Ermetic Case Study: Regional Telecom Provider
Find out how this large regional telecommunications provider is using Ermetic to protect their AWS & Azure multicloud environment
Standardizing on Ermetic for CIEM and CNAPP Across the Enterprise
Download the case study here or read below.
To accelerate their business growth and agility, a large regional telecommunications provider made a strategic decision to migrate from an on prem IT environment to a full cloud environment. Soon after, the pandemic hit, momentarily stalling an ambitious five-year migration plan. About a year and a half ago the organization re-commenced the project and today their cloud transformation is in full swing.
From the start, a key focus for the enterprise was to comprehensively incorporate security best practice across their new cloud estate.
Moving cloud forward in a large organization. The telecom provider’s extensive IT operation comprises three key groups: Cloud Operations, Cloud Architecture and IT. The operations group itself comprises teams responsible for cloud governance, cloud applications, cloud data and cloud infrastructure. Of these, the cloud governance team, responsible for supporting security and governance for business solutions, was tasked with overseeing and securing the enterprise’s cloud migration.
The enterprise sought to put in place solutions that would ensure their cloud security overall, including with better visibility across their cloud infrastructures. Native tools were not an option because their cloud environment spanned both Amazon Web Services (AWS) and Microsoft Azure, requiring a multicloud security solution. To meet required compliance standards, the executive team had already standardized on a solution for cloud security posture management (CSPM). This piece of the organization’s security strategy addressed governance needs from a reporting perspective. However the cloud governance team, cognizant that identities and permissions are a major point of failure in cloud security, was concerned that a CSPM tool alone would not adequately reveal identity risk and sought to better secure their IAM operation. Cloud infrastructure entitlement management (CIEM), an emerging security category, had gained their attention for its deep risk analysis of born-on-the-cloud identities and permissions.
At liberty to choose point security tools, the cloud applications team began researching CIEM solutions.
After comparing competitive offerings, followed by a demo and then a proof of concept, the telecom company chose Ermetic, citing the benefit of an identity-first approach to addressing their IAM security concerns and the high accuracy of findings revealed in the evaluation phase.
Swift implementation. Rollout was swift. To date, the telecom provider has implemented Ermetic in two organizational groups and is underway to standardardize Ermetic across their entire cloud environment. These teams are using Ermetic’s combined CIEM and policy-based alerting capabilities for overall assessment of their cloud security posture and fine grained visibility and risk detection across identities, resources, network and permissions.
Use cases and ROI. The groups are using the platform to reduce excessive permissions and expand least privilege, integrating its guided recommendations and right-sized policies into development and engineering workflows for acting on by those teams. The enterprise is also using Ermetic for anomaly detection use cases, alerting relevant stakeholders about unusual cloud activity to accelerate investigation and response.
Both groups credit Ermetic with enormous time savings in prioritizing, and reducing cloud configuration and identity risk in their growing cloud environment.
Next steps. The enterprise next plans to better control user and developer access through Ermetic’s Just in Time management portal, which curbs risk and streamlines developer access requests by automating the approval process and revoking the elevated privileges right after use. Spurred by their strong Ermetic outcomes, the team is trialing the platform with a broader requirement – building a business case for gaining approval to standardize on Ermetic for full CNAPP usage across the entire enterprise.