Benevity provides corporations with a way to cultivate a culture of purpose, meaning and impact through software that connects their people with the causes they care about—whether it’s to donate their time, their money, or just do a simple act of goodness or kindness. To date, Benevity has processed nearly $8 billion in donations and 43 million hours of volunteering time to support 326,000 nonprofits worldwide. The company’s solutions also facilitated 530,000 positive actions and awarded 1.2 million grants worth $12 billion. As such, Benevity takes security and compliance seriously to assure its clients—many of which have large, sophisticated privacy and security protocols of their own—data is safeguarded.
For secure database access for developers, Benevity’s site reliability engineering (SRE) team uses strongDM for enhanced role-based permissions and audit logs on backend systems, providing visibility and due diligence that brings the company and its clients peace of mind.
“strongDM is just easy to use. We were able to get it set up and connected without having to ask for help. And now we can do things like retire SSH Key sharing, easily provision access to databases, and provide our security team with auditable access to every single DBs query.”
Nina d’AbadieDirector of DevOps
When access becomes a blocker
The company’s technology stack includes Microsoft SQL Server and EC2 in Amazon AWS. Before deploying strongDM, access approval requests for individual user server accounts were provisioned through a custom Ansible script. This would have been fine for just one or two users, but as the company scaled its business they needed to scale their ability to maintain secure workflows and processes at the same time. Additionally, shell access to EC2 required SSH keys, so they needed a solution that would also help streamline and create efficiency in this area.
Delivering a simple solution for scalable, role-based access
During the process of migrating to AWS, Benevity wanted to figure out a more scalable approach to managing infrastructure access. The SRE team had three core requirements that any solution must meet:
- Users must gain faster access
- Access must be automated and not include a manual access management process
- The system must uphold industry-leading security standards
“We had some really great demos with strongDM,” says Nina d’Abadie, Director of DevOps at Benevity. “We brought in a few developers to test it out, and it was a really positive experience for them. Our VP was a strong advocate for it and was sold the first time he saw it. Security was appreciative of the auditable access to databases, and we could retire previous ways of access like shared SSH keys.”
strongDM was able to meet Benevity’s needs for simplicity and security, and helped streamline how it granted access to users. Furthermore, once Benevity began using strongDM, the biggest use case quickly became database access.
Self-service access to scrubbed, production-like data
“We have a really neat use case for strongDM: Getting developers access to the databases, but in particular, access to scrubbed datasets. We had a team collaboration where they built some cool scrubbing scripts via Lambda that would do a database pullback and scrub it, and this was all tied into strongDM via Terraform,” d’Abadie says. “That meant all of these new databases would be registered into strongDM as they’re pulled back. Now we could easily provide access when spinning up ephemeral databases.”
Now, developers can spin up an on-demand database with scrubbed data, but with a production schema. “Developers now have an on-demand, generic dataset that is fully representative of prod - a huge improvement, given that dev environments aren’t always representative of production. So now they can do different use cases, test complex scenarios and datasets, and also do performance testing. They spin it up on-demand and have the access they need automatically provisioned without going through additional teams. It’s completely self-service,” d’Abadie adds.
Benevity saves time while boosting security
With strongDM, Benevity now automates the internal approval process required to provision database access. It also allows Benevity to leverage role-based access in order to standardize permission levels across teams of developers. strongDM’s audit logs have also proven to be extremely useful to the security team.
“By using strongDM, not only do we have auditable access to DBs and shell access, but we could retire some of our previous ways of accessing, like shared SSH Keys,” says d’Abadie. “For the security team, the compliance aspect and being able to see the audit logs of every single query that was run and everyone that accessed it--that’s incredibly valuable,” added d’Abadie.