All Customer Stories / GLOBAL ATLANTIC
Shifting from Manual to Automated Least Privilege saved time and reduced risk all while keeping developers productive.
“Sonrai helped us do in days what would’ve taken months—automating identity management and achieving least privilege across AWS.”
AVP, Security Operations | Global Atlantic Financial Group
Insurance
1,800+
60+ in AWS
Cloud Permissions Firewall
Cole Horsman, AVP of Cloud Security at Global Atlantic Financial Group, recognized the team needed to move from a chaotic, manual process for managing excessive permissions and unused identities. Cole and his team found the automated least privilege solution they needed in Sonrai Security’s Cloud Permissions Firewall. Learn the steps they took, the challenges they faced, and why they ultimately chose Sonrai to help secure their cloud environment.
As a leading U.S. retirement and life insurance company, Global Atlantic Financial Group relied heavily on AWS for application development and infrastructure. However, when Cole joined, the AWS legacy environment faced significant security risks:
“No governance or guardrails. This was my reality when I first got here.”
Cole Horsman, AVP, Security Operations | Global Atlantic Financial Group
These conditions created an environment ripe for privilege escalation and lateral movement. Cole’s first objective was to bring order to this chaos by enforcing least privilege and implementing security guardrails.
To address these security issues, Cole’s team transitioned to AWS 2.0 strategy. This introduced several security improvements, including:
“I'm not going to say that we were trying to completely achieve identity nirvana or least privilege completely – Just get better at it, iterate on it.”
Cole Horsman, AVP, Security Operations | Global Atlantic Financial Group
These manual SCP strategies were helpful but time-consuming, complex and prone to human error. The team encountered challenges with character and attachment limits and lack of visibility into what was being blocked caused the occasional painful outage. These challenges then led to a more cumbersome internal approval process, slowing down their progress.
As Cole’s team worked to secure their cloud environment, they eventually adopted CSPM and CIEM solutions to gain visibility into misconfigurations and detect over-permissioned and unused identities.
Recognizing the need for a more comprehensive solution beyond manual processes and open-source tools, Cole and his team at Global Atlantic began exploring Cloud Security Posture Management (CSPM) and Cloud Infrastructure Entitlement Management (CIEM) tools. These solutions offered critical visibility into issues contributing to security risks in Global Atlantic’s AWS environment: unused and over-privileged human and machine identities.
CSPM tools helped the team continuously monitor their cloud infrastructure for potential misconfigurations, allowing the team to understand the scope of the problem.
“CSPM is great for the visibility. It's a starting point. You should have some visibility into it. However, it’s just going to point out your problems; it is not going to solve them.”
Cole Horsman, AVP, Security Operations | Global Atlantic Financial Group
CIEM tools, on the other hand, provided Global Atlantic with enhanced control over user entitlements, helping to address unused permissions and prevent privilege escalation. These tools were particularly effective in identifying over-privileged identities, a common issue in cloud environments that can lead to significant security breaches if left unmanaged.
While CSPM and CIEM tools were invaluable for providing visibility into misconfigurations and helping manage entitlements, they only addressed part of the problem. An evaluation of the effort it would take to fix the identity issues concluded that it would take at least six months using customer Python coding to fix each permission set. Cole’s team quickly realized that these tools were primarily focused on detection and visibility, but lacked the automation necessary to proactively enforce least privilege across their entire cloud environment.
In order to truly secure their infrastructure, Cole and team needed a solution that not only identified risks but fixed them and prevented them from reproducing. This is where Sonrai’s Cloud Permissions Firewall made a significant difference. It complemented both CSPM and CIEM tools by adding a layer of automation that allowed Cole’s team to proactively achieve least privilege and maintain continuous governance without the need for constant manual intervention.
Facing the limitations of their current tools, Cole’s team explored Sonrai Security as a comprehensive solution to automate identity and access management (IAM) in AWS. After an in-depth demo, it became clear that Sonrai’s Cloud Permissions Firewall was designed to fully automate the creation and management of least privilege policies at scale across the AWS cloud environment, something critical to Global Atlantic’s goal of reducing human error and maximizing efficiency.
By adopting the Sonrai Cloud Permissions Firewall, Cole and his team at Global Atlantic achieved least privilege in AWS and ensured consistent governance over their cloud identities. They were able to quickly deploy and see results within a matter of days, a process that would have taken months with traditional solutions.
“Sonrai's implementation has saved us 6 months of time in development toward achieving least privilege.”
Cole Horsman, AVP, Security Operations | Global Atlantic Financial Group
The implementation process began with a detailed assessment of Global Atlantic’s cloud environment, identifying over-privileged identities and unused permissions – all within 24 hours. Sonrai’s platform integrates directly with AWS, making it straightforward to pull in data about identities, permissions, and policies. This initial setup allowed Cole’s team to get immediate visibility into their AWS accounts and begin automating the enforcement of least privilege.
Global Atlantic’s team experienced a smooth transition to least privilege, with no downtime and no disruption to ongoing development projects. Sonrai’s intuitive interface allowed the team to manage SCPs and permissions effectively without the need for extensive training or specialized knowledge. The implementation process was collaborative, with Sonrai’s team providing support and expertise to ensure the solution was tailored to Global Atlantic’s needs.
Sonrai’s platform offered more than just automation for SCPs (Service Control Policies); it provided a single source of truth for cloud permissions, enabling Cole’s team to continuously monitor and automatically adjust permissions based on real-time usage and risk analysis. This automation ensured that identities and permissions were properly managed without manual intervention, reducing the need for constant human oversight.
“What would’ve taken months, we were able to do within a few days... we started quarantining zombies, and then we started doing the unused permissions.”
Cole Horsman, AVP, Security Operations | Global Atlantic Financial Group
With Sonrai’s Cloud Permissions Firewall, Cole’s team could:
The Sonrai solution enabled the team to save six months of manual work, reducing the risk of configuration errors while allowing for safe rollbacks of permissions as needed.
One of the most valued aspects of Sonrai’s Cloud Permissions Firewall was its ability to facilitate on-demand permissions through ChatOps, which greatly enhanced collaboration between the security and development teams. When developers needed elevated access, they could request permissions in real-time, and Sonrai would automatically disable and enable those permissions as needed.
“The ChatOps component was hugely beneficial because we got immediate feedback when someone got blocked.”
Cole Horsman, AVP, Security Operations | Global Atlantic Financial Group
With ChatOps, Cole’s team could implement on-demand permissions, ensuring that developers received the exact level of access they needed, when they needed it, without waiting for manual changes from security. This dynamic model allowed developers to focus on their tasks while maintaining strict security standards.
The on-demand permissions feature enabled Cole’s team to automate access control without disrupting development workflows, ensuring a balance between security and agility. Sonrai’s automation handled the tracking and expiration of permissions, removing the need for the security team to intervene manually in every request.
Although Cole’s team originally sought a solution for identity and permission management, Sonrai offered additional unexpected benefits, particularly in the realm of audit and compliance. With Sonrai’s automated auditing capabilities, every identity, permission, and policy change is automatically tracked and logged, providing a real-time audit trail that ensures full visibility into cloud activities.
This feature helped Global Atlantic maintain consistent governance over its AWS environment, significantly reducing the manual effort involved in preparing for audits. Instead of manually combing through access logs and permissions, Cole’s team could rely on Sonrai’s real-time tracking to flag unauthorized changes as they occurred, allowing for immediate remediation.
By automatically monitoring permissions and ensuring that all changes were recorded, Sonrai’s solution provided a single source of truth for all cloud identities and policies. This not only strengthened security by preventing potential configuration drift or human error but also simplified the audit process by allowing Cole’s team to quickly generate compliance reports and demonstrate that least privilege was being consistently enforced.
“It checked a lot of the boxes we were trying to solve for this year, and it checked some other boxes for audit that we weren’t expecting it to solve.”
Cole Horsman, AVP, Security Operations | Global Atlantic Financial Group
Additionally, Sonrai’s ability to track all permissions changes allowed the team to prioritize remediation based on the severity of the issue, ensuring that any audit-related findings could be resolved swiftly. The audit automation removed the traditional pain points of manual tracking and reporting, enabling the team to focus on more strategic initiatives rather than reactive audit preparation.
Global Atlantic plans to continue using Sonrai to maintain least privilege and build a scalable, secure cloud identity strategy that aligns with its growing infrastructure needs. With Sonrai, the team continues to do more with less, automating permissions management and improving their overall security posture.
Cole Horsman, the Assistant Vice President (AVP) of Cloud Security at Global Atlantic Financial Group, is a leading expert in securing complex cloud environments, particularly in AWS. With over a decade of experience in information technology and cybersecurity, Cole has successfully transitioned his team from manual identity and access management to fully automated, least-privileged models, leveraging AWS Service Control Policies (SCPs) and advanced tools like the Sonrai Security Cloud Permissions Firewall. His deep technical expertise and hands-on leadership have made him a trusted voice in cloud security innovation.
As a major retirement and life insurance solution provider, Global Atlantic Financial Group is deeply invested in cloud technologies like AWS to ensure its infrastructure remains agile and secure. A vital part of the company’s operational philosophy is its “do more with less” mantra, which emphasizes efficiency and resource optimization across all levels. Their approach has guided their cloud security strategy to value automation and proactive identity management for simplifying complex processes and reducing risk. Cole Horsman drives the company’s cloud security strategy, particularly by championing proactive identity management to secure the cloud while enhancing operational efficiency.
Sonrai Security is at the forefront of cloud identity and access security, offering advanced solutions like the first Cloud Permissions Firewall to automate least privilege policies and secure multi-cloud environments. Sonrai’s annual event, ACCESS, is a virtual summit that gathers top cloud security experts and industry leaders to share cutting-edge strategies and tools for managing identity, access, and permissions in the cloud.
At ACCESS ’24, Cole shared his insights in his session titled “From Manual to Automated: Implementing Least Privilege in AWS with SCPs.” He walked the audience through the challenges he faced in managing cloud identities, the solutions his team explored, and why he ultimately chose Sonrai Security to simplify identity and access management in the cloud.
Start a free trial or request a personalized demo to see how the
Cloud Permissions Firewall can help you reach least privilege
faster and more efficiently.
