KnotAPI reduces unused production access by 29x with Indent
in extra GCP access
50% admin reduction
10 hours → < 2 minutes
KnotAPI is a company on a mission to increase online account interoperability. Using their APIs, financial institutions are able to reduce customer churn and maintain deposits by keeping the institution's card top-of-wallet. For their customers, that interoperability creates “easy buttons” for tedious tasks like updating cards on file at over a thousand online merchants.
As the glue between consumers, merchants, and financial institutions, KnotAPI processes some of consumers' most sensitive financial information. They take their responsibility to safeguard that information extremely seriously. Since day one they’ve prioritized implementing security best practices.
No Time to Wait
They decided early on that they’d rather inconvenience their team than compromise on secure access. They had four Google Cloud admins initially including the CEO, Rory, and CTO, Kieran. If an engineer needed access, they would message an admin on Slack who would then manually grant and revoke temporary access.
But KnotAPI is a remote company with engineers all over the globe. While having a distributed engineering team has many advantages, their access model and timezone spread meant some engineers were waiting over a day to get the production access they needed.
Admins were also stretched for bandwidth, juggling their other responsibilities with manually granting and revoking access. Pablo Rozic, Head of Product at KnotAPI, was one of those stretched admins:
“We knew our current system wouldn’t work long term. Our team is growing fast and manually managing access was only going to get harder on admins and slow our speed of development.”
Engineers needed faster access to be able to meet their goals for expanding the product to be useful for every online merchant. In addition to card switching, they were expanding into subscription canceling and account creation APIs. They didn’t have days to lose waiting for access.
The company came across Indent while preparing for their SOC 2 certification and other compliance frameworks. While their system was more secure than giving everyone standing production access, the process of users making ad-hoc Slack requests just wasn’t generating the papertrail that would be easily exportable as access control evidence.
We knew our current system wouldn’t work long term. Our team is growing fast and manually managing access was only going to get harder on admins and slow our speed of development.
Head of Product, KnotAPI
On-Demand GCP Access with Indent
KnotAPI saw Indent as a way to help unblock their team, give busy admins time back, and make compliant access control effortless by automating temporary GCP access and logging.
Within a week, KnotAPI rolled out Indent to their team and they were able to reduce unnecessary GCP access by 29x. With a Slack heavy culture, it fit neatly into KnotAPI’s engineers’ workflows and reduced access waiting times from 10 hours to under a minute.
With the ability to grant temporary GCP admin access, they were able to reduce the number of admins by half and the hours a week necessary to fulfill those admin responsibilities to under three hours.
“There's a lot less back and forth trying to understand the access request over Slack, which always causes delays and confusion. The process of approving requests is much faster because it's one click versus having to navigate to a place and manually tweak things and then setting a reminder to remove it.” - Kieran O'Reilly, CTO, KnotAPI
Since adopting Indent they’ve been able to focus on delivering new functionality for their customers and have raised their Series A round of funding.
There's a lot less back and forth trying to understand the access request over Slack, which always causes delays and confusion. The process of approving requests is much faster because it's one click versus having to navigate to a place and manually tweak things and then setting a reminder to remove it.
On-Demand GitHub Access
Now that they’ve been able to secure their production environments with Indent, they’re securing another critical engineering resource with on-demand access: GitHub.
With Indent they’ll be able to give their engineers and contractors auto-expiring GitHub permissions via temporary membership of their GitHub Teams.
“We’re excited to be able to bring the speed of on-demand access with Indent to our codebase to empower our engineers to move even faster while also reducing our breach risk.” - Kieran O'Reilly, CTO, KnotAPI
We’re excited to be able to bring the speed of on-demand access with Indent to our codebase to empower our engineers to move even faster while also reducing our breach risk.