Securing the Cloud Infrastructure Behind 28,800 Power Plants

ENlighten is Korea's leading energy climate-tech company, operating an integrated platform that manages over 28,800 solar power plants nationwide. Their technology stack, built on Google Cloud Platform, powers everything from AI-driven generation forecasting to real-time asset monitoring and energy trading. As the company scaled rapidly and pursued enterprise clients requiring strict security compliance, ISMS certification became essential. However, years of fast-paced development had left Google Cloud service keys scattered across repositories, documentation, and collaboration tools. With cloud credentials serving as the keys to infrastructure managing critical energy data, any exposure represented significant operational and compliance risk.

ENlighten deployed Cremit to gain visibility into credentials across their cloud-native infrastructure. As an energy platform managing over 28,800 solar power plants nationwide, the company relies heavily on Google Cloud Platform for data processing, AI-powered forecasting, and real-time monitoring. Cremit scanned their development and collaboration environments, identifying Google Cloud service keys that had been inadvertently exposed across repositories and internal documentation. The discovery enabled the team to secure these credentials before they could be exploited, directly supporting their ISMS certification requirements.

The scan revealed a significant number of Google Cloud service keys that had accumulated across the organization's tech stack over time. These credentials, essential for accessing critical cloud infrastructure managing energy data from tens of thousands of power plants, were secured promptly. Beyond immediate risk remediation, the discovery and remediation process provided documented evidence of credential management practices, directly supporting ENlighten's ISMS certification audit. For an energy platform handling sensitive operational data and financial transactions, this level of credential hygiene became a competitive advantage in demonstrating security maturity to enterprise clients and regulators.