Detection and Response
At most companies, employee access is only additive and heavily over-provisioned. However, security teams don't have the necessary tools to manage or measure the problem.
With Opal, security teams have an unified access graph, aggregating data across cloud, SaaS apps, and internal tools, that prioritizes risk, such as usage, anomalies, and access type.
Opal combines holistic visibility with remediation. In a few clicks, admins can remediate risks through revocations or time-bounded access.
Just-in-time access to production
With the explosion of the cloud, it’s easier than ever to create infrastructure, even for teams outside of software engineering. While this has enabled innovation, it also has also led to permission sprawl, increasing the risk of insider threats. However, reducing developer access can be damaging to productivity.
With native integrations to cloud infrastructure, Opal enables developers to request short-lived access to specific permissions. Admins can customize approval and security configurations based risk.
Opal enables developers to request access via Slack, start sessions using the CLI, or dynamically create IAM roles.
With robust APIs and a Terraform module, Opal enables security teams to manage access controls using Infrastructure-As-Code.
Customer Data Access
As companies grow, they often develop powerful admin tools so that customer-facing teams can support their users. Examples of these tools include impersonating customers and performing admin actions. While beneficial, these tools are also highly privileged.
Stop over-provisioned birthright access. Instead, use Opal to enable short-lived just-in-time access. This reduces risk as employee must gain explicit approvals for their requests. In addition, Opal can mandate that all approvers must complete a 2FA challenge.
Rather than being able to request access to admin tools in their entirety, Opal can scope access requests to specific users. This reduces the blast radius of a potential breach.
Instead of granting indefinite access, Opal can provision time-bounded access. For example, at Opal, employees can only request access to internal tools for maximum of 4 hours.