I’m a big believer least-privilege to protect against insider risk. Least-privilege to me means giving the right employees the right access for the right amount of time. Anything more than minimum access is an inherent security risk, whether from a malicious employee, compromised endpoint, or just an honest mistake. I wrote more about that here.
Now, before we could make progress on our least-privilege initiative, we had to automate how we grant access. My team and I were stuck using an old, manual process to manage our access request tickets. It took far too many hours to chase down approvers and provision access.
I wanted to find an automated solution for access requests that not only integrated well with Okta and Slack to reduce the level of change management, but also allowed me to enable least privilege best practices.
My team would spend hours every day on access requests. We needed to automate these to get time back for more important security projects.
User access reviews were still being done through spreadsheets. I wanted a streamlined solution that would collect all our data in one place.
Reducing the threat surface area was top of mind for our IT team. We wanted to make our systems more secure.
“I’ve been working in this space for 15 years. Finding an IGA platform that handles both access requests and reviews with great UX is rare. Most products are behemoth systems that break apart. Lumos just works.”
Automating IT Tickets with Slack
On average, employees were making 100 requests a week. My team could take anywhere between 4 hours to a couple days to see a ticket, find the relevant app admin, and provision access for a single ticket.
Through leveraging Lumos’ Slack-first experience, employees can request apps directly in Slack and get access to applications within minutes.
Improved Security with On-Call Break Glass Access
Our engineers can swiftly develop features and address issues, ensuring the safety of sensitive data. Using features like pre-approved groups, verified on-call engineers can get access to sensitive databases within seconds when an incident occurs.
Added to that, my team knows Lumos will remove access within a few hours through leveraging time-based access. Happy engineers. Happy security team. A win-win situation.
Streamlined Access Reviews
We are FedRAMP, SOC2 and ISO27001 certified, which makes access reviews especially important. My team no longer has to worry about working in spreadsheets, chasing down reviewers, data integrity issues, and manually creating reports for auditors. Lumos automatically pulls all the information my team needs through deep app integrations in one place.
Relevant reviewers are notified via Slack or email. They can come back to Lumos to complete the access review, and I can generate audit reports with the click of a button. I can now run double the number of access reviews, and also use all the time saved for more impactful projects.
“Providing an easy-to-use solution for access requests and reviews that saved us time and made us more secure was the top goal for my team. We got that with Lumos.”