Key Outcomes
Overview
Using AWS IAM Identity Center, real-time cloud security company Sysdig securely and efficiently manages workflow access across 2,500+ AWS accounts. Sysdig provides a cloud security solution that helps customers around the world keep their operations secure. As the company grew, it needed to streamline its identity and access management processes at scale. To increase efficiency and security, Sysdig wanted to adopt automation and infrastructure as code, so the company implemented AWS IAM Identity Center. Using AWS services, Sysdig significantly increased operational efficiency, reducing access provisioning time from days to minutes and freeing up time for its engineers to innovate
About Sysdig
Sysdig began as an open-source project offering deep, system call-level introspection into containers. The company now helps customers around the world secure their cloud infrastructure with runtime insights powered by artificial intelligence.
Opportunity | Using AWS IAM Identity Center to handle scale for Sysdig
Previously, Sysdig relied on SAML federation to manage account access. As the company continued to grow its customer base, it needed to streamline its operations with more than 2,500 AWS accounts across 20 AWS Organizations. Common tasks such as provisioning new AWS accounts or configuring user access to resources took significant time and effort. For example, each AWS Organization required its own SAML identity provider configuration, making centralized management difficult and forcing the team to manually replicate any changes across all organizations. As Sysdig scaled, these challenges hindered the company’s ability to maintain consistent access controls and streamline setup.
Sysdig chose AWS IAM Identity Center to manage user access to applications, expanding on its experience using AWS services and its confidence in AWS infrastructure for building, running, and scaling applications. “When it comes to managing account access, AWS IAM Identity Center checked all of the boxes we were looking for,” says Jose Solis, senior cloud infrastructure engineer at Sysdig. “This native integration also helps us maintain our existing assignments and supports using infrastructure as code.”
Solution | Automating to increase efficiency and facilitate innovation
Using AWS IAM Identity Center, Sysdig can manage access to its high volume of AWS accounts while maintaining role separation and the principle of least privilege between production, sandbox, and security testing environments. The company can also automate assignment updates, and its infrastructure-as-code tooling uses AWS IAM Identity Center APIs to detect and remediate permission assignment drift daily across all organizations. Sysdig uses System for Cross-domain Identity Management (SCIM) provisioning to synchronize users and groups from its existing identity provider into AWS IAM Identity Center. If an engineer temporarily needs production access, Sysdig can add access for the user without building groups that aren’t needed going forward. “AWS IAM Identity Center is such a simple product to use,” says Solis. “It’s polished.”
AWS IAM Identity Center is compatible with infrastructure-as-code automation, which helped Sysdig increase operational efficiency. This automation helps Sysdig streamline common tasks like access provisioning, auditing, and role maintenance. Because of the frequency of these tasks, the increased efficiency adds up to significant time savings. Sysdig has also started using more granular roles and permission sets because managing assignments is simpler.
Sysdig can now address permission requests much faster, which encourages users to request only the access they immediately need. “The simplicity has made it easier for teams to improve their security standards,” says Solis. Security teams appreciate the flexibility to perform their own audits and pull request checks, which helps them better enforce access requests. The IT team also has more time because users are more self-sufficient. “Because AWS IAM Identity Center has helped us unlock more bandwidth, we can allocate more time to other projects,” says Solis.
Outcome | Reducing time for security tasks from days to minutes on AWS
Using AWS IAM Identity Center, Sysdig transformed its identity management operations across more than 2,500 AWS accounts. Access provisioning time dropped from 2 days to 10 minutes, audit completion was reduced from 1 day to 10 minutes, and role updates accelerated from weeks to minutes, freeing up the team to focus on higher-value initiatives.
Beyond the time savings, the centralized approach removed credential sprawl and facilitated more granular access controls, helping Sysdig further strengthen its security posture while reducing operational risk. “We’ve seen an increase in our cloud management team’s productivity since transitioning to AWS IAM Identity Center,” says Solis.
With more time for other projects, Sysdig’s security team can now focus on higher-value security initiatives and strategic projects that directly enhance the company’s security posture. “AWS IAM Identity Center helped us streamline identity and access management,” says Solis. “With the extra time we’ve reclaimed, we can look into other ways we can streamline our operations too.”
We’ve seen an increase in our cloud management team’s productivity since transitioning to AWS IAM Identity Center.
Jose Solis
Senior Cloud Infrastructure Engineer, SysdigDid you find what you were looking for today?
Let us know so we can improve the quality of the content on our pages