TigerGraph: How Access Control from Teleport Unlocked Global Growth for the Leading Data Analytics Platform

Intro

TigerGraph is a graph analytics and machine learning platform that supports unique, high-value use cases through deep link analysis and the highly flexible GSQL language. TigerGraph outpaces its competitors in terms of both speed and scale. The company's advanced approach to data partitioning and massive computation allows the platform to perform at speeds 10 to 100 times faster than competitors, while the platform's ability to accommodate several terabytes of customer data is unmatched in the market. These performance capabilities have made TigerGraph an easy choice for demanding enterprise clients: four out of five of the world's largest banks are TigerGraph customers.

But as is the case with many fast-growth startups, not every aspect of TigerGraph's technology stack was prepared for a sudden increase in customer demand. When TigerGraph's technical support team needed to connect to a customer instance, they contacted Technical Engineering Manager Duc Le to provide an access link. The technical support team could then use a private key to access the customer instance and troubleshoot the issue. Not only was this process cumbersome — it depended on synchronous communication with a single engineering leader at any hour of the day — but it was also insecure. As TigerGraph grew to support more enterprise clients and shifted more services to the cloud, its engineering leaders understood that they needed a new solution for infrastructure access control and security. The company chose Teleport to replace its previous approach to access management and deliver a global, always-on solution for troubleshooting customer issues.

Meeting the needs of elite customers

Teleport provided TigerGraph with a secretless, zero-trust solution for identity-native infrastructure access. Instead of relying on private keys that could access every customer instance without nuance, Teleport allowed TigerGraph's technical support engineers to microsegment access across different roles. The company's Teleport configuration enables users to see resources and request a specific role with defined access, which a technical support engineer can then grant. Teleport replaced TigerGraph's single point of failure with a highly configurable access solution that can be counted on at any time — in any time zone.

TigerGraph's engineering team knew they needed to instill confidence in their customers regarding security and compliance. TigerGraph holds all customer resources on a private network which can now only be accessed using Teleport. This change to access management represented a significant upgrade to TigerGraph's security posture: the company has moved beyond securing resources on a database level to secure them on an infrastructure level as well.

Featured in This Article

Secretless Database Access

Secure, compliant, and effortless Database Access for all DBs from Amazon Aurora to Snowflake.

Learn More

Teleport's identity-native infrastructure access didn't just help TigerGraph gain access to customer instances; it also allowed the company to make better use of its private cloud for internal uses. Technical support engineers, solutions consultants, and sales engineers use TigerGraph Cloud to test new product features and reproduce customer issues; when they need to replicate a customer instance, access is only a few clicks away through Teleport. Being able to provide development teams with access to customer instances has significantly boosted efficiency, making it easier to identify and locate issues.

Seamless, stress-free compliance

TigerGraph's exceptional platform makes it a natural choice for data-rich industries including banking, finance, and healthcare. However, service providers must achieve rigorous certifications in order to work with these customers. TigerGraph Cloud is SOC 2-compliant, demonstrating that the platform can be trusted to securely manage customer data.

Certifications like SOC 2 involve extensive audit periods during which evaluators study how the service provider accesses the customer environment and what tools are used to maintain privacy, security and confidentiality. Teleport's audit log and advanced access control features, including mandatory two-factor authentication, made it easy for TigerGraph engineers to demonstrate the quality and rigor of their access control systems.

Looking forward, new security and compliance certifications will play a vital role in TigerGraph's long-term growth strategy. The company is in the process of earning PCI certification in order to handle payment card data, while a longer-term goal is to achieve HIPAA compliance and expand TigerGraph's presence in the healthcare industry.

Scaling at all levels

As TigerGraph onboards new enterprise customers, the company will also need to onboard new engineers as a result. Before switching to Teleport, every new engineer served as a reminder of TigerGraph's insufficient approach to access management. Teleport has significantly streamlined the process of onboarding new engineers.

While TigerGraph originally planned on using Google's single-sign on (SSO) solution, technical engineers struggled to configure the solution to match their needs. TigerGraph's engineers eventually discovered Teleport's integration with GitHub SSO, which provided an instant solution to their onboarding and access management challenges. All cloud engineers and support engineers have a GitHub account. By creating user groups on GitHub and matching each group to a certain role on Teleport, TigerGraph is able to quickly and easily grant employees the access they need to troubleshoot customer problems.

About the customer

TigerGraph is a platform for advanced analytics and machine learning on connected data. Based on the industry's first and only distributed native graph database, TigerGraph's proven technology supports advanced analytics and machine learning applications such as fraud detection, anti-money laundering (AML), entity resolution, customer 360, recommendations, knowledge graph, cybersecurity, supply chain, IoT, and network analysis.