Customer Story - How Q42 Simplified Identity Governance for ISO 27001 Compliance

Q42's Road to ISO 27001 Certification

Q42, a dynamic digital studio, crafts custom software products for a wide array of clients such as Rijksmuseum, Hema and Royal Dutch Airlines KLM. With over 100 projects and a diverse mix of tools and infrastructure, they needed a robust solution to manage user access.

Traditional methods of managing user access were proving insufficient, and with the company working towards ISO 27001 certification, the need for a strong user access management solution became even more critical.

In this context, the concept of lightweight identity governance, with its promise of rapid deployment and ease of use, emerged as a perfect fit, and Elimity was chosen as the platform to achieve this.

The challenges

1. Need for Control

Q42 needed to establish provable control over who can access which data and applications. They needed to know which employees had access to which resources, especially those that did not belong to their projects.

2. Diverse Technology Landscape

Diverse Technology Landscape: Q42 uses a variety of tools and infrastructure across its projects, including GitHub, Google Workspace, and Vercel. This diversity presents a challenge for managing user access effectively.

3. ISO 27001 Certification

Q42's goal of achieving ISO 27001 certification further emphasized the need for a robust and auditable user access management system.

The need to avoid multi-year IAM roll-outs and to quickly identify access risks, clean up and introduce governance was essential for Q42.

4. Need for Rapid Deployment

Q42 needed a solution that could be implemented quickly, providing visibility and control over user access within days, not months or years. They wanted to achieve access reviews and visibility quickly.

Additionally, Q42's wanted to avoid multi-year IAM roll-outs to quickly identify access risks and introduce governance.

5.  Who can access what?

Q42 needed a way to create visibility into users and accesses across the IT landscape, review access, and monitor over time. They also wanted to automate provisioning and improve decision-making and data quality.

The Approach and Solution

The goal for the success of the project was clear: to import data, analyze it, set up monitoring, and conduct access reviews and change requests.

Q42 deployed the Elimity Insights platform and rapidly integrated it with a variety of applications, including critical systems such as AWS, Azure, Github, Slack and 1Password. The team used pre-built connectors and explored ways to create custom connectors to accommodate their specific needs.

The platform Elimity Insights then linked all of this data and enabled everyone in the security team to:

👉 Track essential security controls
👉 Ask the business for input through access reviews
👉 Clean up risky accesses 
👉 Easily perform identity controls

The Key Results

✅ Improved security posture with full visibility over user access.
✅ Easily tracked who has access to what across all projects.
✅ Quickly identified access risks and streamlined access reviews.
✅ Ensured only authorized users could access sensitive resources.
✅ Supported ISO 27001 certification efforts with better governance.
✅ Provided tools for ongoing security maintenance and compliance.

“We needed a lightweight identity governance solution that seamlessly connects to our key systems. Elimity provided exactly that—quick integration without the complexity," explained Jasper Kaizer, the COO of Q42.

Conclusion

Elimity’s lightweight identity governance platform offered a fast and effective way for Q42 to achieve control over user access. By offering a solution that prioritizes rapid implementation and ease of use, Elimity helped Q42 transition from a state of security complexity to a state of strong, ongoing security control.

Would you like to discover how to achieve user access control within days? Book here a demo meeting.

Watch On-Demand Webinar Hosted By Q42 and Elimity 

Join us for a session with our customer Q42. Jasper Kaizer, COO of Q42, shares their journey with Elimity and how they gained strict control over user access to meet ISO 27001 certification requirements.

What to Expect?

✅ Challenges & Solutions: Learn how Q42 tackled identity governance challenges and why they needed a lightweight solution that seamlessly connects to their crucial systems.

✅ Q42’s Perspective: Hear from Jasper Kaizer, COO of Q42, on their journey to improved security and compliance readiness.

✅ Live Demo: See how Elimity enables fast and efficient user access management without the complexity.


🗓️ Date: March 12th at 4:00 PM CET