Case Study: Kameleoon strengthens SSH security and SOC 2 readiness with Smallstep

How Kameleoon Automated Enterprise SSH Access to Safeguard its Security Posture

Kameleoon, a provider of an AI-driven experimentation and personalization platform, faced significant challenges in managing secure SSH access for its DevOps team. Their Chief Information Security Officer, Jimmy Passemard, needed to eliminate scattered SSH keys and inefficient manual auditing processes to meet ISO 27001 and SOC 2 compliance requirements for their customers. This manual work was time-consuming and weakened the company's overall security posture.

The vendor Smallstep provided an enterprise SSH access solution with its SSH Certificate Authority to automate role-based access. This allowed Kameleoon to immediately grant and rescind user permissions to servers without operational overhead, creating a clear audit trail. Smallstep integrated seamlessly with their existing tools, required no extra training, and replaced all SSH keys with certificates. This transformation built immense trust during the audit process and was described by the CISO as a lightweight solution that closed security gaps, helping them progress toward their SOC 2 certification.

Kameleoon

Jimmy Passemard

Chief Information Security Officer