Sprout Social Cuts Access Review Campaign Times by 75% with CyberArk Modern IGA

Summary

As Sprout Social grew, managing regulatory and compliance requirements—especially for SOX and SOC 2—became increasingly complex due to manual, ticket-based access reviews. These reviews were slow, error-prone, and difficult to scale across their diverse cloud-native environment. To address this, Sprout Social turned to the CyberArk modern IGA solution, CyberArk Comply (formerly known as Zilla Comply). CyberArk Universal Sync (formerly known as Zilla Universal Sync) allowed them to integrate seamlessly with cloud applications, including those without APIs, automating access reviews and eliminating manual data pulls. The results were significant: access review cycles were cut from five weeks to under two, administration became simpler, and Sprout’s GRC team reclaimed time to focus on strategic security initiatives.

Company profile

Sprout Social, a global leader in social media management and analytics software, empowers approximately 30,000 brands to deliver smarter, faster business impact with comprehensive social media management solutions, including publishing and engagement, customer care, influencer marketing, advocacy and AI-powered business intelligence.

Challenges

For Sprout Social, a leading provider of social media brand management solutions, the need to efficiently manage regulatory and compliance requirements in a way that integrated with the diverse application estate, became increasingly crucial as the company grew.

Sprout Social’s GRC team was handling access reviews manually, using a ticketing system that created cumbersome workflows and awkward timing in notifications. With increasing pressure to maintain strict compliance with Sarbanes-Oxley (SOX) and SOC 2 requirements, Sprout needed a more streamlined process.

The Sprout team had an extensive set of goals for this project:

• Free up time for the GRC team and access reviewers: The manual process for conducting user access reviews was time-consuming — and an extra task for app owners that pulled them away from their day-to-day duties.
• Support a growing scope of tools: As Sprout Social continued to grow, the number of tools that required regular review for compliance purposes expanded as well. They required a solution to support a broader range of applications and integrate with the existing tech stack.
• Improve communication processes for reviewers: Sprout’s previous ticketing system-based process often created confusing or misaligned notification issues leading to duplicated work and making it harder to track and manage access review tasks effectively.

Solutions

Sprout Social needed a tool to integrate seamlessly into its cloud-native environment, including email provider, CRM, and HRIS systems. There was no time for a complicated onboarding process.

CyberArk Universal Sync functionality was a deciding factor. Sprout had several apps that couldn’t export user lists, a necessity for comprehensive access reviews. With Universal Sync, Sprout could synchronize with apps that didn’t have APIs available, further reducing manual work.

“Right from the outset, it was apparent that CyberArk IGA was designed for companies that rely heavily on cloud-based tools. Our integration was so quick. Everyone was onboarded immediately, and we saw results in our first fiscal quarter of use.”

– Jordan Thomson, Senior GRC Analyst at Sprout Social

Results

With the Sprout team’s successful deployment of CyberArk IGA, they were able to achieve quick and easy integration, and the precision needed to streamline critical processes.

Alongside ease of integration and streamlined processes, the team unlocked additional benefits, such as:

• Happier Reviewers: Before implementing Comply, Sprout’s GRC team often had to work around limitations in the previous system that required time-consuming, manual data pulls.
• Cut Access Review Time: Since implementing Comply, Sprout Social has seen a dramatic reduction in the time required for access reviews. Previously, access reviews took up to five weeks to complete; now, the GRC team completes them in under two weeks.
• Increased Time for Strategic Security Initiatives: By streamlining access reviews, Sprout’s GRC team was able to reclaim valuable time, which the team used to advance critical initiatives without compromising the quality or attention given to user access reviews.
• Expanded Scope of Access Reviews: CyberArk IGA enabled Sprout Social to expand its access reviews to additional tools. For example, the GRC team expanded access reviews to include HR tools which, while not required under SOX or SOC 2, contained sensitive data. The out-of-the-box API integration allowed Sprout to onboard a new HR tool in 30 minutes, and the team now has continuous, reliable visibility into its access permissions.
• Simplified Administration and Controlled Communication: By replacing their manual ticketing system, the solution improved communication with stakeholders, making notifications and review assignments more controlled and straightforward to manage.

“The Universal Sync tool got a lot of praise from the admin performing that access review, as they previously needed to review applications that had no API for export and instead took screenshots of hundreds of users to review. Using Universal Sync completely erased several days of work.”
– Jordan Thomson, Senior GRC Analyst, Sprout Social

Key benefits

• 75% reduction in project duration of access reviews.
• Improved communication with reviewers.
• Enhanced scalability to support a growing range of applications and systems.