Snoop
Tenable Cloud Security
The actionable cloud security platform
Reduce risk by rapidly exposing and closing priority security gaps caused by misconfigurations, risky entitlements and vulnerabilities–in one powerful cloud native application protection platform (CNAPP).
How Fintech Snoop enforces least privilege and streamlines compliance – at scale
As a fintech innovator under the Vanquis Group umbrella, Snoop handles highly sensitive customer and transactional data. Balancing robust data protection, regulatory compliance and fast-paced development was non-negotiable. To support business agility while minimizing risk, Snoop prioritized automating and enforcing least privilege across their multi-cloud infrastructure.
“We wanted to limit access, including privilege escalation, without draining team resources—and without slowing down our business,” said Tom Plant, Senior DevSecOps Engineer, Snoop. After evaluating several vendors, Snoop selected Tenable Cloud Security, noting its robust least privilege and Just-in-Time access, along with usability and speed of deployment.
Key business needs
Snoop operates a multi-cloud environment, primarily on Amazon Web Services (AWS), and also on Microsoft Azure and Google Cloud Platform – and uses several SaaS cloud technologies.
- Core platform: AWS Organizations, AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), AWS Certificate Manager (ACM)
- Data services: Amazon Aurora PostgreSQL, Amazon DynamoDB, Amazon Simple Storage Service (Amazon S3)
- Compute and workloads: Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), AWS Lambda, AWS Batch
With growing complexity across infrastructure and workloads, Snoop’s top cloud security concerns included safeguarding sensitive and regulated data, meeting compliance with FCA, GDPR and PCI DSS, simplifying access reviews and security posture decisions with automation, and gaining real-time visibility into permissions and associated risks.
Security teams were bogged down by time-consuming access decisions and lacked visibility into which permissions posed actual risk.
Snoop cuts cloud risk with CIEM and Just-in-Time (JIT) access
To date, Snoop has rolled out several high-impact uses including:
Least privilege and compliance across multi-cloud. Using Tenable’s powerful Cloud Identity and Entitlement Management (CIEM) capabilities, Snoop is achieving its goal of automating and enforcing least privilege across its multi-cloud environment. Key results include:
- Reduced excessive permissions across cloud accounts
- Identification of toxic permission combinations
- Prioritization of risks across a sprawling environment
This has also helped Snoop meet regulatory requirements by minimizing user access to sensitive data, supporting compliance with FCA, GDPR and PCI DSS.
Tenable is cloud-agnostic and extensible, which is critical for us. It is helping us automate and maintain least privilege across all our environments—not just one,- Tom Plant, Senior DevSecOps Engineer, Snoop
Just-in-Time (JIT) access to eliminate static privileges. Snoop uses JIT access to eliminate standing admin rights and broker access to sensitive data via short, auditable time windows – often with second-party approval. Key results include:
- All administrators, including those with privileged access, must go through JIT workflows, enforcing a consistent, least-privilege model
- Access to sensitive data is scoped to only what’s needed and timebound, with optional second-party approval
- Through JIT for IdP groups, access to sensitive apps is tightly controlled and not statically assigned by default
The simplicity and seamlessness of Tenable’s JIT mechanism is key. Users request access through Slack, approvers are notified instantly and access is granted for a defined period,- Tom Plant, Senior DevSecOps Engineer, Snoop
Snoop gains speed and simplicity with Tenable Cloud Security
Using Tenable Cloud Security has brought Snoop a range of benefits, from fast time to value to reduced risk and operational efficiencies:
Fast time to value. “We got value from Tenable Cloud Security within hours,” reported Plant, “It dramatically reduces the manual effort involved in analysis and action – and automates wherever possible.”
Measurable risk reduction. The organization has significantly reduced standing privileges, eliminated toxic permission paths and made access to sensitive data – and sensitive applications – purpose-driven and temporary.
Audit-readiness in place. With clear access records showing who accessed what, when and why – and who was declined – audit cycles are smoother. It’s now much easier for Snoop to provide the evidence base for compliance and overall security posture.
Operational efficiency. Manual reviews and escalations are now automated or handled through self-service workflows, lightening the security team’s workload. Deployment was quick, and insights started surfacing within hours.
Strong dev and user experience. Developers access what they need through tools they already use – Slack (with Microsoft Teams also supported) – keeping the process secure and low-friction.
What stands out most about Tenable Cloud Security is the ease of use and accuracy, and how broadly and deeply you can implement it. It’s been a very effective solution – and a strong partnership,- Tom Plant, Senior DevSecOps Engineer, Snoop
- Tenable Cloud Security