Customer Case: previder
Topicus KeyHub reduces the threat landscape and provides transparency regarding access.
Previder is part of Odin Groep and offers services in the domain of cloud, workspace, security and connectivity from two of its own data centres.
Previder is ISO 9001:2015, 14001:2015 and 27001:2013 and NEN7510 certified. In addition, the company is PCI DSS and SOC2 compliant.
Desire for change
Complex system landscape
Previder has a complex system landscape. For example, about 50 different directories are managed in different technologies. This impacted access management: this was complex and therefore inefficient. Users also had to deal with this every day: the way in which access was gained to applications and systems was not uniform and caused inefficiencies and irritations.
Security risks due to personnel changes
Previder manages infrastructure on behalf of its customers – and customers can expect the highest level of security. However, off-boarding personnel was a challenge: all directories had to be updated and checked so that the departing employee no longer had any rights. An error-prone process! Previder wanted access management based on least privilege and just-in-time provisioning with which, for example, personnel mutations could not introduce security risks.
Logging and monitoring to ensure compliance
From a compliance point of view (ISO 27001, NEN 7510, AVG, PCI DSS, SOC2), it is necessary that everything in the field of access management and gaining access is monitored and logged. And subsequently that relevant logging and monitoring information can be made available to the in-house security team or external auditors. With such a complex system landscape, it wasn’t easy to do that!
KeyHub: Privileged Access Management, Password Vault, and Auditor Dashboard
Previder has implemented Privileged Access Management, Team Password Vault and Auditor Dashboard.
Privileged Access Management
KeyHub implements the least privilege principle: user access rights are just enough to do the job. Just-In-Time reduces the risk even further by only offering access when it is needed and revoking it when it is no longer needed. In this way, employees only get the access they need and for the duration they need it. And off-boarding an employee is done in one click!
Previder employees now have one place to authenticate. KeyHub takes care of the activation or provisioning of accounts when needed. Safe and user-friendly.
Team Password Vault
For each Previder customer, a Team Password Vault is available to manage the secrets of that customer. In addition to passwords, the Team Password Vault also contains, for example, SSH keys and time-based keys, which are stored and shared securely.
The in-house security team and external auditors are given direct access to the logging and see whether the access audits are carried out in accordance with the guidelines.
The technical implementation, in which KeyHub was installed on-premise and integrated into the infrastructure, took 2 days. The user implementation was incremental and was organised by Previder in-house. Previder was supported by KeyHub both on site and remotely when needed.
Conclusion: Previder has got it right
Previder has a complex system landscape. When it comes to access management, KeyHub removes that complexity for administrators and users: in one place you get access and manage your access rights.
With KeyHub, Previder has taken the security of the managed infrastructures to the next level. Employees only get access for the duration that is necessary.
Certification and compliance is very important and is becoming even more important. With KeyHub not only the access management processes are well supported and monitored, but it is also easily made transparent to auditors and the internal security team.
Want To Know More?
Complex infrastructures make access management and getting access complex. When security is central to your business success, you need a partner that takes care of that complexity.