CyberArk > Case Studies > National Gypsum Relies on CyberArk for Improved Security and Compliance

National Gypsum Relies on CyberArk for Improved Security and Compliance

CyberArk Logo
Company Size
1,000+
Region
  • America
Country
  • United States
Product
  • CyberArk Privileged Access Security Solution
  • CyberArk Application Access Manager
  • Enterprise Password Vault®
Tech Stack
  • Active Directory
  • Opalis
  • SQL Server
  • SAP
Implementation Scale
  • Enterprise-wide Deployment
Impact Metrics
  • Cost Savings
  • Customer Satisfaction
  • Digital Expertise
  • Productivity Improvements
Technology Category
  • Cybersecurity & Privacy - Identity & Authentication Management
  • Cybersecurity & Privacy - Security Compliance
  • Functional Applications - Enterprise Resource Planning Systems (ERP)
Applicable Industries
  • Construction & Infrastructure
Applicable Functions
  • Business Operation
  • Quality Assurance
Services
  • Cybersecurity Services
  • Software Design & Engineering Services
  • System Integration
About The Customer
National Gypsum Company is a leading manufacturer of building products, including gypsum wallboard and cement board. Headquartered in Charlotte, North Carolina, the company operates 43 facilities across North America and employs over 1,900 people. As one of the world's top producers of gypsum board, National Gypsum is a fully integrated manufacturer, providing a range of construction materials. The company faced significant security and compliance challenges, particularly in managing privileged accounts, which led them to seek a robust solution to enhance their security posture and meet compliance requirements.
The Challenge
National Gypsum faced significant security and compliance challenges due to the lack of management and monitoring of privileged accounts. The company used a single 'domain admin' level account across all applications and servers, with poorly documented and infrequently changed passwords. This created substantial database vulnerabilities and compliance weaknesses. The CFO and controller demanded that IT pass audits related to access control, but the existing setup posed a high risk of security breaches. Recovery from a serious security compromise could be devastating, as changing compromised account passwords would break the systems where they were embedded.
The Solution
National Gypsum implemented the CyberArk Privileged Access Security Solution to manage nearly 2,000 passwords, ensuring they are automatically updated, changed at regular intervals, and fully auditable. The solution integrated with Active Directory to streamline role management and improve operational efficiency. Additionally, the company set up new Active Directory accounts for different roles and environments, adopting a least privilege strategy to grant access only as needed. The CyberArk Application Access Manager was integrated with Opalis, a process automation system, to remove hard-coded passwords from automation tasks and ensure business continuity even during network outages. This comprehensive approach significantly improved security and compliance, allowing National Gypsum to pass audits and enhance overall operational efficiency.
Operational Impact
  • Rapid time-to-value with the CyberArk solution.
  • Improved workforce efficiencies through better access control.
  • Application passwords are now generated for all new projects, enhancing security.
  • Developers can manage Dev-QA environments through self-service, reducing IT workload.
  • Regular password changes and auditable 'firefighter accounts' ensure secure production access.
Quantitative Benefit
  • Successfully passed a privileged and production account management audit for the first time.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.