Scaling Privileged Access for Modern Infrastructure: Real-World Insights
Apr 25
Virtual
Register Today
Teleport logoTry For Free

Customer Case Study

TigerGraph: How Access Control from Teleport Unlocked Global Growth for the Leading Data Analytics Platform

Background image

Intro

TigerGraph is a graph analytics and machine learning platform that supports unique, high-value use cases through deep link analysis and the highly flexible GSQL language. TigerGraph outpaces its competitors in terms of both speed and scale. The company's advanced approach to data partitioning and massive computation allows the platform to perform at speeds 10 to 100 times faster than competitors, while the platform's ability to accommodate several terabytes of customer data is unmatched in the market. These performance capabilities have made TigerGraph an easy choice for demanding enterprise clients: four out of five of the world's largest banks are TigerGraph customers.

But as is the case with many fast-growth startups, not every aspect of TigerGraph's technology stack was prepared for a sudden increase in customer demand. When TigerGraph's technical support team needed to connect to a customer instance, they contacted Technical Engineering Manager Duc Le to provide an access link. The technical support team could then use a private key to access the customer instance and troubleshoot the issue. Not only was this process cumbersome — it depended on synchronous communication with a single engineering leader at any hour of the day — but it was also insecure. As TigerGraph grew to support more enterprise clients and shifted more services to the cloud, its engineering leaders understood that they needed a new solution for infrastructure access control and security. The company chose Teleport to replace its previous approach to access management and deliver a global, always-on solution for troubleshooting customer issues.

One of the main problems we faced was how to scale the cloud side of the business. The bulk of our cloud engineering team was based in the U.S. which caused problems for our teams in China and the U.K. when they needed to access environments to troubleshoot. What's a solution that's going to scale to troubleshoot customer environments? That's how we ended up looking at Teleport.

Elliot Martin

Global Manager, Technical Support Engineer at TigerGraph

Meeting the needs of elite customers

To me the differentiator between TigerGraph and the rest of the marketplace is scalability. If you want to work with 10 terabytes of data, you don't really have another option. Enterprise customers are the ones looking for large-scale data, but to be able to work with those customers, your number one priority needs to be security. You need to be able to prove compliance with industry standards and show that you're accessing systems in a secure manner. With Teleport, we know that we're doing things the right way, but more importantly, our customers and auditors know that we're doing things the right way.

Elliot Martin

Global Manager, Technical Support Engineer at TigerGraph

Teleport provided TigerGraph with a secretless, zero-trust solution for identity-native infrastructure access. Instead of relying on private keys that could access every customer instance without nuance, Teleport allowed TigerGraph's technical support engineers to microsegment access across different roles. The company's Teleport configuration enables users to see resources and request a specific role with defined access, which a technical support engineer can then grant. Teleport replaced TigerGraph's single point of failure with a highly configurable access solution that can be counted on at any time — in any time zone.

TigerGraph's engineering team knew they needed to instill confidence in their customers regarding security and compliance. TigerGraph holds all customer resources on a private network which can now only be accessed using Teleport. This change to access management represented a significant upgrade to TigerGraph's security posture: the company has moved beyond securing resources on a database level to secure them on an infrastructure level as well.

Background image
Featured in This Article

Secretless Database Access

Secure, compliant, and effortless Database Access for all DBs from Amazon Aurora to Snowflake.

Teleport's identity-native infrastructure access didn't just help TigerGraph gain access to customer instances; it also allowed the company to make better use of its private cloud for internal uses. Technical support engineers, solutions consultants, and sales engineers use TigerGraph Cloud to test new product features and reproduce customer issues; when they need to replicate a customer instance, access is only a few clicks away through Teleport. Being able to provide development teams with access to customer instances has significantly boosted efficiency, making it easier to identify and locate issues.

Security has multiple aspects at this level. We put a lot of effort and energy into developing our product support and enterprise security with a rich set of features, including geo-based and privilege-based access to our system. We also have a comprehensive multigraph model, and we partition our graph data with different access to different users. Teleport is what allows us to control that access.

Renchu Song

Director of Engineering Management, TigerGraph

Seamless, stress-free compliance

TigerGraph's exceptional platform makes it a natural choice for data-rich industries including banking, finance, and healthcare. However, service providers must achieve rigorous certifications in order to work with these customers. TigerGraph Cloud is SOC 2-compliant, demonstrating that the platform can be trusted to securely manage customer data.

Certifications like SOC 2 involve extensive audit periods during which evaluators study how the service provider accesses the customer environment and what tools are used to maintain privacy, security and confidentiality. Teleport's audit log and advanced access control features, including mandatory two-factor authentication, made it easy for TigerGraph engineers to demonstrate the quality and rigor of their access control systems.

Teleport has significantly enhanced our audits. Without Teleport it would have taken some long, difficult conversations to prove we're doing things the right way. Teleport made the audit process easy.

Renchu Song

Director of Engineering Management, TigerGraph

Looking forward, new security and compliance certifications will play a vital role in TigerGraph's long-term growth strategy. The company is in the process of earning PCI certification in order to handle payment card data, while a longer-term goal is to achieve HIPAA compliance and expand TigerGraph's presence in the healthcare industry.

Teleport plays a significant role in enabling TigerGraph cloud to be a fully managed service that customers trust.

Duc Le

Cloud Engineering Manager, TigerGraph

Scaling at all levels

As TigerGraph onboards new enterprise customers, the company will also need to onboard new engineers as a result. Before switching to Teleport, every new engineer served as a reminder of TigerGraph's insufficient approach to access management. Teleport has significantly streamlined the process of onboarding new engineers.

While TigerGraph originally planned on using Google's single-sign on (SSO) solution, technical engineers struggled to configure the solution to match their needs. TigerGraph's engineers eventually discovered Teleport's integration with GitHub SSO, which provided an instant solution to their onboarding and access management challenges. All cloud engineers and support engineers have a GitHub account. By creating user groups on GitHub and matching each group to a certain role on Teleport, TigerGraph is able to quickly and easily grant employees the access they need to troubleshoot customer problems.

SSO integration really smoothed out how we log into Teleport. It's a really nice feature for us.

Duc Le

Technical Engineering Manager, TigerGraph

About the customer

TigerGraph is a platform for advanced analytics and machine learning on connected data. Based on the industry's first and only distributed native graph database, TigerGraph's proven technology supports advanced analytics and machine learning applications such as fraud detection, anti-money laundering (AML), entity resolution, customer 360, recommendations, knowledge graph, cybersecurity, supply chain, IoT, and network analysis.

Geo

Redwood City, CA

Vertical

AI/ML

Employees

250+

  • Challenges
  • Scale troubleshooting and customer support functions to support global cloud customer base
  • Meet high security expectations of enterprise clients in tightly regulated industries
  • Conduct complicated audits to achieve vital certifications
  • Results
  • Moved beyond bottlenecks in troubleshooting to achieve finely-tuned, always-available global access to customer clusters
  • Earned SOC 2 certification, demonstrating security bona fides to enterprise customers
  • Logs and advanced access controls streamlined auditing process for new and existing compliance procedures