The Ultimate Guide to Non-Human Identities Report
NHI Forum

Forums
Non-Human Identity ...
NHI Support & Guida...
How a Large Insuran...
 
Notifications
Clear all

How a Large Insurance Provider Secured 40,000+ GCP Service Accounts

 
    Last Post
  RSS

 P0 Security
(@p0-security)
Eminent Member
Joined: 4 months ago
Posts: 9
Topic starter 14/08/2025 2:26 pm  

Read full article here: https://www.p0.dev/blog/case-study-gcp-service-account-governance-at-scale/source=nhimg

 

A major insurance provider operating over 1,000 Google Cloud Platform (GCP) projects faced a growing identity security crisis: 40,000+ service accounts (growing 5% monthly) and 30,000+ static keys, many without ownership, visibility, or proper lifecycle governance. This created severe risk exposure, operational inefficiency, and compliance gaps.

 

Key Challenges

  • No Ownership or Accountability – Thousands of orphaned service accounts made governance nearly impossible.

  • Lack of Visibility – No unified insight into usage, risk, or access levels across 1,000+ projects.

  • Manual, Inefficient Remediation – Risk cleanup required significant personnel time and custom tooling.

  • Tooling Gaps – IGA tools managed human identities but not NHIs; CSPM solutions lacked governance workflows; native GCP tools had feature and access limitations.

 

The P0 Solution

By deploying P0’s platform, fully connected to GCP APIs in under an hour, the insurer gained instant visibility into every identity and its risk profile. Key actions included:

  • Comprehensive Identity Inventory – Cataloged all service accounts, users, owners, and consumers.

  • Risk Posture Analysis – Flagged over-privileged and unused accounts, mapping their accessible resources.

  • Automated Governance – Bulk-remediated unused accounts, rotated keys, enforced least privilege, and implemented just-in-time permissions.

 

The Results

Within weeks, the organization:

  • Eliminated 30,000+ static keys and significantly reduced over-privileged access.

  • Automated ongoing governance, ensuring new service accounts meet security standards from day one.

  • Achieved continuous compliance and reduced operational overhead, without deploying new infrastructure.

Compared to manual remediation estimated to take months with only ~70% risk reduction—P0 delivered full governance coverage and a sustainable, automated security posture at scale.

 

 

This topic was modified 3 days ago by P0 Security

   
Quote
Topic Tags
P0 Security GCP NHI Security Service Accounts
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  P0 Security (9) , GCP (1) , NHI Security (100) , Service Accounts (2) ,
Share:

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.