points always arise:

• Confirming that there is Role-Based Access used just for privileged access

• Checking for a “before, during, and after” evidence chain of the changes made within the privileged environment

With the previous privilege access management systems, those audits were not always easy to answer. There wasn’t complete visibility, which made providing evidence of compliance a challenge. There were always workarounds and exceptions to potentially skirt the system controls.

Luckily, BeyondTrust Password Safe makes demonstrating those elements easy. We can see server connection attempts and everything involved in the individual sessions. There is no way to bypass or circumvent those controls, and no way for an auditor to poke a hole in it. With Password Safe, everything is logged and recorded, so it’s easy to go in, retrieve what you need, and prepare for an audit in almost no time at all.

In one instance, we got on a conference call with an auditor and did a quick screen share. It was like the proverbial picture painting a thousand words. The auditor saw the system in action, which made the process a breeze.

Another big advantage of using BeyondTrust has been our involvement with the German TISAX certification. The auditors involved tell companies upfront: “You will not pass the first attempt.” The expectation is to get a provisional entry, with a list of things to improve before becoming fully certified.

Vialto Partners was just getting off the ground when we applied for certification. Still, when we demonstrated our capabilities in Password Safe — how we monitor and control server access and how we manage privilege access — the auditor specifically asked about the solutions we use so they could use that as the model for other companies going forward.

We were the first company to achieve TISAX certification on our first attempt. Our controls were so solid that we passed the certification on the first try, something that was previously unheard of for other companies. That felt pretty damn good.

We operate a 100% cloud environment, and using AD Bridge means we can centrally manage our Linux servers alongside the Windows servers. This unified management gives us better visibility and control over privileged access across our entire server infrastructure, which is important for security and compliance.

Even though we’ve gained much more control over our environment, we still need to empower our team members to be self-sufficient. Our tax professionals provide a good example. We have a plethora of tax professionals working everywhere we operate, and they have their preferred tax tools. Once the user completes an SDLC approval process, BeyondTrust Endpoint Privilege Management (EPM) allows the team to securely elevate privileges on a just-in-time basis so they can download/upload the software they need to serve clients, without waiting on IT.

At the same time, BeyondTrust ensures that access remains tightly controlled. EPM automatically blocks unauthorized installation attempts and routes legitimate requests through an approval workflow. This lets us validate business need before granting admin rights, and we deny 90% of those requests, helping us prevent unnecessary software installations while maintaining productivity and compliance.

Whenever users need help and can’t self-serve, we turn to Remote Support. Once the user supplies our help desk team member with the token from Endpoint Privilege Management, support staff can log into their desktop and install a specific software or application, or resolve an issue. It’s just another way we keep our colleagues up and running worldwide.

We started the partnership with BeyondTrust at a potentially chaotic time, but BeyondTrust allowed us to continue operations without worrying about security. The constant updates, vulnerability management, hardware and performance issues — we don’t worry about any of that anymore. BeyondTrust takes care of it all, leaving us free to ensure our customers can access the privileged assets they need.

Just as importantly, BeyondTrust shares our values. We believe in service excellence, global mobility, and industry innovation for the good of our clients. We were lucky enough to partner with an organization with the same core beliefs, and, as a result, can work stronger together to make these beliefs a reality.