Aidoc

Aidoc simplifies IAM Risk Management tasks and streamlines remediation with Tenable Cloud Security

The Challenge

Founded in early 2016, Aidoc offers an AI medical diagnostics SaaS platform that is “always on.” The solution and its development run on AWS. The devops team handles the organization’s cloud security. The team knew that its IAM permissions configurations were potentially an ongoing security threat due to the complexity and opaqueness of public cloud environments. With many things on its plate, the devops team was always looking for time saving ways to better monitor and remediate access risk, including by right-sizing policies.

The Solution

Upon reviewing Tenable Cloud Security, Guy Reiner, co-founder and VP of R&D at Aidoc, was enthused. After a simple set up, he saw Tenable rapidly detect multiple excessive permissions and inactive roles in the Aidoc cloud infrastructure — and knew these to be fertile ground for threat actors. The Tenable proof of concept also showed how such potential risks could be easily remediated, and how the entitlements management platform could help Aidoc govern third party access and privileged identities, and trace any access flaws or resource vulnerabilities to their root cause.

At first concerned about bringing Tenable to his team’s attention so as not to burden it “with one more management tool,” Guy eventually chose to let the team do its own due diligence. The Aidoc devops team quickly found the Tenable platform made many of its IAM risk management tasks easier and, in presenting a visual mapping of all its cloud identities and permissions, proved considerably more informative than the AWS console. Ultimately, the team drove Aidoc’s decision to adopt Tenable Cloud Security.

Digging deeper, the devops team found they could effectively use the Tenable platform, via its Findings view, as an actionable roadmap for prioritizing its IAM and other configuration risks. The view delineates risks by criticality and scope, helping Aidoc decide which risks to tackle first and which to address progressively over time to proactively reduce its attack surface.

Said Reiner, “[Tenable] goes beyond permissions visibility to reveal IAM risk context that informs our busy devops team, facilitating their efforts in mitigating risk and minimizing disruption. We’re next setting our sights on implementing the least privilege policies that [Tenable] generates from actual use — that kind of automation is right up there with devops best practice by enabling us to remediate at scale and shift left to harden net-needed access into our infrastructure.”