+PlanetScale logo

PlanetScale reduces admin workload while increasing security with Indent

50 - 250

Customer Highlights

80% reduction

in IT Admin workload

new hires get access on day one

When joining PlanetScale

over 100 million queries per day

PlanetScale serves

PlanetScale logo

In 2021, PlanetScale had ambitious plans to ramp up hiring. The serverless database startup had just released the generally available version of the product, had major companies as customers, and were looking to continue to build on that growth.

Their IT team consisted of two admins, with Adnan Alam as the head of IT. Adnan came to PlanetScale from GitHub, where he saw how quickly access control could get complicated as an organization grew.

Key Takeaways
  • Set up in less than 30 minutes
  • Simplified SOC 2 compliance


Non-scalable processes for SOC 2 compliance

PlanetScale’s workflow for access control was all manual. They had set up Okta groups, mapped them to a few non-critical applications, and were also working to move everything behind SSO. Access requests were coming in from multiple channels including Slack, email, and GitHub issues. Keeping track of those access requests and logging them for auditors was time consuming. They knew that once the company started scaling, their processes would stretch them to the breaking point.

If we had many more people to support, [our processes] would have been completely overwhelmed.

Their goal became to implement a solution that would give them visibility into who had admin privileges in their primary instances and limit that access. They also wanted it to be flexible enough to handle all of PlanetScale’s apps, which would be hooked up to Okta. Their third requirement was to have something that would make it easier to be SOC 2 compliant so they could prove to internal stakeholders, customers, and auditors that data was being stored and handled securely.

If we had many more people to support, [our processes] would have been completely overwhelmed.

Adnan Alam

Head of IT


Ephemeral production access and onboarding with Indent

Adnan and other stakeholders at PlanetScale spent several months discussing possible ways to address the problem. They considered several ticketing and bot solutions, but ultimately decided that they were not ideal for IT requests and would potentially expose employee PII. After evaluating several options, PlanetScale chose Indent for its petition model and because it made compliance reporting easy.

Setting up Indent took less than thirty minutes. They started with setting up a naming convention for the Okta groups. Then they defined what each of these groups are assigned to each application by mapping roles and attributes. After that they imported them into Indent.

I think the longest time it took was just for us to figure out like, okay, what do we want in there? What do we want, not in there. And then eventually the decision was just made. Let's put everything that we can in here just to make life easy.

Adnan carefully considered the best way of rolling Indent out to the company. He wanted to reassure folks that this wasn’t going to be a roadblock for them. He wrote an internal blogpost detailing not only how to use Indent, but the why behind adding it to the access workflow.

Once people have context and can understand why…this decision is being made and [production access is] not even being taken away. It's just…adding a step. Yes, it's adding friction to the process, but there's [a] very good reason for it. And again, if you communicate that reason, the people that have any questions will be happy with the answer… In my world, no news is good news. I don't hear complaints. By far, the feedback has been good. Like, ‘This is cool. I don't have to look this up or figure out who to ask.’ So that end of the user experience is great.

The self service aspect, I think, really is the highlight. Where someone can just go in, put it in the command and find what [they] need. How you implement it is totally up to you. But that self-service feature is really what empowers your employees. It's what lets them feel that they're not being blocked. They're not being restricted from being able to do their job.

Adnan Alam

Head of IT

What's Next

On-call access with Indent

Indent has been able to give back valuable time to Adnan and his fellow admins. They now have 80% more time during the week to work on non-access control related tasks.

Not only is PlanetScale using Indent for ephemeral production access, they are also incorporating it into their company onboarding. Using the /access command in Slack, all new hires are able to get access to resources like 1password. PlanetScale is planning on expanding their usage of Indent within the company and are looking to next use it to grant access to on-call engineers.

Try Indent for free.