FreeAgent is a cloud based accounting software provider headquartered in Edinburgh, Scotland. The company serves more than 200,000 small businesses and has been part of NatWest Group since 2018. As a fintech business operating in a regulated environment, security, compliance, and risk reduction are core priorities.

‍

Access management is not limited to central IT. Multiple stakeholders across the business manage access at different levels for different services. As the organization matured, it became clear that access governance needed to provide complete visibility, enforce least privilege, and engage users directly in the process.

‍

Managing access in Google spreadsheets did not scale and did not provide the control or auditability required for a regulated environment.

‍

‍Achieving complete access visibility

FreeAgent needed a clear, current view of who has access to which services across the business. Spreadsheets did not provide reliable oversight and did not scale with organizational complexity.

‍

Implementing mature least privilege governance

Many organizations talk about least privilege, but implementing it well is difficult. For FreeAgent, reducing access was fundamental to reducing risk from malware, insider abuse, and phishing. Lower access reduces the impact of any successful attack.

Least privilege had to be enforced consistently and with maturity, not just documented as policy.

‍

Engaging users in the governance process

Access governance is a shared responsibility across teams. Previous tools worked for security or corporate IT, but they lacked user engagement. Adding friction or managing access entirely in the background created awkward conversations and reduced transparency.

FreeAgent wanted a solution that worked with users where they already operate and made them active participants in the process.

‍

FreeAgent implemented Cakewalk to centralize access visibility, support mature least privilege governance, and integrate access workflows directly into Slack.

‍

Slack first access workflows

Access requests and approvals happen directly in Slack. For employees, interacting with Cakewalk feels similar to messaging corporate IT. This usability was key.

The Slack interface makes access governance visible and approachable instead of hidden or intimidating.

‍

User prompted access awareness

Cakewalk prompts users directly about the services they can access. Instead of silently managing permissions in the background, employees are made aware of their access and encouraged to participate in reviews.

This helps build a culture of security across the business rather than treating security as a separate function.

‍

Central visibility and scalable governance

Cakewalk provides a centralized view of access across services, replacing spreadsheets with a structured and scalable system. Security teams gain clearer oversight while multiple stakeholders across the business remain involved in decision making.

Least privilege is not only documented but actively implemented and maintained.

‍