Drieam uses AccessOwl to save time and stay SOC 2 compliant

The Solution.

Tom and his team were looking for an automated tool that could be neatly integrated into Drieam's Slack-based working environment. Their criteria were pretty clear.

“It needed to reduce work and not make things more complicated. Plus, it needed to improve our security compliance within the company,” Tom explains.

Fortunately, Drieam found AccessOwl on the Slack Marketplace just days after it was listed on the site. Both the technology and type of company immediately appealed to the team, and there were no other vendors shortlisted.

“Because we are starting to scale up ourselves, we always like to work with companies who are also in the startup/scale-up phase who we believe have growth potential,” says Tom.

Access Owl replaces manual, spreadsheet-based processes with an automatically synced single source of truth for all user accounts and permissions. Users can now perform self-service access requests and approvals, which are all managed directly in Slack.

The Result.

Thanks to AccessOwl, Drieam has been able to institute a proper approvals workflow, whereas before there was only reactive decision making and ad hoc judgements based on “gut feeling,” according to Tom. This has helped to boost confidence in the process and support compliance efforts, as has the granular visibility admins now have into employee access rights.

“Without AccessOwl, the level of confidence [around who has access to what] wouldn't be as high as it is today, which could be a potential risk,” explains Tom.

The move to AccessOwl has also helped to improve the employee experience — for both general users and administrators.

“It's saved [our admins] quite a lot of time because they don't have to update the Google Sheet anymore, or check if people were granted access to an app without it being documented,” Tom says.

“And because of the AccessOwl onboarding template, new employees already have access to multiple applications on day one, by default, so they can have a great start to their new job.”

This streamlined onboarding is becoming even more valuable as the company grows.

“In the past, our HR manager, Celia, had to manually remind app owners to grant access for new starters, and it was not easy to create different profiles for different roles,” Tom explains. “Today it's so much easier. We might have five or six people joining on the same day, so it's really convenient to just click a few buttons. Everything is done automatically, and there's no need for HR to follow up anymore.”

As Drieam expands its employee base, AccessOwl will also help by supporting proper workflows for access requests and approvals — saving time and increasing confidence that all users are correctly provisioned.

“When you're a bit smaller, it's quite clear which person owns which application, so finding them on Slack is fairly easy. But when you're a company of 60 people, it gets more complicated. And when you're a company of 100 people, nobody knows who the application owner is,” says Tom. “As you grow, a few people can no longer oversee everything in a simple, manual way. You need proper workflows, so it gets more and more necessary to have a tool like AccessOwl.”

Tom and his team are delighted that the platform has helped them to hit their two main KPIs: achieving and staying SOC 2 compliant, and “removing barriers to empower our people.” They're impressed with the continued level of innovation occurring at AccessOwl, which means a steady flow of new features, and recommend the tool to others.

“AccessOwl is a great way to tackle one of the most important things in your security compliance strategy: your access management,” Tom concludes. “I would tell organizations considering AccessOwl to give it a try and just do it. I think it could help them.”