A leading online restaurant-reservation service faced critical security and operational challenges due to a lack of visibility and controls within their Google CloudPlatform (GCP) environment. By default, employees were granted full administrative access to the environment, creating significant security risks and increasing cloud costs for tasks such as reporting, analytics, order processing, and application testing. The absence of a least-privilege strategy left the business exposed to potential data misuse and inefficiencies.
Without proper visibility, the organization could not track project usage, data access, or user permissions, resulting in over-privileged accounts and unmanaged access. This increased the risk of account compromise and costly workloads being enabled without oversight. These vulnerabilities posed a threat not only to security but alsoto the financial and operational health of the business, making it critical to implement controls and reduce access risks.
MajorKey leveraged Ermetic to assess the client’s GCP environment, uncovering control violations and providing a roadmap for improvement. The assessment focused on implementing a least-privilege strategy, segregating GCP from Google Workspace, and setting up robust logging and reporting to detect and mitigate threats quickly. Additional measures included mapping CIS Critical Security Controls to NIST 800-53,automating key rotations, and recommending a Cloud Infrastructure Entitlement Management (CIEM) solution as the foundation for a secure cloud model. These efforts provided the client with the tools and strategies needed to enhance visibility, reduce risks, and optimize cloud operations.
Over-privileged accounts and lack of visibility lead to increased security risk and possible increased cloud costs.
Why organizations choose MajorKey
The customer was experiencing significant inefficiencies around governing user non-starts. Due to the manual nature of their process, every non-start would take several days to complete.
MajorKey fast-tracked the new vendor selection and implementation process to modernize our customer's identity and application governance program.
MajorKey helped a global food and beverage manufacturer establish Application Governance controls to meet SOX requirements in order to go public.
MajorKey updated our customer’s FastPath instance to help them pass SOX audit and find maximum value following changes to their internal business processes.
Our customer was running into issues with their FastPath implementation partner and struggling to make progress until MajorKey got it over the finish line.
MajorKey accelerated user onboarding and offboarding from days to minutes through automation.
The MajorKey team fully automated the user creation process with SailPoint IdentityIQ, saving 2,600-man hours annually while reducing security risks.
MajorKey stepped in and successfully implemented Saviynt while supporting the adoption of an IGA Program built around the best practices.
MajorKey helped get a SailPoint implementation back on track after two other Solution Integrators missed the mark.
