How Code42 Automated IT Tickets and Reduced Privileged Access by 67%
“Our existing solution had our IT help desk bogged down in manual work. Lumos changed that with their seamless solution for managing access requests and access reviews, while reducing privileged access at the same time.”
The Challenge
I’m a big believer least-privilege to protect against insider risk. Least-privilege to me means giving the right employees the right access for the right amount of time. Anything more than minimum access is an inherent security risk, whether from a malicious employee, compromised endpoint, or just an honest mistake. I wrote more about that here.
Now, before we could make progress on our least-privilege initiative, we had to automate how we grant access. My team and I were stuck using an old, manual process to manage our access request tickets. It took far too many hours to chase down approvers and provision access.
I wanted to find an automated solution for access requests that not only integrated well with Okta and Slack to reduce the level of change management, but also allowed me to enable least privilege best practices.
The Priorities
1. Automation
My team would spend hours every day on access requests. We needed to automate these to get time back for more important security projects.
2. Compliance
User access reviews were still being done through spreadsheets. I wanted a streamlined solution that would collect all our data in one place.
3. Security
Reducing the threat surface area was top of mind for our IT team. We wanted to make our systems more secure.
The Solution
“I’ve been working in this space for 15 years. Finding an IGA platform that handles both access requests and reviews with great UX is rare. Most products are behemoth systems that break apart. Lumos just works.”
Automating IT Tickets with Slack
On average, employees were making 100 requests a week. My team could take anywhere between 4 hours to a couple days to see a ticket, find the relevant app admin, and provision access for a single ticket.
Through leveraging Lumos’ Slack-first experience, employees can request apps directly in Slack and get access to applications within minutes.
Improved Security with On-Call Break Glass Access
Our engineers can swiftly develop features and address issues, ensuring the safety of sensitive data. Using features like pre-approved groups, verified on-call engineers can get access to sensitive databases within seconds when an incident occurs.
Added to that, my team knows Lumos will remove access within a few hours through leveraging time-based access. Happy engineers. Happy security team. A win-win situation.
Streamlined Access Reviews
We are FedRAMP, SOC2 and ISO27001 certified, which makes access reviews especially important. My team no longer has to worry about working in spreadsheets, chasing down reviewers, data integrity issues, and manually creating reports for auditors. Lumos automatically pulls all the information my team needs through deep app integrations in one place.
Relevant reviewers are notified via Slack or email. They can come back to Lumos to complete the access review, and I can generate audit reports with the click of a button. I can now run double the number of access reviews, and also use all the time saved for more impactful projects.
The Impact
“Providing an easy-to-use solution for access requests and reviews that saved us time and made us more secure was the top goal for my team. We got that with Lumos.”
Reduced Privileged Access by 67%
Before Lumos, we granted permanent access to sensitive apps with no visibility into users or time requirements. With Lumos, we were able to deploy time-based access for our most critical applications, ensuring employees got the right level of access for a limited period of time, helping to reduce privileged access by 67% across our tech stack.
Improved Security Posture by 30%
We conduct annual internal security reviews to assess our security posture. Lumos was able to help improve our security scores on access controls by almost 30%. My team sleeps better at night knowing Lumos has helped reduce our threat surface area.
TTR Down From Days to Minutes
I was able to gain back significant time every week for my IT team through automating access requests with Lumos. Instead of spending an average of 4 hours per ticket, Lumos handles all the work within minutes so our IT team can take on larger initiatives.