- Role-based, attribute-based, & just-in-time access to infrastructure
- Connect any person or service to any infrastructure, anywhere
- Logging like you've never seen
StrongDM’s CTO and co-founder, Justin McCarthy, sat down with Drew Blas, Director of Internal Engineering at Betterment, to discuss sources of friction in infrastructure access and how automating access and auditing has helped enable Betterment expand its teams, move to Kubernetes, and explore multi-cloud environments.
"You need a truly flexible system that is resilient in the face of ... complexity. Having something that already has the features before you need them really changes the equation."
— Drew Blas, Director of Internal Engineering at Betterment
Creating Flexibility in Diverse Environments
Betterment has a diverse technical environment, with over 200 engineers supporting three independent product lines—each with a different customer base.
This diversity introduces a variety of challenges that are inherent to heterogeneous environments:
- Building a separate access model for every system in a diverse environment is cumbersome.
- Providing consistent access, while allowing teams to optimize for the problem they’re trying to solve, requires flexibility.
- Operators on the backend must maintain network performance, reliability, and security as teams introduce complexity.
Betterment needed to empower its individual local teams to solve the problems that they were facing, which meant flexibility was critical. This was part of the reason the company chose to partner with StrongDM—it provided flexibility while enabling operators on the backend to maintain the performance, security, and reliability that the company needed.
Networking in Multi-Cloud
Drew and Justin moved on to discuss the networking layer, taking a closer look at how systems connect to each other and how people connect to those systems.
- Connecting to multiple systems on different networks, with numerous accounts, and several isolated environments is complicated.
- End users don’t want to spend time figuring out how to access the systems they need; they simply want to connect.
- Even working with the cloud, you can still end up with multiple accounts and a lot of isolated environments.
End users know the database or server they want to connect to, but they shouldn’t have to spend time figuring out how to access the system. They need to be able to connect without worrying about access.
Auditing & Compliance
The nature of FinTech is that audit requests can come up at any time. Drew commented, “Security, compliance, and auditability [are] a mandate [for] all of our systems—that’s not negotiable. But it can’t be a bottleneck through which we start to refuse our employees the ability to do the job that they need to do.”
Scoping can be a major challenge here. Systems can easily fall outside of their standard compliance practices and slip through the cracks if not properly managed. Auditing helps to reveal those gaps that can otherwise go unnoticed.
Now, everything goes through StrongDM and everything has an audit log. Betterment’s confidence level with auditors has gone way up, and they’ve been spared “a ton of last-minute heartache and ‘gotchas’.”
Miss the webinar? It’s on-demand!
To check out the full webinar, it’s available on-demand.
If you’re looking to simplify access in your own diverse environment, you can try a 14 day free trial of StrongDM today.
About the Author
Schuyler Brown, Chairman of the Board, began working with startups as one of the first employees at Cross Commerce Media. Since then, he has worked at the venture capital firms DFJ Gotham and High Peaks Venture Partners. He is also the host of Founders@Fail and author of Inc.com's "Failing Forward" column, where he interviews veteran entrepreneurs about the bumps, bruises, and reality of life in the startup trenches. His leadership philosophy: be humble enough to realize you don’t know everything and curious enough to want to learn more. He holds a B.A. and M.B.A. from Columbia University. To contact Schuyler, visit him on LinkedIn.