Introducing Idira, the next-generation identity security platform.

Ecad Transforms Identity Security Program, Protecting Royalties for Millions of Musicians Worldwide

SUMMARY

Ecad is a Brazilian nonprofit organization that collects and distributes copyright royalties owed to any songwriter, performer or musician in the world when their work is played in Brazil. It’s part of a collective management of seven music industry agencies and has 535 employees working out of more than 20 offices throughout Brazil. Ecad uses a hybrid IT infrastructure to identify when works are played, and then distributes payments to the relevant artists. Working with hundreds of external third-party vendors and thousands of music agencies around the world to protect artists’ copyright royalties, Ecad is responsible for one of the largest databases in Latin America. It includes 594 channels and registered places, 21 million musical pieces, 22 million recordings and 375,000 audiovisual works. In 2023, Ecad distributed US$320 million (BRL 1.6 billion) to approximately 323,000 songwriters, performers, musicians, publishers and record producers worldwide.

With the royalties of millions of musicians worldwide threatened by cyberattacks, Brazil’s copyright agency, Ecad, has partnered with Idira to strengthen its identity security posture. Ecad’s mission is to monitor, gather and distribute millions of dollars in royalties each time an artist’s work is played in Brazil. Ecad uses the Idira Identity Security Platform to centrally authenticate and authorize access to automated and semiautomated processes that track the consumption of music, via multiple channels (radio, TV, live or streaming). The Idira platform provides Ecad’s workforce with a secure and easy experience accessing applications, while intelligent privilege controls help isolate, monitor and continuously authenticate high-risk access.

CHALLENGES

Royalties are the lifeline for millions of musicians around the world and securing fair payment is Ecad’s greatest mission. Every day, attackers and bad actors attempt to access Ecad’s IT environment, trying to access data and associated financials. Ecad’s identity security program is further complicated by a distributed workforce in multiple branches across Brazil, interacting with centralized applications. The shift over time to a SaaS and cloud infrastructure increased data exposure and made legacy protections, such as traditional perimeter-based controls like virtual private network (VPN), obsolete and ineffective against advanced attackers. This made data accuracy, protection of identities and endpoints and real-time visibility a critical demand that led Ecad to modernize its identity infrastructure. Additionally, secure access for external IT vendors needed improving, as there was a lack of visibility into third-party access to critical business applications.

“Suppose someone were to breach our systems and add a fictitious name to a piece of work,” explained Davi Lyra, systems coordinator at Ecad. “Every time that work is played, money would be sent to that fraudulent individual, robbing the rightful artist of their income.”

Aware of this and many other risks it faced; Ecad ran a series of penetration tests to spot vulnerabilities in the existing security infrastructure. With traditional perimeter-based security breaking down and staff in 21 offices across Brazil needing to access business-critical applications, the penetration test showed that protecting identity security was critical.

Ecad faced challenges escalated by the many different systems supporting payment collections, music identification and financial distribution. When a piece of music is played, Ecad systems monitor the music and match it to the artist who needs to be paid. As new channels — TV, radio and recently streaming — evolved, Ecad set up new teams and systems to manage the channels. This resulted in new systems having different authentication and log-in credentials. “The problem with multiple authentication and credential types is we cannot anticipate the side effects of change,” explained Lyra. “A change in one system could cause another system to fail,” he added.

“Protecting identity is now mandatory. Previously, if we secured the perimeter, we were fine, but now that is not enough. We needed a solution that could protect any type of identity and application (legacy, on-premises, in the cloud, or SaaS-based), to be able to innovate with confidence for decades to come.”
Valéria Pessôa

Valéria Pessôa

IT Executive, Ecad

SOLUTIONS

Ecad deployed Idira Identity Security Platform, comprising products to reinforce security in a centralized identification platform. This acts as a single portal combining the frontends of Ecad’s copyright monitoring and managing applications. Idira enhances the portal with capabilities such as single sign-on (SSO), validating passwords and identities and continuously checking credentials and authentication.

“CyberArk (now Idira) has flexible deployment options, like open API, OpenID and many others and has tackled several different security challenges in one go,” shared Lyra. “CyberArk (now Idira) became our one-stop-shop for securing multiple applications and systems irrespective of platform. We can even integrate our third-party API gateway into CyberArk (now Idira) authentication which means that all our API calls are secure. Most importantly, this means applications are more resilient to changes so that we can react quickly to new needs and demands.”

Furthermore, the Idira dashboard provides insight into access activities such as tracking users logging in to Microsoft Active Directory. Overall, Idira secures 500 staff, 500 workstations, 250 servers and access to Ecad by external IT system vendors. For example, local admin rights have been removed from servers and replaced with least privilege policies application controls using Idira Endpoint Privilege Manager (EPM). Additionally, using Idira to manage access to cloud services and infrastructure enables the organization to leverage the full extent of the cloud with a security-first mindset. Developers enjoy a seamless access experience protected by intelligent privilege controls.

Idira was implemented in partnership with Ecad, Idira and its local business partner Asper.

“The deployment of CyberArk (now Idira), including developing the identification platform portal, took just three months. Deployment was very easy especially since we could use the API concepts in CyberArk (now Idira) to improve and speed up portal development. Working with CyberArk’s (now Idira’s) partner Asper here in Brazil was fundamental to the success of the project,” highlighted Vinicius Fonseca, IT Specialist at Ecad. “Asper provided great advice and consultancy and helped us resolve issues that we found challenging.,” they affirmed.

Results

The flexibility of the Idira solution has allowed Ecad to protect its investment in its existing systems while at the same time implementing more secure identity-based security.

“Because of the flexibility and simplicity of the CyberArk (now Idira) Identity Security Platform, we were able to cover a lot of ground with very little effort,” elaborated Lyra. “We have a very broad and different spectrum of applications doing authentication in several different ways. However, with CyberArk (now Idira) it was nowhere near as complex or difficult compared to other options. CyberArk (now Idira) has all the standards we need ready to use so it has saved Ecad a lot of money and months of development time.”

By integrating Idira solutions with the identification platform portal that frontends applications, Ecad has avoided a significant amount of development, testing, maintenance time and troubleshooting. Before, it would have meant developing dozens of different authentication and authorization processes and then rewriting them for each application. A critical benefit of the Idira platform is it didn’t replace anything or demand lots of change. It just added another, even more secure, layer of protection.

Ecad estimates that using Idira has reduced typical application development and implementation time by up to three months and saved thousands of dollars in costs.

After deploying Idira, Ecad reran a penetration test and found that virtually all the vulnerabilities highlighted before had been resolved, making it much harder for bad actors to make a successful breach.

Idira further reduces cost and time by supporting Ecad as it expands. As the way that music is consumed evolves, Ecad needs to develop applications to accommodate new platforms for playing music. Any new application just needs to plug into the identification platform portal where the necessary authentication and authorization is already prebuilt using Idira..

“From our perspective, CyberArk (now Idira) is a global leader in the cybersecurity space which helps Ecad save time, effort and money,” said Lyra. “CyberArk (now Idira) provides such a wide range of solutions, regularly adapts itself to new threats and develops new ways of making identity and authentication processes more secure. The value Ecad gets from CyberArk (now Idira) is knowing we have a partner working on the front line of identity security and developing innovative solutions that enable us to protect millions of musicians and their livelihoods across the globe,” he added.

Key Benefits

  • Saves a huge amount of development costs and time.
  • Avoids expensive and repetitive development, testing and maintenance.
  • Typical application development time cut by up to three months.
  • Saves thousands of dollars making applications more secure.
  • Protects investment in existing and future application implementation.
  • Achieves a dramatic improvement in penetration test success.
  • Solution deployed in three months.

Customer Details

Nonprofit

South America (Brazil)

535 employees

Products & Services Used

Endpoint Privilege Manager

Identity and Access Management

May 2026
Control the Chaos. Secure Every Identity.
Idira is the industry leading, next-generation platform that secures all identities for the AI enterprise.
Get the latest news, invites to events, and threat alerts