+Reclaim logo

Reclaim strengthens their security posture without slowing their team down


Industry
SaaS
Employees
10 - 50
Raised
$6.3m
Stack

Customer Highlights

98% reduction

in privileged network access

access from Slack on their phones

Approvers can review and revoke

60,000,000 time blocks for users

Reclaim has scheduled

Reclaim logo

Reclaim is a calendaring solution that protects users' most valuable resource: their time. Since their founding in 2019, Reclaim has automatically reserved 60 million timeblocks on users’ calendars for things like lunch, catching up on email, and focused work.

Reclaim infrastructure is hosted on Amazon Web Services. They have Tailscale relays deployed in each of their virtual private clouds for their dev, staging, and production environments.

Key Takeaways
  • Pairing Indent with Tailscale allows Reclaim approvers to grant ephemeral production access within 6 seconds
  • Access to customer data is on-demand as needed
  • Full audit trail with reason for approval and who approved it simplifies compliance

Problem

Production Database Access Via Manual Tailscale ACL Editing

Formerly, engineers needing production database access would either ping Stevan Arychuk, Head of Site Operations & SRE, or Patrick Lightbody, the CTO, on Slack. If that access was approved, the engineer would be manually added to the Tailscale ACL and would need to be manually removed later. This workflow wasn’t scalable, and Reclaim was growing quickly. They also wanted to be in SOC 2 compliance, and their current system made gathering audit evidence challenging. Reclaim needed a solution that facilitated easy access reviews and kept immutable access logs.

Solution

On-demand production access with Indent and Tailscale

When Patrick showed Indent to Stevan, he was excited about the potential it had to both solve an immediate problem for them, but also help them become the kind of company they wanted to be.

I like to think of the beauty of this solution is it's a lot more than checking the box from a compliance perspective. It really helps us be authentic in our security posture, which is that we only provide access to customer data when actually needed. I think it would be a disservice…to say that we implemented this process so that we were able to get through a SOC compliance item. That's great, but that's like 10% of the value. In my opinion, the real inherent value is that access to customer data is on-demand as needed and has a full audit trail with reason for approval [and] who approved it.

After Indent was set up, Stevan demoed it for his team in his biweekly meeting. He sensed his team was less than enthusiastic about having a new process initially, but once they saw how Indent worked, that attitude changed.

...When they saw it they were like, ‘Oh, literally it's a slash command. And then 30 seconds later I'm granted what I asked for. That’s awesome’…It's a non-issue to people. It's something that doesn't add friction. It gets them what they need.

Not only has his team benefited from fast approvals, Stevan has been able to enjoy the flexibility Indent provides for approvers.

Before I needed to make sure I had a laptop, log in to Tailscale, [and] update the ACL through the UI...Where now [the] workflow is just a couple approval clicks on my phone.

Stevan Arychuk

Head of Site Operations & SRE

What's Next

Access for on-call and non-engineering SaaS

Moving forward, Reclaim would like to use Indent with PagerDuty for their on-call rotations. They are also looking at ways to use Indent to regulate access to their non-engineering resources, like their marcom and billing ops systems.

Try Indent for free.