CyberArk PAM Roundtable. PHOTO: Cybercrime Magazine.

CyberArk: A Privileged Discussion With Bed, Bath & Beyond’s CISO

How to secure the keys to the IT kingdom

Steven T. Kroll

Northport, N.Y. – Jul. 11, 2019

Privileged access management (PAM) is all about securing the keys to the IT kingdom, according to Udi Mokady, founder and CEO of CyberArk — the market leading provider of Privileged Access Security.

CyberArk is a recognized leader for two reasons — as the pioneer of privileged access management in 1999, and remaining the top trailblazer in the market 20 years later.

“We even coined the terminology and helped educate the world that privileged access is the highest risk area in which the organization or the business of IT runs,” says Mokady.

Since its founding, the company has become a cybersecurity juggernaut with a market cap nearing $5 billion. It works with more than half of the Fortune 500, over a third of the Global 2000, and myriad other clients, organizations and businesses.

Mokady spoke with one of his clients, David Ortiz, chief information security officer at Bed, Bath & Beyond, about PAM, application security and the importance of cooperation.

Because CyberArk was one of the first companies in this area, Paul Caulfield, chief risk officer at Israel Discount Bank and guest host for Cybercrime Magazine, calls Mokady the granddaddy of PAM.

Back in the day, privileged access management covered IT people and other top-level administrators with privileged accounts. The technology allows organizations to develop safeguards within their networks, watch malicious insiders and prevent hackers from causing further damage after breaking into a system.

Now, a major function of PAM is application security because they behave a lot like humans when they’re accessing privileged accounts. This poses new problems due to the fact that most applications are up and running within fractions of a second. “The good news is you can get security right before you roll them out,” says Mokady.

Ortiz agrees with Mokady’s assessment and adds that security is paramount as more third-party systems are coming into play for organizations. CyberArk is innovating in this space and moving the industry forward through its investments in research and new products.

“The CISO, with us and technologies like ours, can adopt new technologies in a secure fashion,” says Mokady. “I think that has become kind of our new constitution: practice security, enable digital transformation.”

Of course, cybersecurity requires collaboration, not competition. It’s a profession, not a job. Companies within the same business vertical share best practices so that they can stay ahead of threats. “We’re the good guys trying to run our businesses,” says Mokady. “We need to work together.” And he sees this happening at many industry conferences.

Ortiz believes that professionals — and the industry itself — grow through information sharing. “We gain a lot of our knowledge just through conversation.” Additionally, one has to stay on top of all the new knowledge circulating within cyberspace, so he encourages training and self-learning for his cybersecurity professionals.

Sadly, information sharing doesn’t just happen between colleagues. Lessons learned from large data breaches — usually through a compromised account — can be the best harbinger of cyber threats.

Ortiz views these events as a time when people start to blend cybersecurity within their personal and professional lives. Those kinds of examples really raise awareness, of course at the board level but also for employees, adds Mokady.

“I’d like to say we’re a student of the history of breaches,” says Ortiz. “We strengthened our position with our own privileged access management implementation.”

This is something that Mokady can agree with. “I’m excited to see that security is perceived to be not a necessary evil but a function that supports the business.”

Steven T. Kroll is a public relations specialist and staff writer at Cybercrime Magazine.

CyberArk Archives

Sponsored by CyberArk

CyberArk is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including more than 50 percent of the Fortune 500, to protect against external attackers and malicious insiders.