Stavvy Cuts Privileged Access by 85%

INDUSTRY
EMPLOYEES
FOUNDED
Fintech
160
2018

Overview

Stavvy is a digital transaction platform built for real estate professionals. By connecting people, systems, and processes, Stavvy modernizes real estate transactions through collaboration, reliability, and choice.

"Multiplier has transformed how we manage privileged access at Stavvy. The speed of onboarding, combined with its rich functionality and usability, makes it an unbeatable solution. 

I haven't found any other tools as simple and approachable for a startup wanting to uplevel access management."

John Yamich
Cybersecurity Engineer

The Problem

Overprovisioned & Long-Lived Access 

Clients trust Stavvy with their most important financial documents and data. After securing $53M in Series A funding and acquiring two companies, maintaining that trust means prioritizing secure access management as they scale.

After joining the company, the need was clear to minimize access for all humans.  Long lived access has its well-known pitfalls which could be solved with a Just-In-Time system that grants access only when needed, and expires until the next time it is needed.

"This was a priority for us as our user base and access needs grew. We needed an access workflow that followed best practice. "

Additionally, it was critical to customers and compliance frameworks that a robust solution be implemented which minimized privileged access.

The Solution

Implementing guardrails with Multiplier's granular, integrated approach

The right access management tool had to meet several criteria for John. Jira Service Management (JSM) and other Atlassian products were baked into Stavvy's workflow, so the tool had to integrate with their Atlassian stack. 

Other non-negotiable features were:

  • Granular control over access management
  • The ability to set time limits and segment access based on risk level
  • An interface that would simplify access requests for Stavvy's engineers

First, they tried fixing the problem with single sign-on (SSO), but the solution fell short in available workflows and functionality.  The product also carried a hefty price tag.

John also examined open-sourced tools published by some big tech companies. Unfortunately, most were either unsupported or abandoned by their authors.  One such solution required setting up and maintaining 4-5 different products to manage access, making it impractical for Stavvy.

"Multiplier stood out for its specific controls, vision, features, pricing, and usability. The ability to integrate with our Jira workflows and do everything through Slack was a game-changer for me and my team." 

John ultimately chose Multiplier and has since transformed how Stavvy approaches access management. 

Stavvy's engineers can now request just-in-time access to the specific cloud resources they need. No more standing privileges—access automatically expires after the approved window. 

"We sleep easier because the default state is no-access to privileged resources"

Multiplier's detailed logging also provides Stavvy's security team with a clear audit trail of who accessed what, when, and why - enabling them to easily investigate alerts without interrupting engineers.

The Impact

Privileged Access Just In Time

Users have access when they need it and no access by default.

1,300+ access requests automatically revoked & counting

Since deploying Multiplier, Stavvy has automatically revoked 1,300+ access requests after their approved duration. That's an average of 150-200 requests a month – saving time and resources while strengthening Stavvy's overall security posture. 

Consistently fast access approvals

By configuring Multiplier's approval flows and setting up a Slack bot to notify approvers of pending requests over 15 minutes, Stavvy has been able to meet the JIT access demands of the organization.

Broadening least privilege to Stavvy's databases

Stavvy has also extended Multiplier to control access to databases. Engineers request time-bound database access through Multiplier, which automatically revokes their access once the approved time expires.

Ready to automate your access requests?

Start managing access using Multiplier today

Get Started for FreeTalk to us