Challenge
Gathid’s financial services client, has a strict duty to safeguard customer funds while they’re being processed and managed. All organizational processes must be strictly controlled, which includes auditing access to any systems they interact with.
The client’s Global IT Operations Manager, explained, “We completed a manual audit last year that was very cumbersome and very painful. So, the goal was to find a solution that could make that easier.”
After exploring a few different options, the company engaged Gathid to help solve the issues they were experiencing with audits, as well as their annual and biannual recertifications for system and application access.
“In the last few years, there was an internal change within the organization that made us realize we needed to have much better processes for auditability. We need better tools to be able to manage it,” they said. “Security is always getting more and more important.”
Solution
From early 2024, the financial services company began using the Gathid platform as a central point for running their user access recertification audits—replacing time-consuming manual processes that previously involved using spreadsheets, creating JIRA tickets, and sending out emails. According to the Global IT Operations Manager, this immediately enabled the company to safeguard their systems.
“We had specific requirements. We knew exactly the problem we needed to solve—Gathid delivered a tool that did exactly what we needed, without fluff and extra expense that we didn’t need.”
The client was pleased to discover that the benefits of using Gathid extended far beyond auditing. Gathid specialists worked with the client’s team to demonstrate how they could use the platform to collect identity and access data using daily dashboards and reporting.
“The plan is for the team to start going into the dashboards and looking at the data every day. We’re just working on the automation to get there,” the Global IT Operations Manager said. “When we get all of our data automated in from our different systems, the different teams will be able to look at dashboards for their own systems access, and control and own that as well.”
“There are things you can start to do daily, weekly, monthly yourselves with the teams that own these systems to make day-to-day life easier, and to make the next audit better because you’ve been monitoring in the interim.”
Results
Greater Efficiency
Gathid’s Identity Graph maps data collected from all connected systems, allowing visibility to each person’s access within the organization. By automating user access reviews, it streamlines the auditing process—so teams can quickly close gaps and spend less time on manual review tasks.
“If you want to run an access audit, Gathid makes it easy. In the past, we’d been sending spreadsheets to hundreds of users, managers, and system owners to recertify access. The feedback from people in the business was Gathid makes this so much easier: I can go into one place, one link, and see all the things I need to respond to.”
Time and Cost Savings
Gathid harnesses the power of automation to deliver up-to-date user and system access information that saves precious time and resources during the audit.
“We got through it without about half the team in broadly the same amount of time, but with a lot less complexity. Because it was the first time we were using the platform, there was a lot more upfront configuration—we now have things in place where the next time it should be even quicker.”
This significant time saving also translates to a reduction in costs: “If three or four people for two months are no longer having to work on an audit as their main daily task, that’s a massive saving in man hours,” the client said.
Enhanced Security
Gathid creates a dynamic identity and access model that updates every 24 hours, providing a single, unified, and daily view of all identity and access data across the organization. This enables the global payments firm to quickly identify and respond to any vulnerabilities, enhancing their identity and access posture.
“It uncovered some things that we probably wouldn’t have seen if we were getting the data manually. Because we have automated it, we were asking for specific things to be put into Gathid that we hadn’t in the past. This gave us some more context around access, so it’s already flagged some areas to address.”
“That’s opened our eyes even more in terms of what flags we want to look for and put in metrics to monitor,” he added.
A Trusted Partner
It was very important to the client’s team to partner with a provider they could trust—who treated them more like a collaborator than a customer.
“It has always felt like a partnership, not a sales pitch. That stood out for me.”
While onboarding a new platform can be challenging, Gathid specialists were on hand to provide support and guidance every step of the way. “We were onboarding and very quickly diving into using it for an actual audit. Having that support is invaluable: we probably wouldn’t have ended up being able to use it for this year’s audit without that level of engagement.”
With a roadmap session coming up to keep things on track, the client is confident knowing that Gathid is backed by a global team that can help deliver in-depth support. “There’s been no asks that haven’t been met,” they said.
“Platforms are great but if you don’t have the help setting them up and using them, it’s going to be a burden, and people will just drop things. Support really makes a difference.”
Supporting Future Audits
With this year’s big audit out of the way, the leading finance industry company is working to safeguard their systems by getting everything set up in Gathid to enable ongoing monitoring of identity and access data.
“It’s going to be a valuable tool that will flag things between audits. We won’t have to rely on an audit that shows a lot of changes that need to happen. That will be a big saving of time and resources for everyone.”
