Back to Case Studies
Forbes Saves Costs & Removes Standing Privileges to Align with Zero Trust Security
Media publishers utilize the speed and scale of the cloud to distribute on-demand news and information to a global audience with a reach that often eclipses that of traditional broadcast media. Forbes leverages Britive to accelerate developer and business intelligence analysts’ cloud access while eliminating the time-consuming back-and-forth of manual access provisioning that can mistakenly result in either standing access or over-privileged accounts.
54k+
Static Privileges Eliminated
400+
Identity profiles managed in GCP
The Challenges
- Manual review and approval access process: granting and revoke privileges took several days and could introduce errors resulting in incorrect privileges.
- Delayed onboarding and access: having a globally dispersed development team meant the manual review and approval process could take even longer due to back-and-forth communications across time zones.
- No DevOps-friendly JIT access tools available that readily integrate with DevOps build processes to enhance developers’ productivity.
After Forbes migrated to the cloud in 2019, Google performed a cloud infrastructure assessment for the company, identifying the need for better control of identity access to cloud infrastructure and applications. This gap prompted Sameer Patwardhan, SVP Technology for Forbes, to examine identity tooling that could fulfill this need.
At the time, the IT security team was handling access requests manually. Patwardhan wanted a more programmatic means of implementing time-bound access with the correct level of permissions, so he evaluated Britive, which Forbes now uses for automated Just-in-Time (JIT) access provisioning.
Britive takes the pain out of manual provisioning and preventing user errors that could otherwise be very costly. With Britive, we make sure that certain privileges don't go to very new junior developers with production access. Britive's JIT access solution takes our minds off of managing access at the individual account level with its automated provisioning and keeps us secure.
The Solution
Rapid deployment via lightweight API in just under four weeks, not months as legacy PAM solutions require.
Automated JIT access with granting and revoking of temporary privileges across GCP, Google Workspace, BigQuery, Looker and Okta Super Administrator accounts—all of which can be monitored while on- and off-boarding of privileged access.
Access visibility via an audit trail of every privileged access granted with robust approval controls to eliminate approval fatigue and accelerate adoption.
The Forbes management team saw the Google cloud infrastructure and process assessment findings as validation for implementing a unified JIT access management solution like Britive: the goal was to both secure identity access to cloud infrastructure and apps while ensuring no account has more privileges than necessary for longer than necessary.
The security team at Forbes considered building their own automated JIT access tooling for GCP, knowing that they needed to address the risk introduced by standing privileges and hard coded secrets necessary for developers and the BI team to execute their work. But once their analysis revealed the level of complexity necessary to institute the controls necessary to grant and revoke privileged access, they decided to search for an enterprise-grade solution.
Forbes deployed Britive’s API-first solution in under four weeks. The security team can now restrict user access to the minimum levels required to perform a job or function in GCP. Doing so means Forbes’ security team can enforce the principle of least privilege to reduce the risk of data breaches and data leakage.
Forbes uses Britive to provide JIT access in GCP to a team of 70+ developers and recently onboarded and provisioned access for their Business Intelligence Team to BigQuery and Looker. With Britive, Forbes was able to free up the junior security engineer and overall security team for higher-value work instead of managing a slow manual process of reviewing, approving and provisioning access requests: “Access management is no longer a full-time job for the security team to babysit,” Patwardhan said.
In this age of cloud automation there should be a way of accessing cloud resources via API provisioning: Britive has built this framework that allows for just that. By plugging into Britive’s framework, we get oversight and auditability through approval — all of this is auto provisioned so it’s efficient and eliminates errors.
Outcomes
Customization via API coupled with an approval process that provides visibility into what identities have access to specific GCP-based resources
Implementing JIT access management with temporary, granular profile-based access
Eliminating 54K+ standing privileges across 978 GCP Projects, Google Workspaces, BigQuery, Looker, and Okta Super Administrator accounts
Increased DevOps efficiency by integrating secure access management practices into the build processes.
Integrating DevOps build process with Britive’s JIT access solution
Adopting Britive for ephemeral, time-based access to data and apps in GCP meant Forbes could increase developer and business end user productivity by moving away from manual processes to review, grant and revoke privileges and reducing overall on- and off-boarding time.
Forbes’ development team currently uses Britive to manage access for 978 GCP Projects that form the basis for creating, enabling, and using all Google Cloud services, including managing APIs, adding and removing collaborators, and managing permissions.
In aggregate, Britive has helped Forbes eliminate 54K+ standing privileges for developers and business users so they can access critical cloud infrastructure, apps and data. Doing so means they can deliver key cloud-based projects for stakeholders across Forbes rapidly.
Britive worked to build a good relationship with us and that’s key: the Britive team really understood our use cases and what we were looking for and quickly identified how they could help us. That relationship aspect is important to us.
Other factors that influenced the decision to implement Britive’s JIT cloud access solution include:
- Ensuring privileges are assigned correctly, preventing the manual errors that result in an identity being assigned unnecessary privileges
- Auto-provisioning access entitlements and eliminating manual permission provisioning
- Audit logs and metrics that show who accessed what cloud resource, when and for how long