Coveo seriously simplifies infrastructure access and auditing with one platform that rules it all.
Coveo is a market-leading AI-powered relevance platform that aims to enable customers like Adobe, Humana, Workday, and Salesforce to offer relevant experiences. It’s SaaS-native, multi-tenant platform injects search, recommendations, and personalization solutions into every digital experience. The R&D team needed a better way to manage secure access to over 100 multi-regional databases for its technical staff - that didn’t involve managing 100 usernames and passwords per employee. After deploying StrongDM, Coveo’s administrators and developers are able to get just-in-time, least-privilege access to every database they need, regardless of protocol or location, from a single control plane and a single credential. Coveo’s technical staff were able to save time on manual workflows, and eliminated any associated security risks. This has enabled them to spend more time on more important projects—such as hardening AWS resources, and intrusion and anomaly detection. Plus, the Coveo team has gained complete visibility across their entire stack with centralized and granular audit logs and simplified compliance audits.
We chose StrongDM because the solution is the one solution to rule them all. You simply integrate all your data sources into StrongDM; you integrate all your servers into StrongDM; you integrate all your Kubernetes clusters into StrongDM. You give your developers one simple tool they need to connect using SSO, and they have access to what they own.
Jean-Philippe LachanceTeam Lead - R&D Security Defence
Growth in tech stack creates untenable access workflows
Coveo Relevance Cloud(™) is a search platform that creates a unified index of content from tools like Google Drive and Gmail and then integrates with various application platforms like Salesforce, SAP, Adobe Experience Manager, and Zendesk. This allows disparate types of content to be available and ranked by relevance through one simple search bar. The Coveo Relevance platform provides solutions for e-commerce, service, website, and workplace applications and provides tangible value to customers by helping them drive revenue growth, reduce customer support costs, increase customer satisfaction and website engagement, and improve employee proficiency and satisfaction.
Coveo was founded in 2005 as an on-premises solution. By 2012 it was offering a multi-tenant service with separate accounts for development, production, and HIPAA. Coveo maintains SOC 2 and HIPAA compliance and is working to implement the ISO 27001 standard.
From one database and one region, Coveo expanded to over 20 databases per environment per region—including Amazon RDS, Aurora, MySQL, and PostgreSQL, based on DevOps team preferences. Managing access rights to that many databases wasn’t easy, and then Coveo grew to become a multi-regional company with a data residency offering, which meant the number of databases expanded exponentially. One highly privileged employee might have 100 unique usernames and passwords for the 100 databases they needed to access, all stored in a password management tool. It was challenging to keep up with password changes and software updates—and it was clear that Coveo needed a better access and security solution.
One Solution to Access and Audit Them All
The Coveo team initially built an in-house solution. After a few years, the team decided to have a look at Teleport and HashiCorp Boundary, but found that each tool only had part of the solution, not the complete package. For example, having an audit trail was critical for security.
“What I really needed was the audit trail,” says Jean-Philippe Lachance, Team Lead - R&D Security Defence at Coveo. “For us, it was the most important thing to have. For security analysis, SOC 2, and HIPAA compliance, we need to be aware of all the operations that happen inside an environment. We need the ability to audit everything. We need the ability to go back and see what happened on a specific instance, the ability to go back and see the queries on a given day. The audit trail using StrongDM’s gateway is way more efficient than configuring each data source one by one.”
Coveo began using StrongDM in 2021 to centralize the employee login process and allow employees to access every tool they needed from the central StrongDM console. StrongDM met Coveo’s needs for simplicity and security.
“We chose StrongDM because the solution is the one solution to rule them all,” says Lachance. “You simply integrate all your data sources into StrongDM; you integrate all your servers into StrongDM; you integrate all your Kubernetes clusters into StrongDM. You give your developers one simple tool that they need to connect, using SSO, and they have access to what they own.”
StrongDM speeds up the onboarding process for new hires. Instead of provisioning credentials to each of the hundred databases, Coveo installs the StrongDM console, and employees get one credential to access everything they need.
Implementing StrongDM has also reduced the amount of administrative work for DevOps teams. Whenever new infrastructure is provisioned, all permissions are automatically assigned through StrongDM and Terraform, and the StrongDM API. By unifying all infrastructure access in their SSO, StrongDM also eliminates the administrative work of fielding lost password requests. Instead, the team can focus on top-priority initiatives and projects.
StrongDM also makes compliance requirements easier to meet—if Coveo ever experiences a security breach, they can consult StrongDM’s audit trail and understand what happened.
Coveo Saves Times Without Sacrificing Security
StrongDM provides a simple and secure solution to Coveo’s onboarding process and account management by providing one credential per employee that allows access to every resource, regardless of location or protocol. The R&D team gets significant time back to focus on critical projects, can simplify compliance audits, and gains peace of mind with visibility into every query and command across their stack.
“I need to work on intrusion detection, anomaly detection, AWS account management, hardening those databases, and hardening our AWS resources,” says Jean-Philippe “Even if we had more developers, if we did not have StrongDM, we would need to just say no to new projects. That would greatly impact our ability to grow.”