The British company behind Coca-Cola, one of the most recognisable brands on the planet, has launched a program also to be the world’s most digitised bottler.
To fulfil its global aspiration, Coca-Cola Europacific Partners (CCEP), the largest bottler and distributor for Coca-Cola and associated beverages in Europe and the Asia-Pacific, has launched MyCCA.com to manage retailer partnerships.
Although digitisation lifts efficiency and enhances customer engagement, its challenges include the growing risk of cyberattacks.
This led the company’s Australian, Pacific and Indonesian operation (CCEP API) to create a three-year roadmap to develop and implement enhanced cybersecurity. A key element was to improve existing privileged access management processes and gain heightened oversight and control over the use of elevated credentials.
Mukesh Kapadia, CCEP global deputy chief information security officer, said privileged access management was key for “any organisation wanting to protect systems and data”.
“We needed to make sure we could implement enhanced control over access requests and provision them in a ‘just-in-time’ manner to reduce opportunities for abuse. The plan focuses on mitigating the risk of both unintentional and malicious harm,” said Kapadia.
Reinforcing compliance to standards such as PCI DSS (Payment Card Industry Data Security Standard) and adherence to the NIST (National Institute of Standards and Technology) framework were also important drivers for change.
To select the optimal privileged access management solution, CCEP API consulted stakeholders to ensure cross-business alignment and streamline adoption of the new solution.
Following a competitive review, CCEP API rolled out CyberArk Privileged Access Manager Self-Hosted – a hybrid, on-premises and cloud solution for cloud services such as Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform. An important feature was how CyberArk tightly integrated with complementary security tools (CCEP API had SailPoint and Qualys) that enabled developers to seamlessly protect their infrastructure across attack vectors.
CyberArk supported CCEP API as it managed the implementation to ensure the project followed best practice guidelines defined by the CyberArk Blueprint methodology. CyberArk auto-discovery DNA scans supported the deployment and, despite being at the peak of the COVID-19 pandemic lockdown, protection was quickly rolled out to several hundred admin accounts and almost 1000 local admin accounts in the CCEP API region.
CyberArk has enabled CCEP API to build a solution that delivered a 360-degree view of privileged access activities and, more importantly, created a robust defence against attack.
“One measure of the effectiveness of CyberArk is that we now know how every privileged account is being used and there has been a dramatic drop in the opportunity for someone to inflict damage to our environment,” said Kapadia.
“Previously, privileged access was done on a best-efforts basis with manual review and relied on trust. Now it is based on facts. We know if someone wants to make a change and the ensuing control process is strictly governed by a disciplined set of rules.”
CCEP API previously had a decentralised infrastructure where people in different countries had the same level of access. CyberArk limited the number of users with privileged access and enforces consistent provisioning, making processes more repeatable and predictable – in keeping with group practice and policy. Having better control and visibility that ensures adherence to standards such as PCI DSS improves audit performance and speeds tracking of items such as ticket references, documents and procedures.
Andy Chambers, CCEP API information security architect, said the simplicity of CyberArk and its intuitive interface empowers the bottler to “action projects on our own and address risk very quickly”.
“The support and online documentation make it really easy to be self-sufficient,” said Chambers.
Kapadia added that CyberArk plugged gaps and inconsistencies in CCEP API’s approval process: “We now have a common way of provisioning privileged access”.
“That is a very important step forward because not only is it more secure, but it drives efficiencies. It’s much less of a burden and far more flexible because we don’t have to reach out to ten different people to hear how each of them performs their process,” he said.
Having witnessed what CCEP API achieved, other CCEP business units are anxious to replicate the successes in their own environments. Over the next year or so, Kapadia and his team will lead the expanded CyberArk implementation across the whole group.