Iterable uses Indent for geo-restricted access
- B2B SaaS
with on-demand customer data access
1% of the time
Under 1 minute
Iterable is a powerful cross-channel marketing platform used by over a thousand organizations around the world to create, optimize, and measure every customer interaction. As a growth marketing platform, Iterable is subject to data privacy regulations in the countries in which it operates and has built a rigorous security program.
“We’ve never been satisfied to just do the minimum to just check compliance boxes. It’s a priority for us to have security best practices in place so we can maintain our customers’ trust.”
White glove support without compromising on security
When employees needed customer data access they were able to get it through a controlled admin tool that was gated behind SSO and 2FA for authentication. But not having existing access to a customer meant a potential delay in response time. The Iterable team wanted to unblock their employees so they could help their customers quickly without compromising on security.
Iterable takes customer experience seriously and has a well staffed team. They need to be able to quickly access a customer’s data while working on an active issue. At the same time, they didn’t want to give unlimited customer data access to every customer facing employee. That could be as much as 300x more access than what was needed on a given day.
Our goal was to reduce the scope of access any individual person had at a time without creating a bunch of friction that would slow our customer response times down. To do that we realized we needed a real-time security control and approvals platform.
Geo-restricted data access with Indent
Iterable considered creating an in-house on-demand access solution. However they didn’t want to take the quarters necessary to build it and commit the resources to maintaining it long-term. After deciding to buy rather than build, they noticed that most IGA and PAM solutions were too early or too focused on access reviews.
“We really wanted a solution that was first and foremost focused on getting our team access quickly and securely. Indent gave us a way to automate giving granular, time-bound access while generating the audit evidence we need for compliance.”
-Oni Rouse, Manager, Iterable
At the beginning of their rollout and onboarding they wanted to focus on shifting the culture around access within their organization. To do this they started with auto approvals for customer data access for a set number of hours.
After testing with a few users and confirming the end-to-end user experience, onboarding hundreds of employees was a breeze. Within a few weeks, over 200 employees had used Indent multiple times to get access to customer data.
“We initially wanted to make this transition as painless as possible. To do that we started with just introducing time-boundedness. As our culture shifts, we’ll reduce the duration and scope of access that people have on an ongoing basis. For example, shifting from broad access to fine-grained, per-customer access.”
-Oni Rouse, Manager, Iterable
Indent also made it easier for Iterable to enforce truly robust geo-restricted data access.
Iterable has customers within the US, APAC, and EU that require their data to stay within their region. Iterable was committed to meeting those requirements in the most robust way possible.
The way many companies approach this is through enforcing geo-restrictions at the network level. However, this still leaves security loopholes. If for example, an EU employee visited the US, they still shouldn’t have access, but if they were using a US network or a VPN, then they’d be able to get access.
Rather than taking a network based approach, Iterable set up Okta groups for each employment region and then turned their access controls into policies using Indent. Using Indent with Okta simplified Iterable employees getting customer data access, replacing manual verification of each customer’s policies and the requester’s location at the time of the request.
Using Indent for geo-restricted access saves our team so much time, which means we’re able to provide faster support for our customers.
On-demand GitHub access
With on-demand customer data access in place, Iterable is looking to expand on-demand access to another sensitive area: codebase access. With Indent, they’ll be able to give their engineers auto-expiring GitHub permissions via temporary membership of their GitHub Teams.
Our codebase is right up there with customer data in terms of its sensitivity. Expanding our Indent usage to increase our security for it is a really easy decision.