1. Challenge
A mid-sized financial institution with over 120 internal users and numerous external developers needed to secure access across internal systems and third-party services. With no centralized credential tool in place, employees relied on insecure storage like Notepad, browsers, and email to manage login information. With increased scrutiny from internal audits and board oversight, the organization sought a solution to:
- Eliminate insecure credential practices
- Protect critical infrastructure (databases, internal apps, SSH, RDP)
- Control third-party access lifecycle and prevent delayed revocation of contractor access
- Ensure compliance and audit traceability across all applications
- Address growing compliance concerns from the board about credential governance, password expiration and enforcement policies
2. Pre-MyCena®
Before adopting MyCena®, the cooperative struggled with widespread vulnerabilities:
- Passwords were stored in browsers, emails, Notepad files, and even printed documents
- Developers received credentials manually and stored them locally
- Access to internal systems (RDP, SSH, database portals) had no expiration or revocation process
- No audit trail or control over how credentials were used or shared
- Internal audits repeatedly flagged risks around credential storage (server passwords stored locally)
- Critical credentials remained active even after third-party contracts ended
3. Post-MyCena®
After implementing MyCena®, the financial institution centralized and secured all credential access across internal and third-party environments—without disrupting user workflows.
Key features included:
- Segmented, encrypted credentials securely distributed per user
- Zero password visibility for internal users and third parties, eliminating human error and insider risk
- Credential auto-fill for web apps, SSH, RDP, HTTPS, APIs, and internal tools—no typing required
“Today, MyCena is mandatory. Every new employee or contractor receives access through it from day one. We’ve eliminated Notepad risks, stopped password sharing, and tightened control across all users—internal and third-parties.”
— Head of IT Security
4. Business Impact
| KPI |
Before MyCena® |
After MyCena® |
| Credential visibility |
Uncontrolled (notes, email) |
Fully encrypted and segmented |
| Credential revocation |
Manual and slow |
Instant via centralized console |
| Developer access control |
Unmonitored |
Controlled and expirable |
| Password reset volume |
Frequent |
Significantly reduced |
| Audit and compliance |
At risk |
Aligned with GRC and board standards |
| Credential misuse |
Daily |
Eliminated |
| Third-party access governance |
Fragmented |
Fully governed |
| Penetration test outcomes |
Credentials exposed |
Risks mitigated |
WHY IT MATTERS
By replacing user-managed credentials with encrypted, policy-controlled access, the cooperative transformed security and compliance. With minimal internal resources, they:
- Prevented internal and external credential leaks
- Streamlined third-party onboarding and offboarding
- Ensured credential integrity at every access point
- Empowered a small IT security team to control and audit access at scale
- Enhanced compliance and readiness for board-level scrutiny