The Problem
Sophos previously had a robust identity program based on a traditional IGA tool. It worked well for a small number of AWS accounts but couldn't scale to the level Sophos needed to support hundreds of accounts and a large development organization of over 1,500 highly skilled developers. The company’s previous solution lacked features like just-in-time access and peer approval workflows at scale, and the process of expanding it appeared to be inefficient.
"Our IGA tool was designed for an era of a smaller number of AWS accounts," said Rajeev Kapur, VP of IT Infrastructure at Sophos. "To do this on our existing tooling would have been a significant project in terms of expense and consultancy. We took that as far as we could take it."
Additionally, Sophos wanted to introduce an independent, phishing-resistant MFA for the company’s cloud environment to mitigate the risk of compromised credentials in its primary identity provider. "We need modern, phishing-resistant MFA that we can inject into the process," Kapur said.
Sophos needed a solution that could be deployed by a small team without adding headcount, while also being user-friendly for their diverse set of AWS users. "Developers just want to do their job," said Guy Davies, Principal Cloud Architect at Sophos. "Other solutions required a lot of clicks and were kind of arcane."
Sophos Requirements At a Glance:
- Scalable just-in-time access
- Scalable peer approval workflows
- Phishing-resistant MFA for cloud environment
- Developer friendly
- IaC-Driven Workflow