Back to Case Studies
Fortune 500 Global Retailer Eliminates Standing Access Across Cloud Footprint
June 2024 / 3 min. read /
The cloud has transformed retail to enable more efficient inventory management and fulfillment while allowing customers to purchase both in store and online. A global Fortune 500 retailer turned to Britive to empower its infrastructure DevOps team with ephemeral privileged access needed to rapidly utilize its cloud infrastructure, data, and applications across its multi-cloud footprint.
The Challenges
- Manual granting and revoking processes: the full process could take up to 72 hours, significantly delaying onboarding and access requests.
- Static privilege elevation and de-elevation was the only option available through native OCI identity tooling.
- Large customization effort required to adapt existing identity governance and administration (IGA) tools to meet cloud needs.
The client’s Senior Director of Information Security, was on the hunt for a cloud-agnostic solution that would empower developers and data scientists with ephemeral, just-in-time (JIT) privileged access across the cloud infrastructure, applications, and data needed to do their work. The Infrastructure and DevOps team had previously implemented manual review, grant, and revoke processes, but these negatively impacted productivity and hindered the speed of development’s release cycle.
The team considered options such as OCI’s native identity tooling and existing privileged access management (PAM) and IGA software in their environment. Ultimately, they found that these were inadequate because of the static nature of permissions granting and the effort required to customize existing tools to meet their required use cases.
The Solution
- Rapid deployment in under 2 days for rapid profile management and provisioning.
- Managed identity profiles according to role-based access control (RBAC) privilege framework.
- Facilitated enforcement of principle of least privilege with time-bound JIT methodology with automated granting and revoking of temporary privileges.
- Streamlined on- and off-boarding to reduce manual processes.
The team was looking for a solution that would automate manual processes and increase visibility into the privileges granted while enabling the Infrastructure DevOps team with access across the cloud to drive their projects forward.
After a hands-on evaluation, the client team deployed Britive based on a role-based access control (RBAC) privilege framework to restrict access to the minimum levels required to perform their work in OCI. Doing so allowed the client to enforce the principle of least privilege and reduce the risk of data breaches or data leakage.
Britive’s deployment and support for JIT access in OCI was quick and very impressive. And since it works in a cloud-agnostic way across different cloud providers—including OCI—we have a future-ready means of automating temporary access granting and revoking that follows our granular RBAC model.
Key Britive Impacts
- Britive eliminated 67K+ static privileges across all the client’s cloud service providers.
- Britive allowed the client to securely expand its cloud footprint while increasing productivity.
- Decreased on- and off-boarding from 3 days to 30 minutes or less.
- Enabled the infrastructure and DevOps team to achieve least standing privileges and facilitate permission right sizing with granular data and custom roles.
- Provided visibility that allowed infrastructure and DevOps to monitor and manage privileged access policies.