Case Study: Lemonade achieves continuous least-privilege access and effortless SOX compliance with Arnica

Lemonade uses Arnica to make permissions management & compliance easy while making developers happy

Lemonade, the AI-powered insurance company, needed to tighten repository and pipeline permissions as it scaled to 250–500 developers while meeting SOX ITGC requirements for least privilege, segregation of duties, and regular audits — all without slowing developer velocity. To address this, Lemonade turned to Arnica.io for an automated permissions management solution.

Arnica.io deployed continuous, automated least-privilege controls and easy, on-demand audit reporting, integrating with developer workflows so security can manage access while engineers request permissions via Slack. The result was simplified SOX compliance, reduced manual effort (avoiding an estimated 50+ hours annually), lower development ecosystem risk, and high developer satisfaction.

Lemonade

Jonathan Jaffe

Chief Information Security Officer