Ermetic Case Study: AppsFlyer
Find out how Ermetic helped AppsFlyer gain control by governing identities and access entitlements.
AppsFlyer, the global attribution leader, empowers marketers to grow their business and innovate with a suite of comprehensive measurement and analytics solutions. Built around privacy by design, AppsFlyer takes a customer-centric approach to help 12,000+ brands and 8,000+ technology partners make better business decisions every day.
Since 2011, AppsFlyer has been on the cutting edge of cloud technology and security. The AppsFlyer platform leverages multiple clouds including AWS, Google Cloud, Azure and Alibaba Cloud. With more than 90,000 active mobile applications and more than 6,000 tech partner integrations, AppsFlyer is also ahead of the curve when it comes to securing their cloud infrastructure environment. AppsFlyer has one of the largest AWS deployments outside of the US, with tens of thousands of resources.
The security team made identity governance and access entitlement management a priority for 2020. For developers, DevOps and data scientists, the goal was to ensure that least-privilege access was enforced and that policies were “right-sized” for each user profile. While federating users from Okta provided control over users and groups, it was difficult to govern the use of access entitlements inside the cloud environment.
At the same time, AppsFlyer wanted to audit all access entitlements granted to the infrastructure to limit high-risk access to important resources, harden the environment and remove unused users, roles and permissions. They realized that using native CSP tools was complex, time-consuming and not repeatable, so they looked for a scalable solution.
The AppsFlyer security team deployed Ermetic in the staging environment. The platform immediately revealed a large number of excessive entitlements, and using the risk score provided by the platform, the team began to harden the environment by downloading improved policies and sending them to the DevOps team via the built-in integration with Jira.
For example, the team was able to visualize:
Next, the team audited all third-party access to the environment. They removed all SaaS applications (e.g. security and optimization tools) that were no longer in use. Next, they reviewed the applications that had privileged access to sensitive data, and removed unnecessary permissions. They also cleaned up IAM identities that were no longer in use. In addition, they were finally able to view the activity of the federated users from Okta, and to accurately right-size their roles. As the team rolled out the platform into the production environment, they worked together with the development and DevOps teams to determine the process for governing identities and access entitlements on an ongoing basis from responding to new risks to integrating hardened, least privilege policies in the CI/CD pipeline.
Ermetic provides identity-first security and compliance for AWS, Azure, and GCP. In one easy-to-use SaaS platform, Ermetic combines cloud identity governance and security posture management - for comprehensive risk mitigation across multi-cloud identities, network, data, and workloads. Designed to improve productivity for overstretched security teams, Ermetic does the heavy lifting, combining sophisticated risk analysis with intuitive visualization, accurate prioritization and automated remediation. Even in the most complex environments, Ermetic makes it possible to reduce the cloud attack surface, enforce least privilege and protect sensitive data at scale. Follow us on LinkedIn, Twitter and Facebook.