Cherre Adopts Zero Standing Privilege with Confident Access Controls

Cherre is the leader in real estate data and insight. The company connects decision-makers to accurate property and market information and helps them make faster, smarter decisions. Cherre’s mission is to connect all real estate data and make it accessible for better investment, management and underwriting decisions. Some of the largest investors, asset managers, banks, and insurance companies in the world use Cherre to power their data and insights. 

Cherre experienced a massive surge in revenue and sophistication during a hypergrowth stage. It needed an auditable access platform to organize access requests for managers, eliminate over-privileged accounts, and simplify compliance processes with advanced logging protocols. The company also wanted a single solution that could manage access across all of its modern infrastructure, including Kubernetes clusters and databases.

Efficient Access Controls Boost Productivity 

Ad hoc access requests were bogging down engineering managers with a constant stream of requests to databases and Kubernetes clusters, so Cherre enlisted StrongDM to turn chaos into order. 

StrongDM automates the responses to each request based on a set of rules determined by the admin. Whether it’s granting access immediately, limiting the duration of the access with temporary access, or reaching out to a manager for approval; the admin sets the policy and StrongDM provides the access. This new system enabled team leaders to focus on more pressing tasks and increased productivity across the board. Engineers received just the right access exactly when they needed it. 

“[StrongDM] makes it easier for people like me, who are on the management side, to go in and quickly approve temporary access requests. We’ve been able to increase who can approve privilege escalations.” Mike Gruen, Director of Engineering, Cherre

Improving the Mean Time to Investigate (MTTI) was also a priority for Cherre. At the time, investigations were manual and time-consuming without a tool that clearly showed which engineers had access to production clusters. Now it’s easy to see who has access to specific clusters, play a session recording, and even remove access with StrongDM.

Making Compliance Scalable

As Cherre's customer roster grew to include larger and more data-heavy customers, so did the frequency of audit requests. With StrongDM, Cherre is now able to track evidence collection, log every query to simplify SOC 2, complete annual audit frameworks, and meet monthly customer auditing requirements. "The audit logs are an important part of our compliance story. We have manual procedures that need to be performed on our database, but the fact that those procedures are logged makes us feel a lot more comfortable about that access,” said Ben Lipton, Senior DevOps Engineer, Cherre.

Confident Access Helps Reach Zero Standing Privilege

After implementing StrongDM, every role follows uniform access rules within the easy-to-use console. For read-only items, Cherre now has a role to standardize persistent access across its engineering team. For right-sized access, it even has the ability to apply temporary access grants when and where they’re needed. 

The deployment and adoption of StrongDM was a smooth and painless process. According to Ben, “It would be almost impossible to track what people were doing on the database and within the Kubernetes clusters without a tool like StrongDM.” StrongDM helped the engineering and security teams at Cherre find the simplest way to “say yes to access” which means happier, more productive teams. And because StrongDM never shares credentials with end users, they are more secure too. 

"...StrongDM does a lot to keep things simple that could be complex. For example, if you just give StrongDM access to all of the networks where you will need to access resources by deploying gateways, it handles the networking for users to reach out to your resources. StrongDM just does what you think it's going to do," Lipton concluded.