back to Case Studies

How ScaleSec Automates AWS Permissions at Scale

How ScaleSec Automates AWS Permissions at Scale

Key Customer Facts

Enterprise IAM Makeover
How ScaleSec Automates AWS Permissions at Scale

Project Challenges

A major US bank sought to reduce friction for developers managing access control policies at scale. ScaleSec led a mixed virtual team of customers engineers and third party consultants in a company-wide effort to automate IAM policy construction. As a result of the team’s effort, the customer can now generate sophisticated policies with tailored permissions for hundreds of applications.


Nowadays, nearly every major bank relies on cloud computing as a cornerstone of agility and operational efficiency. Our customer hosts a growing portfolio of mobile and online services powered by APIs and microservices on AWS. AWS was selected for security, productivity, speed to market, and elasticity to support customer demand.


A strong cybersecurity strategy is paramount to safeguarding customer data and a crucial component in building trust in banking. ScaleSec helps banking customers safeguard customer data using security automation to unlock innovation and reduce time to market by accelerating development cycles. Automation is an effective way to grow cybersecurity maturity, especially for customers who operate technology at scale. Mistakes in manual processes can be costly, introduce risk, and slow time to market. ScaleSec was selected for deep AWS security expertise and technical leadership.

ScaleSec demonstrated commitment and ownership and delivered the results we needed. Their flexibility and collaborative work ethic were key to success for our busy team. – VP Enterprise Identity & Access Management/

Services provided

As a core component of their information security risk management approach, the bank is continuing significant investments to enhance cybersecurity programs. As an information-based company, the customer wanted to analyze each application to justify the provisioned permissions.

Partner Solutions / Products Used

AWS recommends a regular review of provisioned permissions to identify and remove unused permissions. To reliably execute this security best practice at scale, ScaleSec created a “policy factory” to automatically generate granular IAM policies based on historical application behavior. ScaleSec incorporated open source solutions like parliament and policy_sentry with existing investments to orchestrate policy construction. In addition to removing permissions for unused services, the policy factory refines permissions by mining AWS CloudTrail logs to profile the historical behavior of each application.

The orchestration layer also ensures compliance with security controls required by the customer’s corporate governance team. Amazon QuickSight dashboards provide insights into permission use, which became an important tool when analyzing and understanding application behavior. ScaleSec produced dynamic remediation guides for each original policy, and hosted workshops and technical exchanges to coach development teams through replacing current policies with those automatically constructed by the policy factory.

Customer Voice

“The policy factory greatly reduces the effort required to create custom IAM policies to support hundreds of business applications.” Enterprise IAM Makeover – Senior Director of Cloud Engineering, Major US Bank

Results / Impact / Highlights

With permissions profiling and policy construction automated, engineers and developers can review and “right size” permissions regularly. This self-service model allows developers to design, validate, and deploy complex permissions without costly and error-prone manual steps.

ScaleSec continues to support the customer in building low-friction, scalable security solutions for a variety of financial services workloads across hundreds of AWS accounts.

Throughout this engagement, ScaleSec consultants worked with the customer and AWS to contribute detailed, transparent feedback for this use case to AWS service teams, which ultimately resulted in improvements recently launched for AWS IAM that can be used to achieve a similar outcome. ScaleSec is pleased to have contributed to the democratization of this powerful security feature which is now available for all AWS customers at no additional cost.

ScaleSec is a Cloud Security Alliance Member.
ScaleSec is a Cloud Security Alliance Trusted Cloud Consultant.
ScaleSec is a Better Business Bureau® Accredited Business.
ScaleSec is a PCI Security Standards Council Participating Organization.
ScaleSec is a service-disabled, veteran-owned small business (SDVOSB) for cloud security.
ScaleSec is a certified Veteran’s Business Enterprise™ (VBE) from the National Veteran Owned Business Association.

Here for you

Have questions? Leverage our expertise to help you meet your business goals with a strong security posture.

Join us

ScaleSec is a well-connected, fully remote team. We thrive in the great undocumented beyond. We’re hiring in most US metros.

Get in touch

Considering cloud? Want to optimize and transform your existing digital portfolio?
Reach out to us.

Gap Assessment

Get perspective. Address security comprehensively.

Prepare for compliance.

San Diego, CA 92120, United States


© 2023 ScaleSec. All rights reserved. | Privacy Policy