Kubernetes – Case Study
A leading software development company headquartered in Boston and Tel Aviv with Fortune 1000 customers in 40+ countries delivers multiple products and has recently expanded its operations, buying additional software providers in its field and adding multiple SaaS offerings to the platform.
Head Count: 500+
“In less than 2 weeks half of the company was already using Apono to gain the namespace permissions they needed dynamically.”VP RnD
With the move to becoming a SaaS operation, the company was required to support its customers on an ongoing basis and at the same time adhere to security requirements, such as: customer data separation, approval workflows and audits over customer data access. The company’s customer environment (“production”) contained a combination of databases such as AWS, RDS, PostgreSQL and Azure Kubernetes production clusters with multiple tenants in separate namespaces in each cluster.
In order to meet customer security and regulatory obligations, the company was manually provisioning the permissions developers or customer support needed in Kubernetes on a per task basis.
The Apono Solution:
Apono was able to satisfy all three needs across their Databases and Kuberenetes clusters with a single, easy to implement platform.
With Apono’s Permission Management Automation Platform, the company was able to easily automate permission management.
- Separating customer tenants according to security requirements.
Utilizing Apono’s dynamic AccessFlows capability to automate permissions that allows users to receive a JIT Kubernetes permissions to only a specific customer (namespace) with full audit of those permissions and timeline.
- Self-serve developer task-based permissions
Developers request the permissions they need to a database level of the RDS on a per task basis. They can request and the request can be approved directly from within Teams in order to make the process as frictionless as possible.
- Incident response permissions to SRE teams
Utilizing Apono’s contextual AccessFlows, when an SRE team member is OnCall they can automatically receive the permissions they need.