Customer Security and Regulatory Obligations at Scale

Case Study

Kubernetes Access Discovery – Apono K8s Access Automation

A leading software development company headquartered in Boston and Tel Aviv with Fortune 1000 customers in 40+ countries delivers multiple products and has recently expanded its operations, buying additional software providers in its field and adding multiple SaaS offerings to the platform.

Head Count



Boston, New York, Tel Aviv

The Challenges:

With the move to becoming a SaaS operation, the company was required to support its customers on an ongoing basis and at the same time adhere to security requirements, such as: customer data separation, approval workflows and audits over customer data access. The company’s customer environment (“production”) contained a combination of databases such as AWS, RDS, PostgreSQL and Azure Kubernetes production clusters with multiple tenants in separate namespaces in each cluster.

In order to meet customer security and regulatory obligations, the company was manually provisioning the permissions developers or customer support needed in Kubernetes on a per task basis.


Manual provisioning

Manual provisioning of permissions to only a specific customer (namespace in the customer Kubernetes cluster) in order to satisfy security requirements.


Developer permissions

Developer permissions to the production environment only on a per task basis and only to the necessary resources relevant to the task at hand.


SRE team members’ permissions

SRE team members’ permissions to AWS RDS databases and other production resources only when an incident occurs.

In less than 2 weeks half of the company was already using Apono to gain the namespace permissions they needed dynamically.


The Apono Solution:

Apono was able to satisfy all three needs across their Databases and Kuberenetes clusters with a single, easy to implement platform.

With Apono’s Permission Management Automation Platform, the company was able to easily automate permission management.


Separating customer tenants according to security requirements.

Utilizing Apono’s dynamic AccessFlows capability to automate permissions that allows users to receive a JIT Kubernetes permissions to only a specific customer (namespace) with full audit of those permissions and timeline.


Self-serve developer task-based permissions

Developers request the permissions they need to a database level of the RDS on a per task basis. They can request and the request can be approved directly from within Teams in order to make the process as frictionless as possible.


Incident response permissions to SRE teams

Utilizing Apono’s AccessFlows, when an SRE team member is OnCall they can automatically receive the permissions they need.