When employees needed customer data access they were able to get it through a controlled admin tool that was gated behind SSO and 2FA for authentication. But not having existing access to a customer meant a potential delay in response time. The Iterable team wanted to unblock their employees so they could help their customers quickly without compromising on security.

Iterable takes customer experience seriously and has a well staffed team. They need to be able to quickly access a customer’s data while working on an active issue. At the same time, they didn’t want to give unlimited customer data access to every customer facing employee. That could be as much as 300x more access than what was needed on a given day.

Iterable considered creating an in-house on-demand access solution. However they didn’t want to take the quarters necessary to build it and commit the resources to maintaining it long-term. After deciding to buy rather than build, they noticed that most IGA and PAM solutions were too early or too focused on access reviews.

“We really wanted a solution that was first and foremost focused on getting our team access quickly and securely. Indent gave us a way to automate giving granular, time-bound access while generating the audit evidence we need for compliance.”

-Oni Rouse, Manager, Iterable

At the beginning of their rollout and onboarding they wanted to focus on shifting the culture around access within their organization. To do this they started with auto approvals for customer data access for a set number of hours.

After testing with a few users and confirming the end-to-end user experience, onboarding hundreds of employees was a breeze. Within a few weeks, over 200 employees had used Indent multiple times to get access to customer data.

“We initially wanted to make this transition as painless as possible. To do that we started with just introducing time-boundedness. As our culture shifts, we’ll reduce the duration and scope of access that people have on an ongoing basis. For example, shifting from broad access to fine-grained, per-customer access.”

-Oni Rouse, Manager, Iterable

Indent also made it easier for Iterable to enforce truly robust geo-restricted data access.

Iterable has customers within the US, APAC, and EU that require their data to stay within their region. Iterable was committed to meeting those requirements in the most robust way possible.

The way many companies approach this is through enforcing geo-restrictions at the network level. However, this still leaves security loopholes. If for example, an EU employee visited the US, they still shouldn’t have access, but if they were using a US network or a VPN, then they’d be able to get access.

Rather than taking a network based approach, Iterable set up Okta groups for each employment region and then turned their access controls into policies using Indent. Using Indent with Okta simplified Iterable employees getting customer data access, replacing manual verification of each customer’s policies and the requester’s location at the time of the request.

With on-demand customer data access in place, Iterable is looking to expand on-demand access to another sensitive area: codebase access. With Indent, they’ll be able to give their engineers auto-expiring GitHub permissions via temporary membership of their GitHub Teams.