Sourcegraph employees get permissions 25x faster with Entitle

Introduction

Sourcegraph is a global, remote code AI platform. They’ve spent the last ten years building the code graph that powers Cody, the most powerful and accurate code AI for writing, fixing, and maintaining code, and Code Search, helping developers explore their entire codebase and make large-scale migrations and security fixes.

With a growing number of clients and projects, the company needed a better system for managing access and permissions across its various cloud and developer tools.

‍

The Challenge

A painfully manual permissioning process

Previously, the process for granting access involved manual requests to the internal tech ops team, who would then seek approval from the relevant system owner. Once approved, the tech ops team would figure out how to grant access, which varied depending on the system. This process was time-consuming and could be prone to error.

Later it became Terraform-based, where someone with knowledge of Terraform, like the security team or cloud team, would have to modify and apply the changes. Not ideal for an agile tech company and engineers who deal with dynamic resources. Also, Terraform does not have built-in features for tracking or auditing changes to permissions, which can make it difficult to maintain compliance or investigate security incidents.

Choosing Entitle

Sourcegraph recognized the need for a more efficient and scalable system for managing access and permissions. After considering several other solutions, the company chose Entitle due to its ability to scale with increasing projects and support for its cloud-specific cloud environment.

The Solution

Streamlining access requests and grants with Entitle

With Entitle in place, the process for granting access has been streamlined and automated. Individual requests for access are routed to the relevant stakeholders for approval, and access is granted within minutes. Everything is logged in the Entitle system, allowing for easy auditing and justification of access.

Entitle improved Sourcegraph's time to completion and set-up in terms of who needed to approve access. An individual can now request access through Entitle. It then gets routed to the people who oversee either the project or the resource. Everything is logged in the Entitle system, so the access justification is always available in the logs.

‍

The Impact

Least privilege access, better and faster

With Entitle, Sourcegraph was able to reduce the time it took to grant access to systems from hours or days to just minutes. The tool allowed for a reduction in admin privileges on TechOps accounts and eliminated the need for long-standing admins in their systems.

Sourcegraph employees now get permissions they need 25 times faster than they used to. Before Entitle, it would take hours for employees to receive access. Now, for the most part, almost every access request is fulfilled immediately or within minutes.

Before Entitle, granting access to someone in Google Cloud, GitHub, Cloudflare, or any other tools, could potentially create unwanted attack vectors. It’s hard for a small tech ops team to keep track of 200 employees and all the different access they were requesting. With Entitle, the access granted to the teams working on a resource lasts for a few hours, up to a day, and then it automatically expires. The teams will not have access to the system when they are not working on it, so it's more secure.

Conclusion

Entitle has significantly improved Sourcegraph's access management process by reducing the time to completion, enabling the clear owners of the product to do approvals, logging justifications for access, and granting temporary access to the production environment. With Entitle, Sourcegraph now has a more secure access management process, and it makes their leadership team sleep a little bit easier at night.