Inside DigitalOcean’s SOX Compliance Playbook

Customer Stories

Security and IT teams love ConductorOne for identity governance and least privilege access controls

TRUSTED BY CLOUD-FORWARD COMPANIES

/images/DigitalOcean.png /images/Ramp.png /images/PG-Logo.png /images/System1.png /images/Panther.png /images/IGS_Energy_logo_2020_black.png /images/Instacart_Logo_AllBlack.png
/images/logo-rrcu.png

How RRCU cut risk with automated user access reviews and JIT access

  • 10% reduction in enterprise risk, valued at over $1 million — a 2,000% ROI
  • Centralized view and streamlined control of all access
  • Sensitive access moved to just-in-time provisioning
  • Praise from federal auditors for maturity of security program

“We’re really leaning into just-in-time access. It’s the new way forward, and we couldn’t do it without ConductorOne.”

/images/baker.jpg

Brandon baker

Information Security Officer

  • “ConductorOne is innovating in an area underserved by the technology, and solving problems a lot of teams have to do manually. That had a really big value for Digital Ocean”

    /images/Heather_2.png

    Heather Cannon

    Infrastructure Security Manager at DigitalOcean

  • “Auditing privileged access across 50+ apps takes a lot of time. It was taking us three weeks to collect the information we needed. ConductorOne was intuitive to set up and made access reviews seamless for SOC 2 Type II, HIPAA, HITRUST, and FedRAMP. Plus, having additional context and analysis in reviews is a game changer.”

    Head of Information Security at a Healthcare customer

  • “Being able to show ConductorOne to internal auditors for SOX compliance, where they can generate time-stamped, immutable reports, and see logs in one console, was impressive.”

    /images/jack-chen.png

    Jack Chen

    Director of Information Technology

  • “ConductorOne was up and running in under an hour, integrating into our Okta directory and GitHub orgs and allowing us to start configuring our campaigns to evaluate access control and generate meaningful reports for our auditors immediately.”

    IT Director

  • “Having a tool that can do this in a timely fashion, iteratively and repeatedly, without manual inputs and outputs enables very real security control. This will improve our security posture at the end of the day.”

    /images/Tim_Photo.png

    Tim Lisko

    Director of Product and Infrastructure Security at Digital Ocean

  • “The fewer people who have access to customer data and the less time they have to access that data, the more that our customers can trust that we’re doing our best to make sure it’s secure.”

    /images/paul-yoo.png

    PAUL YOO

    Head of Security Platform at Ramp

  • “Running a review for an application integrated with ConductorOne would take us 20, maybe 30 minutes. The results are certifiable. Our internal auditors can go into ConductorOne and self-serve the reporting they need.”

    Lukasz Czaplicki

    Director of IT at Shift

  • “One of the reasons I really like ConductorOne is that all the prep work for access reviews is essentially done. When it’s time to kick off the campaign, we just select it and then kick it off.”

    Manager Security and GRC at a large FinTech customer

/images/spotnana.png

How Spotnana moved critical systems to just-in-time access to secure its scaling business

  • Automated just-in-time access for AWS
  • Approvals automatically routed to appropriate AWS account owners
  • Full audit records of who has access to what and when

“Requesting access is a much better experience with ConductorOne than it was before, which ensures our employees follow best practices.”

/images/godard.jpg

Ben Godard

Director of Security Engineering

How Ramp implemented least privilege access

  • Automated quarterly user access review campaigns for SOC 2, ISO 27001, and PCI DSS
  • 95% reduction in IT effort required to process access request tickets
  • One place to view and audit access continuously across Ramp’s systems and enforce least privilege access controls
/images/ramp-video.jpg

Hear from Paul Yoo, Head of Security Assurance at Ramp

/images/System1_color2.png

How System1 manages disparate systems after M&A activity and streamlined SOX audits

  • Three weeks to integrate with critical in-scope applications like AWS and Okta and launch their first privileged access review campaign
  • Completed SOX audits with significantly less effort with ConductorOne
  • Single pane view into users, roles, and privileges throughout their systems

“Being able to show ConductorOne to internal auditors for SOX compliance, where they can generate time-stamped, immutable reports, and see logs in one console, was impressive.”

/images/jack-chen.png

JACK CHEN

Director of Information Technology at System1

/images/igsenergy.png

Automating Access Management & Reducing Risk for IGS Energy’s Hybrid Environment

  • Ability to run complete and accurate user access reviews multiple times per year without the manual overhead
  • Audit documentation to confirm approvals and revocations across multiple disparate identity data stores and business applications
  • Enhanced visibility into effective access for complex group structures in Okta, AzureAD, and on-prem Active Directory in one centralized location

“The more the business grows, the more our customers need to trust that we are keeping their data safe and secure. That’s backed up by external audits and compliance certifications, and that’s what led us to ConductorOne.”

/images/hatfield.png

Chris Hatfield

Manager of Security and Infrastructure at IGS Energy

/images/Digital_ocean2.png

How DigitalOcean reduced identity security risk by automating user access reviews

  • Initial set of 1,200 access reviews across seven departments completed with 85% less effort compared to previous reviews
  • 100% on-time employee completion rate due to an intuitive user experience for application owners and approvers
  • Increased productivity for the security team through automated integrations
  • Improved completeness & accuracy and easy auditor reporting

“Having a tool that can do this in a timely fashion, iteratively and repeatedly, without manual inputs and outputs enables very real security control. This will improve our security posture at the end of the day.”

/images/Tim_Photo.png

Tim Lisko

Director of Product and Infrastructure Security at DigitalOcean