How an Access Policy-as-Code Approach Enabled Speed and SOC 2/ISO 27001 Compliance

Intro

Founded in 2016, dbt Labs began as a consultancy, helping companies to create and share data-backed organizational knowledge. The “dbt” in dbt Labs stands for “data build tool,” referring to the company’s open source tool that makes it possible for organizations to transform and make better use of the data in their warehouses. Two years ago, dbt Labs went through a significant transformation, as the company recognized the value in its open-source solution and transitioned fully into a product company.

While dbt Labs initially sold their product to their first consultancy clients, the company has since experienced rapid growth and now serves some of the most significant customers in the global business landscape. From JetBlue to Hubspot, dbt Labs enables large enterprises to properly organize their data before it gets loaded into data intelligence tools.

In order to serve their Fortune 500 customers, dbt Labs needed to grow and evolve rapidly. The company’s engineering headcount grew from 15 to 60 during 2021 alone, and the organization expects to double that headcount by the end of 2023 — nearly 10X growth in just two years. This rapid growth naturally led to growing pains, particularly as the engineering team worked to establish the systems that could support their new scale.

Operating at the intersection of a customer’s data stack, dbt Labs faces significant security and access challenges. Staff Security Engineer Frank Wang advocated for the company to adopt Teleport for identity and access management. The result? A security solution tailor-made for the engineering mindset, improving dbt Labs’ security and compliance without sacrificing developer velocity.

The sudden challenges of scale

dbt Labs didn’t just have to contend with a sudden increase in headcount. The organization’s engineers were now responsible for building and maintaining a product for customers as opposed to their own internal systems. Bugs could potentially impact thousands of users, and dbt engineers needed to be able to securely access customer instances in order to find a quick, efficient solution.

Before the company’s transformation, dbt Labs relied on passwords to control which employees were able to access which assets. Engineers would utilize shared passwords, a practice that was neither scalable nor secure. As the company grew to add more infrastructure, more assets and more engineers, Teleport provided a solution that didn’t require a parallel increase in headcount. The Teleport access platform integrated with Helm and Terraform, making it possible for Wang's infrastructure engineering team to automate the process of adding assets and assigning access.

Teleport allows dbt’s engineers to maintain velocity, by ensuring fine-grained access management roles and security are mapped seamlessly in coordination with their identity provider. The dbt Labs security leadership advocated for an engineering approach to security. Teleport’s focus on DevOps and efficiency was a perfect fit for dbt’s long-term security and growth strategies. The team's engineering leaders rely on Teleport to automate their access needs, allowing them to focus their attention on the work that will drive value for the company.

A seamless adoption process

Transforming dbt Labs’ approach to access management could have been impossibly complicated. Before Teleport, the company used a 10-step, VPN-based process in order to access databases. Users were organized in ad hoc groups, and the byzantine system often led to users retaining access to assets when they should have been removed.

Teleport offered dbt Labs a simple, pain-free, automated access platform, replacing their complicated, manual processes with a collection of straightforward workflows and useful integrations. Teleport’s integration with PagerDuty delivered significant value to dbt Labs, saving time and energy by providing auto-approved access to on-call engineers. The transition to Teleport allowed Wang to clean up legacy access, deleting persistent keys which posed a security threat if lost or stolen and reducing the risk that a former employee would maintain unauthorized access to a valuable asset or database.

The Teleport team supported dbt Labs throughout the adoption process, working directly with security and infrastructure engineers during the proof-of-concept period to ensure the company was set up for success. Once the company committed to using Teleport, the onboarding process was fast and easy.

Featured in This Article

Secretless Database Access

Secure, compliant, and effortless Database Access for all DBs from Amazon Aurora to Snowflake.

Learn More

Simplified solutions for compliance

dbt Labs knew it needed to meet rigorous compliance standards in order to convince customers of its security bona fides. The company worked to achieve SOC 2 and ISO 27001 compliance, meeting the expectations of its security-focused Fortune 500 customers. dbt Labs’ security engineering team recognizes that compliance doesn’t inherently lead to security, and the company consistently establishes higher standards for security than those mandated by compliance organizations.

For dbt, Teleport significantly streamlined the process of becoming compliant with standards like ISO 27001 and SOC 2. While the company’s compliance team previously had to switch between multiple tools in order to find the information necessary to prove its security standards, Teleport made it possible to collect and store the required data in a single location. While Wang acknowledges that the primary motivation for adopting Teleport was to make life easier for the engineering team, the improvements for compliance are an added bonus.

Want to learn more about how Teleport can help you achieve SOC 2 compliance? Check out our SOC 2 compliance page.

In the months since adopting Teleport, the DevOps and infrastructure teams at dbt Labs have become vocal advocates for the access management platform. Instead of having to navigate complicated, insecure processes, the IT and infrastructure teams can now gain access to the tools they need without having to file a ticket or contact a manager. The result is a comprehensive victory: faster development, happier engineers, and increased security.

About the customer

Since 2016, dbt Labs has been on a mission to help analysts create and disseminate organizational knowledge. dbt Labs pioneered the practice of analytics engineering, built the primary tool in the analytics engineering toolbox, and has been fortunate enough to see a fantastic community coalesce to help push the boundaries of the analytics engineering workflow. Today there are 16,000 companies using dbt every week, 50,000 dbt Community members, and over 3,000 companies paying for dbt Cloud.