Back

How Genesys runs access reviews 3x faster with Veza

Industry

Technology – Customer Experience

Organization Size

6000

Headquarters

Menlo Park, California

Challenges

Certifying multiple concurrent user access reviews for more than 6 audits at once in a timely manner.

Benefits

  • 3x faster access review facilitation
  • 6x faster access review approvals

Key Features

  • User Access Reviews
  • Privileged Access Reviews
  • Authorization Graph

Introduction

More than 7,500 companies in over 100 countries use Genesys Cloud to deliver personalized customer experiences at scale. Since customer data is the key input for personalization, Genesys must achieve high standards of trust and security so its customers have the confidence to securely share their own customers’ data with Genesys. To earn the confidence of its customers, Genesys maintains a comprehensive compliance portfolio which involves going through numerous audits as often as every two months. Controlling who has access to what data is at the core of most of these audits. The Genesys security engineering team facilitates access reviews for PCI-DSS, HIPAA, ISO 27001, SOX, SOC 2, HITRUST, customer audits, as well as international audits.

The need to scale: facilitating access reviews across a growing team and a complex tech stack

As recently as 2016, security reviews were completely manual. However, that manual process couldn’t scale as the technology stack became more complex and the number of people in the organization increased. David Morton, the team lead on the security engineering team, rolled out an automated process using a Python script that would parse access assignments across all systems, create PDF docs of user roles, and manually assign access reviews of each user.

While better than spreadsheets, this process also became too overwhelming. The approvers would need to review dozens of lengthy PDF docs  every 60 to 90 days, and the security engineering team would need to have three people dedicate up to four weeks to set up and run all the access reviews.

It got to a point where the sheer volume of access reviews per approver got too overwhelming and also demanded weeks of engineering effort to conduct, and that’s exactly what we wanted to avoid.

David Morton, Team Lead, Senior Security Engineer, Genesys

Make access reviews simple and fast for facilitators and reviewers

With Veza, Dave and his security engineering team were able to give their reviewers a simpler user experience that made reviewing and approving access easy and fast. Reviewers can now filter by application or by direct report and have enough context of each user’s roles and permissions during the review to make more intelligent access decisions. David’s team can now set up and run access reviews with only a third of the effort compared to what those used to take.

Because Veza translates complex system-specific permissions into common terms like Create, Read, Update, and Delete it makes understanding user permissions during access reviews much more intuitive for our approvers – allowing us to scale the number of systems we can review per quarter to better demonstrate our commitment to securing our customers’ data.

David Morton, Team Lead, Senior Security Engineer, Genesys

The Veza impact

  • Time savings. It now only takes one team member five days to set up an access review as opposed to a team of three for three to four weeks. For approvers, it only takes 30 minutes to review and approve access instead of as many as eight hours.
  • Better reviewer experience. The reviewers have a more comprehensive context of the user, title, permissions and roles within an application on a single screen rather than having to go through multiple sources. 
  • Better facilitator experience. Veza has reduced the operational overhead from the access review facilitators with automated email and other notifications, as well as escalation points to ensure reviewers are certifying access in a timely manner. 

Now that we don’t have to invest so much time and effort into setting up and running access reviews each quarter, our team is able to spend more of our time on our mission to design security processes and configurations that strengthen our overall security posture.

David Morton, Team Lead, Senior Security Engineer, Genesys

About Genesys

Genesys empowers more than 7,500 organizations in over 100 countries to improve loyalty and business outcomes by creating the best experiences for customers and employees. Through Genesys Cloud, the #1 AI-powered experience orchestration platform, Genesys delivers the future of CX to organizations of all sizes so they can provide empathetic, personalized experience at scale. As the trusted, all-in-one platform born in the cloud, Genesys Cloud accelerates growth for organizations by enabling them to differentiate with the right customer experience at the right time, while driving stronger workforce engagement, efficiency and operational improvements.