Sonrai Security website logo for identity and data governance and cloud security

Case Study: Snoop

Snoop Chooses Sonrai Dig to Reduce Risk, Increase Security, and Maximize Efficiency

Sonrai Security Case Study Snoop Problem


Headquartered in the UK, Snoop is a fintech start-up established in April 2019 by a team of former Virgin Money Executives. Snoop takes the idea of money management much further than other fintech by allowing customers to use their own data as a powerful force to help them spend, save, and live smarter. Using secure open banking data and advanced analytics, the app provides data-driven, personalized insights (‘Snoops’) to help consumers find their biggest money-saving opportunities. Snoop has already successfully delivered over one million money-saving and money-management insights to customers and can save the average UK household around £1,500 each year. While Snoop is not a bank, it does interface with systems that handle customers’ financial information and is regulated by the Financial Conduct Authority. As such, having enterprise security solutions and a robust approach to identifying and managing public cloud risk was critical from the outset of our partnership.

The Problem

Snoop’s leadership realized they needed to secure their cloud app from the onset. Snoop wanted to build a data-driven business that was cloud-native. They were looking for a public cloud security platform that could not only protect access to their differentiated data and AI but also govern identity access to their cloud-native app. 

Their team needed help with managing multiple aspects of AWS including policy enforcement, cloud security, and governance. Risks due to security and compliance violations are huge challenges for a cloud-native company. Snoop needed a way to ensure that its own cloud-based platform was secure and configured to least-privilege and other cloud security best practices.

Testimonial Bio Image
“Securing access to our data and tracking identities in the Cloud is complex, and Sonrai understood how to simplify that from the beginning.”

- Andy Makings, Head of DevSecOps

page background graphic

The Goal

Reduce Risk

To eliminate all potential identity risks, Snoop wanted to improve tracking, reporting, and monitoring of all identities - graphing all trust relationships between identities and their permissions. It was very complex to keep track of what identities had access to what in AWS, and the permissions each identity may be using. They needed a comprehensive solution.

Additionally, the team at Snoop wanted to address demands associated with controlling and managing privileged access and improve processes to manage privileged identities. They spent a lot of time putting frameworks in place to ensure their data stayed in control and in their cloud. They additionally wanted to ensure policies were put in place to restrict the creation or change of risky cloud services and eliminate the possibility of risks being created in the first place.

Increase Security

Snoop’s data is their most important asset and any disruption could be catastrophic to their business. Their goal was to effectively manage data access in AWS. The team wanted to know who and what had access to the data and what the potential risks were at all times.

Maximize Efficiency

Snoop understands the complexity of managing roles and privileges in the cloud. Their goal was to simplify the views of their cloud and require that all ops teams leverage the native ops consoles, such as those provided by AWS, or other third-party tools. However, they understood that this could become a management headache because all of these tools are different and require specific skills.

Sonrai Security Case Study Snoop Solution
Sonrai Dig manages multiple aspects of AWS including policy enforcement, cloud security, and governance.

The Result

Sonrai Dig’s identity and data security platform was the perfect fit for solving Snoop’s challenges.

Identity and access risks were easily identified and systematically removed leveraging Sonrai Dig. Snoop required the ability to move from proof-of-concept to production quickly and without complexity. They leveraged the value in gaining comprehensive visibility into their groups, policies, identities, roles, accounts, permissions, and trust relationships across all of their AWS accounts. Dig integrated seamlessly with out-of-the-box identity risk frameworks and delivered the visibility within days of all ‘effective permissions’ for data and identities and helped to remediate uncovered risks.

With Sonrai Dig, Snoop can map every trust relationship, inherited permission, and policy for every entity. They can identify all excessive privileges, escalations, and separation of duty risks across their AWS roles and accounts. The team was looking for a security platform to help monitor and track identity and data resource access.

With numerous identities with rights and privileges to access data, Snoop decided that Sonrai Dig could help them to continuously monitor both their identities and data. With Dig’s graphing technology, they are now able to map what has access to data and how that access is made possible. This enables them to enforce that only those identities needing access are provisioned. If anything changes that expand access, they are notified or access is automatically revoked with enforcement options.

Snoop leverages Sonrai Dig to govern its regulated workloads to AWS and increase agility and innovation across the team while maintaining continuous compliance. This means compliance and platform posture gaps are quickly addressed as Dig identifies problems at their source. In addition to the powerful graphing capabilities that allow Snoop to review security posture in real-time discovering any compromised workloads, open ports, or misconfigurations, Sonrai Dig allows Snoop’s admins to take the necessary actions to rapidly mitigate risk. With automated monitoring and policy enforcement, Dig helps Snoop strengthen its cloud security, simplify cloud operations, and reduce risk in their public cloud helping them get to and maintain least privilege.

Sonrai Dig allowed Snoop to de-risk its public cloud of identity and data concerns. With risks identified and removed, activity monitoring improved significantly across their AWS environment. Through identifying interactions and originating identities, Dig was able to identify and continuously monitor all trust relationships across all accounts giving comfort that any unusual activity against sensitive data would be flagged and remediated.

Page Background Graphic

Ready to De-Risk Your Public Cloud? See It For Yourself.

Identity and data access complexity are exploding in your public cloud. Tens of thousands of pieces of compute, thousands of roles, and a dizzying array of interdependencies and inheritances. First-generation security tools miss this as evidenced by so many breaches. Sonrai Dig de-risks your cloud by finding these holes, helping you fix them, and preventing those problems from occurring in the first place. Schedule a conversation to talk with us about how we can help your enterprise.