No More Backdoors: Know Who Has Access to What, Right Now
Jun 13
Virtual
Register Today
Teleport logoTry For Free

Customer Case Study

How an Access Policy-as-Code Approach Enabled Speed and SOC 2/ISO 27001 Compliance

Background image

Intro

Founded in 2016, dbt Labs began as a consultancy, helping companies to create and share data-backed organizational knowledge. The “dbt” in dbt Labs stands for “data build tool,” referring to the company’s open source tool that makes it possible for organizations to transform and make better use of the data in their warehouses. Two years ago, dbt Labs went through a significant transformation, as the company recognized the value in its open-source solution and transitioned fully into a product company.

While dbt Labs initially sold their product to their first consultancy clients, the company has since experienced rapid growth and now serves some of the most significant customers in the global business landscape. From JetBlue to Hubspot, dbt Labs enables large enterprises to properly organize their data before it gets loaded into data intelligence tools.

In order to serve their Fortune 500 customers, dbt Labs needed to grow and evolve rapidly. The company’s engineering headcount grew from 15 to 60 during 2021 alone, and the organization expects to double that headcount by the end of 2023 — nearly 10X growth in just two years. This rapid growth naturally led to growing pains, particularly as the engineering team worked to establish the systems that could support their new scale.

Operating at the intersection of a customer’s data stack, dbt Labs faces significant security and access challenges. Staff Security Engineer Frank Wang advocated for the company to adopt Teleport for identity and access management. The result? A security solution tailor-made for the engineering mindset, improving dbt Labs’ security and compliance without sacrificing developer velocity.

We’re a hyper-growth startup that went from operating a consultancy to selling an extremely popular product within the last two years. As a result, we’ve had to build processes within our engineering team on the fly to manage the changes. Until Teleport, we lacked a centralized solution for handling access and security.

Frank Wang

Staff Security Engineer at dbt Labs

The sudden challenges of scale

The biggest change we faced was having to build and maintain a product for other people, not just for our own internal use. Engineers suddenly needed to access systems to debug — it’s a completely different game. We needed a tool that would allow us to quickly and securely access customer environments, and Teleport proved to be the best choice.

Frank Wang

Staff Security Engineer at dbt Labs

dbt Labs didn’t just have to contend with a sudden increase in headcount. The organization’s engineers were now responsible for building and maintaining a product for customers as opposed to their own internal systems. Bugs could potentially impact thousands of users, and dbt engineers needed to be able to securely access customer instances in order to find a quick, efficient solution.

Before the company’s transformation, dbt Labs relied on passwords to control which employees were able to access which assets. Engineers would utilize shared passwords, a practice that was neither scalable nor secure. As the company grew to add more infrastructure, more assets and more engineers, Teleport provided a solution that didn’t require a parallel increase in headcount. The Teleport access platform integrated with Helm and Terraform, making it possible for Wang's infrastructure engineering team to automate the process of adding assets and assigning access.

Teleport allows dbt’s engineers to maintain velocity, by ensuring fine-grained access management roles and security are mapped seamlessly in coordination with their identity provider. The dbt Labs security leadership advocated for an engineering approach to security. Teleport’s focus on DevOps and efficiency was a perfect fit for dbt’s long-term security and growth strategies. The team's engineering leaders rely on Teleport to automate their access needs, allowing them to focus their attention on the work that will drive value for the company.

The biggest benefit of Teleport is that it’s very DevOps-focused. We’re trying to run lean teams, not people-heavy teams. The DevOps aspect of Teleport makes it a huge asset for the work we’re doing.

Frank Wang

Staff Security Engineer at dbt Labs

A seamless adoption process

Transforming dbt Labs’ approach to access management could have been impossibly complicated. Before Teleport, the company used a 10-step, VPN-based process in order to access databases. Users were organized in ad hoc groups, and the byzantine system often led to users retaining access to assets when they should have been removed.

Teleport makes access self-regulated in a decentralized way. I spend way less time now managing access provisioning, because people can just request access to the tools they need and the request is approved or denied automatically based on policy. Access policy-as-code is a way more scalable process for the future.

Frank Wang

Staff Security Engineer at dbt Labs

Teleport offered dbt Labs a simple, pain-free, automated access platform, replacing their complicated, manual processes with a collection of straightforward workflows and useful integrations. Teleport’s integration with PagerDuty delivered significant value to dbt Labs, saving time and energy by providing auto-approved access to on-call engineers. The transition to Teleport allowed Wang to clean up legacy access, deleting persistent keys which posed a security threat if lost or stolen and reducing the risk that a former employee would maintain unauthorized access to a valuable asset or database.

The Teleport team supported dbt Labs throughout the adoption process, working directly with security and infrastructure engineers during the proof-of-concept period to ensure the company was set up for success. Once the company committed to using Teleport, the onboarding process was fast and easy.

I don’t want a tool where I actually have to participate, or where one person needs to sit in a dashboard all day. With Teleport, I don’t have to do that. It’s automatic, it makes us more secure, and it increases engineering velocity.

Frank Wang

Staff Security Engineer at dbt Labs

Background image
Featured in This Article

Secretless Database Access

Secure, compliant, and effortless Database Access for all DBs from Amazon Aurora to Snowflake.

Simplified solutions for compliance

dbt Labs knew it needed to meet rigorous compliance standards in order to convince customers of its security bona fides. The company worked to achieve SOC 2 and ISO 27001 compliance, meeting the expectations of its security-focused Fortune 500 customers. dbt Labs’ security engineering team recognizes that compliance doesn’t inherently lead to security, and the company consistently establishes higher standards for security than those mandated by compliance organizations.

For dbt, Teleport significantly streamlined the process of becoming compliant with standards like ISO 27001 and SOC 2. While the company’s compliance team previously had to switch between multiple tools in order to find the information necessary to prove its security standards, Teleport made it possible to collect and store the required data in a single location. While Wang acknowledges that the primary motivation for adopting Teleport was to make life easier for the engineering team, the improvements for compliance are an added bonus.

Want to learn more about how Teleport can help you achieve SOC 2 compliance? Check out our SOC 2 compliance page.

In the months since adopting Teleport, the DevOps and infrastructure teams at dbt Labs have become vocal advocates for the access management platform. Instead of having to navigate complicated, insecure processes, the IT and infrastructure teams can now gain access to the tools they need without having to file a ticket or contact a manager. The result is a comprehensive victory: faster development, happier engineers, and increased security.

When we explain Teleport, the customers immediately understand that we have access and security under control. I didn’t think through it, Teleport did — I just get to repeat it and enjoy the results.

Frank Wang

Staff Security Engineer at dbt Labs

About the customer

Since 2016, dbt Labs has been on a mission to help analysts create and disseminate organizational knowledge. dbt Labs pioneered the practice of analytics engineering, built the primary tool in the analytics engineering toolbox, and has been fortunate enough to see a fantastic community coalesce to help push the boundaries of the analytics engineering workflow. Today there are 16,000 companies using dbt every week, 50,000 dbt Community members, and over 3,000 companies paying for dbt Cloud.

Geo

Philadelphia, PA

Vertical

Data Analytics

Employees

400+

  • Challenges
  • Automate provisioning of infrastructure access for a large team that has grown by 10x in two years.
  • Achieve required levels of security by eliminating secrets such as keys and passwords.
  • Maintain rigorous compliance standards like SOC 2 and ISO 27001 for Fortune 500 customer base.
  • Results
  • Dramatically increased developer velocity and productivity while also increasing security.
  • Simplified compliance audit processes for SOC 2 and ISO.
  • Achieved significant executive sponsorship and customer enthusiasm.