Scaling Privileged Access for Modern Infrastructure: Real-World Insights
Apr 25
Virtual
Register Today
Teleport logoTry For Free

Customer Case Study

Flywheel Accelerates Deployments and Provides Agile, Compliant Support for Biomedical Researchers using Teleport

Background image

As healthcare evolves and healthcare data grows exponentially, scalable and secure data collection and management are absolute necessities to keep pace. From within its clients' clouds or data center environments, the Flywheel platform accelerates collaboration and the discoveries that advance healthcare by leveraging the cloud, automating workflows and improving access to key tools.

As a platform that facilitates biomedical research, Flywheel maintains a delicate balance between two necessities - supporting collaboration and helping to ensure compliance with mandated data security standards. If Flywheel's customers fall out of compliance, they risk fines and damage to their reputations. At the same time, if life science companies, academic and clinical researchers, and AI developers can't be agile with their collaboration, researchers and patients lose valuable time.

As each engineer joins Flywheel, they need access to each assigned customer's environment. Onboarding each new engineer to a customer environment can often take up to three weeks to provide proper access due to setting up MFA, passwords, and the inevitable back-and-forth requests to clients' IT organizations.

“Our customers are among some of the most innovative companies and universities in the world, so we have to provide rock-solid platform stability,” says Dan Fredell, Platform Team Lead at Flywheel. “We need instant access to their systems in a variety of environments so we can install and configure Flywheel, answer questions, provide support, and maintain instances so their research can continue to progress quickly and we can meet all of our SLAs.”

Adding to the complexity, Flywheel is tasked with protecting a wide range of patient personal information, including CT, MRI, X-Ray scans and other medical imagery, helping its customers maintain compliance with GDPR, HIPAA, and Institutional Review Boards. Read more about how Teleport can help with HIPAA compliance here.

Flywheel Life Sciences
As long as we can deploy Kubernetes, we can run Flywheel in a customer's environment. With Teleport, we can hop into the deployment, access our regular tool set, and operate against the customer's cluster. It provides speed without sacrificing security.

Dan Fredell

Platform Team Lead at Flywheel

“The bottom line is that we have to have absolute control over who can see what and when,” says Fredell. “When staffing is reshuffled to balance workloads, we need to be certain of who has access to which customer resources, as well as help ensure nobody has access that isn't servicing an account.”

Fast, secure access for Kubernetes without updating firewall rules

Flywheel responded to the challenges revolving around the issue of access by choosing Teleport Enterprise as its de facto solution for providing access to customers' environments running across AWS, Google Cloud Platform, Microsoft Azure, and on-premise data centers. The company chose Teleport Enterprise because Teleport is the only company that provides a developer-first access solution for Kubernetes, the platform that Flywheel uses to run its software. Now using Teleport, the company has full access and visibility across clouds, physical infrastructure, Kubernetes clusters, VMs, databases, and applications.

When an employee moves on to another opportunity, we can instantly look across all of their permissions to make sure they are removed from all customer systems using Teleport.

Dan Fredell

Platform Team Lead at Flywheel

The key to unlocking customer value was Teleport's ability to easily fit into customer environments without major IT involvement. As a single binary, Teleport can be easily installed in any Linux environment. Additionally, because most enterprise networks support egress natively, Teleport Reverse Tunnels are used to provide controlled access to customer environments without the need to have IT configure firewall rules, providing maximum flexibility and ease of installation.

“As long as we can deploy Kubernetes, we can run Flywheel in a customer's environment,” says Fredell. “With Teleport, we can hop into the deployment, access our regular tool set, and operate against the customer's cluster. It provides speed without sacrificing security.”

Teleport replaced the more time-consuming, fragile, and complex bastion setup that Flywheel used previously. Teleport is used as an Identity-Aware Access Proxy that provides a persistent, reverse tunnel into the Kubernetes environment, eliminating the need to run a separate bastion service which alone can cost $200 per bastion per month.

Two people working at laptops
Flywheel event
We've seen the impact on our clients' business by providing rapid, secure access to their environments, we've fully bought into the strategy, and are protecting our own intellectual property using the same strategy. Teleport just makes sense.

Sam Whitney

DevOps Engineer at Flywheel

Not only is Teleport easy to set up, but it also provides secure and audited access, ensuring that Flywheel's customer data is protected and they remain in compliance. Access is assigned to engineers based on roles and responsibilities. For example, engineers who only need front-end access to the environments are provided tools and access necessary to do their jobs - no more, no less. Similarly, Flywheel can pare down administrative access to environments and databases to reduce their overall attack surface.

Flywheel Diagram

Weeks to minutes

The process behind onboarding an engineer into a customer environment was completely transformed with Teleport. What once took three weeks or more to complete, Teleport helps cut down to approximately 20 minutes. Multiply that time savings across several customer environments and the productivity gains are astounding.

Rapid offboarding also helps ensure that the company is supporting its customers' compliance needs. According to Teleport's recent Infrastructure Access Report, 86% of respondents cannot guarantee that ex-employees can no longer access their infrastructure. Leveraging rapid offboarding addresses this risk and helps ensure only the few employees that need access to a system have access.

“When an employee moves on to another opportunity, we can instantly look across all of their permissions to make sure they are removed from all customer systems using Teleport,” says Fredell.

Additionally, in instances where Flywheel customers submitted a support ticket or service request, time to solution was significantly reduced. Rather than looking for credentials or the individual who owns the credentials, engineers can clearly see who has access to the instance and resolve the request quickly.

The Just-in-time Access Requests feature of Teleport Enterprise enables engineers to efficiently manage requests as they come in, rather than having to bundle support tickets because they would have to manually find and enter login credentials. Flywheel engineers can easily request access to a single resource like a server, database, or Kubernetes clusters, or assume a role with elevated privileges for a fixed period of time. All requests can be reviewed, approved, or denied using modern tools like Slack or JIRA.

Because Teleport provides access to customer environments on demand, Flywheel has found that they can fix issues at customer sites before the customer even notices, improving customer satisfaction.

Internally, Flywheel is also using Teleport to boost security and streamline development workflows. “We've seen the impact on our clients' business by providing rapid, secure access to their environments, we've fully bought into the strategy, and are protecting our own intellectual property using the same strategy,” says Sam Whitney, DevOps Engineer at Flywheel. “Teleport just makes sense.”

Differentiated service and deployments

“We're advising each of our customers to leverage Teleport as part of their implementation because it takes so much of the complexity out of access workflows,” says Fredell. “We can deploy Flywheel to a customer environment, on average, three weeks sooner because we can get access faster.”

As part of its best practices documentation, Flywheel recommends Teleport as a critical component for efficiently and securely accessing client environments. Teleport enables engineers to grant and revoke access to instances, as needed and with full auditing capabilities. Additionally, the company can work around location-based access which can slow down its global team. Instead, clients can grant secretless, certificate-based access to Flywheel engineers regardless of their location.

Flywheel also leverages Teleport to enable add-on services for customers. In addition to giving access to engineers, the company's Scientific Solutions team can access customer systems in a secure fashion and help customers develop algorithms and workflows to more quickly, accurately, and efficiently process their medical data.

Across implementations, engineering, development, and Scientific Solutions teams, Teleport is also seen as a key force behind reducing employee burnout. By avoiding common frustrations seen across teams - namely, getting access to tools and customer environments - Teleport helps everyone focus on their core functions.

“Our employees are thrilled because they are spending more time solving actual business problems for our customers and breaking barriers,” says Whitney. “Our people feel more productive by reducing the amount of time that they are on the phone with customers' IT teams, and helping to drive overall employee satisfaction. Teleport has really helped keep our people focused and happy.”

Background image
Featured in This Article

Secretless Server Access

Prevent phishing attacks, meet compliance requirements, maintain a live catalog of all trusted devices, and have complete visibility into live and past sessions.

About the customer

Flywheel offers comprehensive solutions for the life sciences, clinical research, and academic research industries to accelerate collaboration, enable machine learning, and streamline the massive task of data aggregation, curation, and management. By leveraging cloud scalability and automating research workflows, Flywheel helps organizations scale research data and analysis, improve scientific collaboration and accelerate discoveries.

Geo

Minneapolis, Minnesota

Vertical

Life Sciences/Technology

Employees

51-200

Clouds

AWS, Google, Azure, OnPrem

  • Challenges
  • Helping engineers manage dozens of sets of credentials
  • Accelerating onboarding Flywheel employees to customer systems quickly to avoid delays in deploying, supporting, maintaining and configuring infrastructure
  • Enabling faster offboarding to reduce security risk to customers' businesses
  • Maintaining compliance with a wide range of data security standards including GDPR, HIPAA, IRB, 21 CFR Part11 and SOC 2
  • Results
  • Cut deployment times by three weeks, on average
  • Eliminated the need to open a port in customer firewalls by leveraging reverse tunneling
  • Accelerated access to key resources by also integrating SSO via Google Auth with MFA
  • Eliminated need to distribute and recall SSH keys with certificate-based access
  • Enabled knowledge sharing and auditing by recording and SSH sessions
  • Supports role-based access control and single-use escalations with approval workflows