Compromised credentials, excessive access rights, dormant accounts, and misconfigured permissions are among the most common causes of successful cyberattacks. 786 Cyber gives you a clear, unified view of identity risk across your organisation.
Why identity matters
Firewalls and antivirus protect the perimeter. But the perimeter has moved. Today, an attacker with a valid username and password can walk straight past every technical control — because as far as the system is concerned, they are a legitimate user. Identity governance is the control layer that changes this.
"Identity governance isn't a feature of enterprise security — it's the foundation. You cannot protect what you cannot see, and you cannot see what you haven't mapped."
Every person who joins, moves within, or leaves your organisation creates an identity event that has security implications. Who gets access to what? When is it revoked? Who approved it? Without documented processes and visibility, these questions go unanswered — and the answers are precisely what attackers exploit.
For growing businesses, identity risk compounds with every hire. Each new employee, contractor, or partner creates new access requirements that are rarely reviewed systematically. 786 Cyber gives you the visibility and processes to manage this at any scale.
For MSPs, identity governance is one of the most common gaps in client environments — and one of the highest-value services you can deliver. 786 Cyber's multi-tenant portal surfaces identity risk across every client from a single dashboard.
New staff need the right access from day one — no more, no less. A documented provisioning process ensures consistent, least-privilege access that reduces both security risk and onboarding friction.
Promotions, team changes, and project access accumulate over time without review. Documented movers processes and periodic access reviews prevent privilege creep — the gradual accumulation of access that no one intended to grant permanently.
The most dangerous identity event is a departure that isn't handled correctly. Accounts left active, access not revoked, shared credentials not rotated — each one is a security incident waiting to happen. A documented leavers process closes these doors immediately.
When an incident occurs, the first question is always: who had access? 786 Cyber's audit trail answers this immediately — who had what access, when it was granted, when it was reviewed, and when it was revoked.
What you get
Phase 2 (Q2 2026) — 786 Cyber connects directly to Microsoft 365 and Google Workspace and surfaces identity risk across your entire organisation. The People Directory and CSV import are live today; full directory sync is rolling out.
Connect to Microsoft 365, Google Workspace, and Active Directory — a unified view of all users and access rights across your systems.
Visual permission mapping shows who has access to what — and how they got it. Surface excessive privileges and shared credentials immediately.
Each user account scored based on privilege level, dormancy, MFA status, and access breadth — prioritising the accounts that represent the highest risk.
See MFA coverage across all users and systems at a glance — with step-by-step deployment guidance for any gaps.
Documented user lifecycle processes — provisioning, access reviews, and offboarding — that run consistently without manual oversight.
MFA enforcement, access reviews, and least privilege controls satisfy requirements across Cyber Essentials, ISO 27001, GDPR, NIS2, and NIST CSF simultaneously. Implement once — progress across all relevant frameworks.
Platform features
While Module 4 is in development, 786 Cyber already covers the identity governance requirements that matter most for compliance — through policies, controls, and the access management features available today.
Admin, Security Lead, and Viewer roles — assign the right level of platform access to each team member. Full audit trail of who changed what and when.
Password Policy and Acceptable Use Policy generated automatically — documenting MFA requirements, access standards, and user responsibilities.
MFA implementation tracked as a control in your compliance roadmap — tagged to Cyber Essentials, ISO 27001, and GDPR requirements simultaneously.
Every platform action logged — who accessed what, when policies were updated, when controls were implemented. Essential for access-related audit evidence.
Manage identity and access controls across multiple organisations. MSPs surface identity risk across every client from a single dashboard.
Monthly reports flag outstanding identity controls — MFA gaps, access review status, and role-based access changes — keeping leadership informed.
Framework coverage
User access control is one of the 5 CE categories — MFA, least privilege, and account reviews all required.
Annex A.9 (Access Control) and A.6 (Identity governance) are among the most audited ISO 27001 controls.
Article 32 requires access controls and authentication measures as technical security measures.
NIS2 requires documented access control policies and privileged access management for essential entities.
Start with your MFA and access control policies — generated in minutes, tagged to every relevant framework.
For MSPs: enquire about the partner programme →