Customer Story: Convex Insurance

Convex Insurance chose Push to close the gap left by traditional CASB solutions, enabling them to enhance their identity security and gain control of shadow SaaS at the same time.

About Convex Insurance

Convex Insurance is an international specialty insurer founded in 2019 and operating in Bermuda, London, and Luxembourg. Convex provides underwriting for complex specialty risks, including in the areas of energy, commercial property, crisis management, and aerospace.


Why Convex chose Push:

  • Convex Insurance, an international specialty insurer, needed a way to secure identities on cloud apps — including apps not on SSO.
  • Push helped Convex get a unified view across both their identity security posture and their estate of third-party apps and OAuth integrations.
  • Convex was able to get reliable data in order to put further weight behind their security policies. The security team was also able to use Push’s automated self-remediation ChatOps workflows to reduce the manual effort of fixing issues.

0

+

Number of apps

0

hour

Proof of concept setup

0

Users protected

//

With Push, suddenly we had the potential of installing something into our estate that would give us even better information to make decisions about our SaaS and identity security posture so we could get a unified picture of the risks.

//

Michael Earl

Security Operations Lead

Business Challenge

As a specialty insurer handling complex requirements, Convex Insurance relies on security solutions that provide the flexibility their workforce needs in order to deliver services in areas as diverse as crisis management, marine cargo, renewable energy, and satellite launches in multiple countries and territories.

“At Convex, we embrace the role that our staff play in helping secure the business and we empower them to make good decisions while providing them with the information they need to do that,” says Michael Earl, security operations lead at Convex.

Convex has also welcomed the use of cloud apps to supercharge productivity, with employees using a large number of SaaS apps, from the mundane to the obscure. 

However, the widespread use of cloud apps posed a challenge for the Convex security team in getting a unified view across their app estate and identity posture. Existing tools provided a lot of data, but it was a time-consuming process to glean the insights the team needed to effectively enforce security policies.

The potential blindspot of unmanaged apps and identities was a concern and led to hard conversations among the security team.

//
If we have a breach at a third party that some of our users are signed up to, we need to immediately understand where we have accounts and data so we can take appropriate steps.
//

Convex Insurance

Technical Challenge

CASB approach was time-consuming

Early attempts to solve the challenge of getting full visibility of both identity posture and their app estate were time-consuming.

This entailed combing through CASB logs to identify visited URLs and HTTP methods, as well as evidence of POST data and transferred bytes. Then the security team would try to infer if employees were using unsanctioned applications or storing data where it wasn’t approved to go. “It was quite a manual exercise,” Michael says. 

That spotty evidence made it hard for the security team to have informed conversations with end-users. 

“When you have a conversation with an employee, you want to make sure you have the proper information on whether they were actually using an app so you don’t put someone on the defensive when they were just doing their job,” Michael says.


Seeking visibility of non-SSO cloud identities

At the same time, the team was looking for additional ways to get the visibility they needed for securing non-SSO cloud identities. In particular, they were worried about identities that could exist on unmanaged apps.

“In our industry, it is the SaaS apps that are not SSO-integrated that are potentially the biggest danger,” says Alistair McGlinchy, IT security engineer at Convex.

“So if a third party has their password database attacked and there has been any password reuse, an attacker can password-spray and get to the point where MFA is the only blocker for somebody trying to authenticate.”

//
In our industry, it is the SaaS apps that are not SSO-integrated that are potentially the biggest danger.
//

Convex Insurance

Solution

Convex chose Push initially to help them further secure identities on a large catalog of cloud apps. In learning more about the product, they realized Push would also give them a unique unified view of both identity posture and their third-party apps and OAuth integrations — even unsanctioned or “shadow” apps.

“Other than you guys, we just didn’t have any awareness of anything in the market that matched the level of intelligence that Push can provide about how our employees use passwords,” Michael says. “ And then we learned about all the additional features, like you can see where all of your apps are integrated and what people are doing with them.

You’ve got this nice unified view of all of the OAuth scopes and things that people have been granting. The product works. It ticks all the boxes, really.”

//
The product works. It ticks all the boxes, really.
//

Convex Insurance

Easy deployment

Setting up a proof of concept was a 1-hour video call, Alistair recalls. 

“It was one of the more straightforward onboarding and trial experiences that we’ve had, and that’s continued post-procurement as well,” Michael says.

The team was able to select a test group and deploy the Push browser extension via MDM. The Convex team also appreciated Push’s support for Google Workspace and alternative identity providers.

Immediate value

During the trial, the security team found high-risk password reuse among their own IT team.

Armed with this information, they could follow up with employees directly — or use Push’s automated self-remediation ChatOps workflows to facilitate that conversation without it feeling awkward for either party.

“As far as we’re concerned, it is better coming from an automated platform,” Michael says. “We’re a small team, so we don’t have a lot of time to manually follow up on every possible issue. We absolutely need tools that both detect and notify about the problem and facilitate the remediation steps.”

They were also able to identify non-SSO apps with heavy usage and restrict their use, as well as gauge their employees’ use of AI and LLM tools.

//
It was one of the more straightforward onboarding and trial experiences that we’ve had, and that’s continued post-procurement as well.
//

Convex Insurance

Putting more weight behind security policies

With the data provided by the Push platform, the Convex security team now has the evidence they need to be able to reinforce security policies for their cloud estate.

“It gives us all the information that we need to attack the problem and provide even better security for our business,” Michael says.


Explore more customer stories

How Cribl leverages Push to enhance proactive browser security.

Why Inductive Automation chose Push Security.

Why Upvest chose Push Security.

ConsentFix debrief: latest community insights, recommendations, and predictions
New insights on the ConsentFix campaign stopped by Push.
author image
Dan
Jan 14, 2026
// Read more
How cyber criminals power malvertising scams with stolen accounts
Attackers are going out of their way to target Google Ad Manager accounts, powering malvertising scams. Here’s what you need to know.
author image
Dan
Jan 12, 2026
// Read more
Google Search malvertising campaign continues, now impersonating Ahrefs
New samples linked to a Push-tracked malvertising campaign detected, targeting Google accounts via an Ahrefs lure.
author image
Dan
Jan 12, 2026
// Read more