Transforming Onboarding and Security Efficiency at Cyberhaven
Snapshot
130 Employees
30 SaaS Applications
3 IT and Security Staff
7 days saved per quarter
Problem
Cyberhaven is a fast-growing cybersecurity firm. And like many rapidly-growing companies, the team was facing a series of obstacles as they scaled. Cyberhaven has a small team responsible for both IT and Security, so optimizing for efficiency is crucial to ensure smooth operations and speedy onboardings. And because security is paramount for a company selling data security software, greater efficiency directly translates into more time spent proactively working to improve their security posture. Unfortunately, the Cyberhaven team was struggling with access management – inefficient onboarding and offboarding processes and compliance reporting – that were monopolizing the team’s time. David Phillips, the IT Security Lead, explained the situation: “We were managing everything related to user lifecycle management through Slack, Notion, and Google Sheets. It was incredibly manual, time-consuming, and prone to errors.”
David continued, “I was spending 3-4 hours on an onboarding day rather than prioritizing the security work we wanted to do. At the same time, the onboarding experience is so important to the company, I couldn’t let that fall through the cracks.” David and his HR partner considered building automations through their existing HRIS system, but it became clear that the tool wasn’t designed to support security-first onboarding and offboarding workflows.
Complicating things further, the team also needed to ensure SOC 2 Type 2 requirements were being met. David continued, “Our manual tracking and documentation for access reviews and onboarding compliance were not only cumbersome but also time-consuming, creating a higher risk of mistakes and inefficiencies.”
Solution
When the Cyberhaven team found YeshID, several things clicked into place. Not only did YeshID offer customizable workflows to make onboarding and offboarding more efficient, it also included built-in security features that would enhance David’s security workflows and streamline compliance reporting.
David explained, “Our first sessions with the YeshID team were so collaborative. They really wanted to understand what problems we wanted to solve and talk through their approach. I was immediately impressed with how intuitive everything was – things that would take me so much more time in Google Workspace to configure. It was just, wow, this is really simple.”
Working closely with the YeshID team, David uploaded a CSV of the applications Cyberhaven was using to fill the application grid and then designed onboarding and offboarding workflows that replicated the manual work he was doing each week.
“Immediately I had turned hours of manual work into workflows I could schedule. And really quickly thereafter we got a level of visibility we’d never had before. Being able to explore who was using what applications, what level of permission those applications had, and where there were risks to our organization was really cool.”
Results
YeshID has had a deeply positive impact on Cyberhaven’s IT and Security team, its HR team, and its new employees. “The experience on both sides is a really stark difference,” David said. “On an employee’s first day they get an email that takes them through a simple onboarding workflow for all their applications. And for me, I’m not being hit with multiple Slack messages requesting access or chasing people down to provide it. It all just flies into YeshID and gets automatically routed to the owners.”
Moreover, YeshID streamlined compliance with SOC 2 Type 2 requirements. “YeshID made compliance tasks like quarterly access reviews much more manageable. The platform’s documentation and reporting capabilities simplified these processes and ensured we met our compliance obligations more efficiently,” Phillips noted. The comprehensive YeshID dashboard offered instant visibility into user and application data, making management and reporting tasks more straightforward. And, YeshID proactively surfaces potential security issues rather than requiring an admin to search Google Workspace for details or manually compile data. “The ease of access to crucial information through YeshID was a game-changer. It allowed us to better embed security practices into our workflows,” Phillips added.
Conclusion
According to David and the Cyberhaven team, YeshID is now an instrumental extension of their workflows across onboarding, compliance, and security. “In a nutshell,” David said, “We get to ensure our new hires have a great first day experience, we’re empowered with auditability at our fingertips, and all the automations give us time back to focus on improving our security posture and building the best security program that we can have.”