Axiom Customer Story: Seamlessly Scaling Least-Privileged Access Management Across Platforms
Background:
In an era where securing access to sensitive data is pivotal, our team encountered a substantial challenge within our vast digital environments. Unmanaged access and over-privilege were rampant across our entire cloud platforms, notably in our extensive AWS environments and numerous databases. With our organization’s heightened sensitivity to security guardrails, finding a user-friendly yet highly secure solution was paramount.
The Challenge:
Our journey to reshape access began with hesitancy from our teams. Adjusting from a realm of extensive access to a more constricted, role-specific access necessitated a tool that could accomplish this transition smoothly and securely. Furthermore, having utilized usernames and passwords for each user across each AWS account with static permissions, we knew there was significant room for enhanced security and efficiency.
Implementing Axiom:
Axiom stepped into this scenario, providing a streamlined process to manage permissions effectively. Though initial resistance was anticipated as we started limiting over-privileges, Axiom’s intuitive interface and secure solution facilitated a smoother transition than anticipated.
Collaborating with DevOps and Engineering teams, we onboarded individuals gradually. Education and adaptability were crucial. Teams were acquainted with Axiom one by one, and we successfully migrated away from static permissions.
We strategized the transition by understanding the daily access patterns of each team, employing Axiom’s Workflow feature to allow baseline access. Anything beyond this necessitated approval processes through relevant team leaders, ensuring secure and justified access at all junctures.
“Axiom enabled us to smoothly transition to a secure and simplified permissions management model, ensuring each team member had precisely the access they needed, exactly when they needed it, with robust approval processes and auditable trails in place.”
Detailed Outcomes:
- Time-Effective Transition: On average, it took about one week per team to fully transition to Axiom. Post-transition, standing permissions were removed without compromising productivity thanks to the Axiom Workflow.
- Enhanced Security with AWS SSM: Axiom also managed our AWS SSM access for remote access to EC2 machines. This rendered auditable logs for all accesses to EC2 instances and eradicated the need (and associated risks) of storing SSH keys on individual laptops.
- Kubernetes Management: For Kubernetes, Axiom, in conjunction with our AWS EKS cluster, offered our DevOps teams access, nullifying the necessity for static Kubernetes secrets.
- Robust Data Store Access: Implementing Axiom’s solution for our data stores empowered data engineers and scientists with secure and manageable access to databases without harboring secrets on personal devices. The majority of read operations were streamlined and automated, while write access was stringently governed through an approval process.
- Streamlined Network Access: Leveraging Axiom for controlling network access through our ZTNA solution enabled precise engineering network access to our production and development environments.
- Comprehensive Integration with Okta: In conjunction with Okta, Axiom oversaw user access to groups and applications, also empowering our IT security engineers with managed access to Okta in an administrative capacity.
Seamless Integration and Automation:
Through meticulous integration of Axiom with our entire tech stack—Cloud, IdP, Databases, Kubernetes, Virtual Machines, and more—we established a singular, comprehensive view of everything related to access management and identity security.
Axiom Workflows were configured to avert identity governance and control fatigue, enabling our security teams to focus exclusively on crucial access requests, thus significantly reducing our blast radius in case of a security incident.
Conclusion:
Axiom not only fortified our security posture but also enhanced the user experience by automating permissions management and scaling least privilege access across various platforms. It proved instrumental in navigating the intricate balance of simplifying user access while concurrently enhancing our data security and management capacities.
