Case Study: Labelbox achieves secure Kubernetes access and reduced attack surface with Apono

Labelbox Secures Kubernetes Access with Apono

Labelbox, a leading provider of AI data services, faced significant security challenges with its engineers retaining excessive, standing access privileges to Kubernetes pods. This over-permissioned state expanded their attack surface, allowing for risky actions like viewing and editing secrets. To tighten security without hindering productivity, Labelbox implemented Apono's Cloud Privileged Access Platform to transition from always-on access to a just-in-time model.

By using Apono, Labelbox replaced broad privileges with fine-grained, temporary RBAC roles that engineers could request. This solution delivered a 98% reduction in attack surface and a 90% drop in requests for risky access, while 92% of manual approvals were completed in under two hours. The implementation provided fully monitored, policy-controlled access, eliminating unnecessary risk and allowing engineers to work efficiently with appropriate security friction based on environment risk levels.

Labelbox

Aaron Bacchi

Sr. DevSecOps Engineer