Inside DigitalOcean’s SOX Compliance Playbook

Customer Story

/images/igsenergy.png

Automating Access Management & Reducing Risk for IGS Energy’s Hybrid Environment

Challenges

  • Lacking evidence and documentation in the external audit process for SOC2
  • Little visibility into privileged access such as domain, enterprise, and schema admins within on-prem Active Directory and access to physical data centers
  • Manual process to pull user lists into a spreadsheets, coordinate across business owners, keep it in sync, and bring it back for access changes

Results

  • Ability to run complete and accurate user access reviews multiple times per year without the manual overhead
  • Audit documentation to confirm approvals and revocations across multiple disparate identity data stores and business applications
  • Enhanced visibility into effective access for complex group structures in Okta, AzureAD, and on-prem Active Directory in one centralized location
IGS Energy, a family-owned company, has been a trailblazer in the natural gas industry since 1989. Over the years, their offerings expanded to include a variety of renewable and efficiency solutions for residential and business customers across the United States. At IGS, doing the right thing is not just a motto; it's a philosophy embedded in their DNA, guiding interactions with customers, security and compliance initiatives, and shaping business decisions.

Meet the Guardians of IGS Energy’s Security & Infrastructure

Chris Hatfield, Manager of Security and Infrastructure at IGS, and Shawn Kerr, Senior Security Engineer, play pivotal roles in safeguarding IGS Energy’s data and systems. On the security front, Shawn leads the charge in building a comprehensive compliance program including a SOC2 certification and PCI compliance. “The more the business grows, the more our customers need to trust that we are keeping their data safe and secure. That’s backed up by external audits and compliance certifications, and that’s what led us to ConductorOne,” Shawn says. 

Both Shawn and Chris are dedicated to maintaining IGS Energy’s integrity, ensuring customers’ and employees’ data remains safe and secure, and both needed help to provide more evidence and documentation in the external audit process.

A Strategic Partnership to Streamline Access Reviews and Management

IGS Energy started looking for a partner after an external auditor recommended they invest in an identity governance solution to streamline user access reviews. After evaluating more than four different vendors, IGS chose ConductorOne because of the strategic partnership, ease of use, and ability to reduce identity security risks. 

IGS started by taking a tiered use case approach.”We’re trying to be as helpful to the business as possible, so we start with the riskiest access groups,” Shawn stated. “With a company of our size, we are selective about what access we review and who we involve to make it as easy as possible on the rest of the business.” 

Now with ConductorOne, they are able to run fully automated access reviews to support their SOC2 audits and get granular visibility into important security concerns such as privileged roles and access to their physical data centers.

“Using ConductorOne is not just good for identity and access management, but it lets us provide documentation to confirm that we are doing things the right way, for example, removing users from systems, approving access in a trackable way, and running complete and accurate reviews multiple times a year,” Shawn shares.

IGS Energy’s key use cases revolved around privileged access to the most sensitive resources, or the “keys to the kingdom” as Chris put it. “Being able to review privileged access such as domain admins, enterprise admins, and schema admins within our on-premises Active Directory was a key requirement.” Plus, IGS can get visibility into local admin rights, physical access to their data centers, downstream group implications in Okta, critical data from CSV imports, and ownership roles to AzureAD resources all in one platform. “ConductorOne was not only the best option that met our needs at the time, but showed a willingness and flexibility to engage in a more strategic partnership long-term,” Chris says.

Chris also describes the difference in the manual process as compared with using ConductorOne. “I don’t have to generate a spreadsheet full of user lists, send it to someone to make a decision in one column, get it coordinated across business owners, keep it in sync, and bring it back for someone else to remove access. Pulling all of that data together and automating the process with ConductorOne is the biggest driver of ROI.”

Return on Investment in a Cost Conscious World

Today, the return on investment for IGS Energy is apparent in the enhanced visibility ConductorOne provides. No longer do they need to navigate complex group structures or generate cumbersome spreadsheets manually. Automation, streamlined processes, and centralized data have become their biggest time-savers.

In a cost-conscious environment, both Chris and Shawn have to be able to justify bringing in new tools. As Shawn shares, “The usability and interaction early on with ConductorOne was great. As with any security department that isn’t a primary driver of a company’s revenue, it is crucial that we justify each proposed purchase within our budget. ConductorOne proved that their solution improves our business function, provides quick time to value, and helps us achieve better security outcomes.”

While the journey to enhance automation continues, ConductorOne has already proven its worth, empowering IGS Energy to focus on what they do best: revolutionizing clean energy solutions for a better world.

About

/images/igsenergy.png

IGS Energy is redefining what it means to be an energy retailer. They are leading a transition to a more sustainable energy future by empowering home and business customers to source the energy that’s right for them, manage their costs and carbon footprint, and protect the systems that keep their homes running efficiently.

For more information, visit www.igs.com.

Industries

  • Sustainability Energy,
  • Oil and Gas

Company Size

1,000-5,000 employees

Headquarters

Dublin, Ohio

Send me more content like this

Latest on the platform

/images/2024_Access-Conflicts.jpg

News

ConductorOne Extends Next-Gen IGA Platform With Separation of Duties Policy Automation

/images/All_Aboard_Spicy_Takes.jpg

Blog

Spicy Takes with David Lee, the Identity Jedi

/images/hiring.jpg

We’re Hiring

We are on a mission to secure identity - want to join us?