Sym and Bryter: Mitigating the Risks of Permanent Access

By
Sandy Kwon
May 11, 2023

About BRYTER

BRYTER  is a no-code automation platform that enables business experts to build digital applications. Bryter is an internationally distributed team with members in Berlin, Frankfurt, Paris, Dublin, New York, and London. Their customers include ING, PwC, Deloitte, Baker McKenzie. They have raised $89M to date from Accel and Tiger Global Management.

Meet the team

 

   

 

 

Joao Martins, Product Security Manager

Joao has spent almost a decade in the IT and Security industry. At BRYTER, he spends most of his time thinking about how to build secure products and ensuring that the company’s security posture is aligned with business goals. Prior to BRYTER, he worked as an AppSec Engineering Manager at Checkmarx and as a Senior Tech Lead at Farfetch.  

The Opportunity: Finding a just-in-time tool that could be implemented quickly by the Security and Engineering teams

During the Summer of 2022, BRYTER was preparing for a SOC 2 Type 2 audit and knew that they’d be facing higher levels of scrutiny around their production-level access controls. At the time, AWS access was generally available to anyone on the engineering team, and privileged access entitlements were performed manually by the Infrastructure team who had to add and remove users to specific AWS groups - often resulting in erroneously prolonged and sustained access. The Security team was given a mandate to find a solution to reduce broad access to AWS while reducing the day-to-day burden on the Infrastructure team.

The team knew that they’d eventually need to implement a more secure framework, but with a long list of high priority projects, they needed a solution that they could implement quickly while meeting their list of technical requirements.

The Security team quickly collaborated with the Engineering team to collect requirements for an ideal security program, which included:

  1. No bottlenecks in the approval process
  2. A scalable solution to accommodate a growing team and a lean IT team
  3. Automation to reduce human error and route requests efficiently
  4. Auto-removal of access rights when no longer required
  5. Visibility into user permissions

Upon scoping out holistic requirements, they began searching for a solution and found Sym through a Google Search. Upon evaluating other services like Okta workflows, they ultimately chose Sym because they knew the code-first approach would be faster to implement and less resource-intensive to maintain for the Engineering team.

The Solution: High optionality and effectiveness with minimal effort

Between managing a persistent backlog and balancing bandwidth within a small team, launching a POC with a new software product can be daunting. Joao’s team had expected to spend at least a week standing up the implementation but found Sym’s rapid-onboarding experience to be one of the immediate benefits. They were able to push the implementation into production in less than 2 days.

The critical workflows they focused on included:

  • Access to AWS production and QA environments via AWS SSO
  • Self-approved AWS access to non-production environments

Joao expected the adoption of Sym to be met with pushback. Prior to implementation, engineers expressed hesitation around losing permanent access and moving to a request-based access program for fear that it might create further bottlenecks in their day-to-day operations.

However, once the teams were given access to flows and noticed that requests were permissible by anyone on the engineering team, adoption was immediate and frictionless. They no longer had to reach out to members of the Infrastructure team to gain access, which not only sped up day-to-day engineering work, but enabled the small Infrastructure team of 3 to focus on more critical projects to support the 50 person engineering organization.

 Sym enabled us to grant temporary, time-bound access to AWS production via AWS SSO with auto-revocation, which proved invaluable for troubleshooting and supporting our customers.”

The impact: Reclaiming the Infrastructure team’s time and improved engineering efficiency

Prior to Sym, members of the Infrastructure team would have had to pause active tasks and context switch to review and manually grant access to engineers. They’ve been able to reclaim and reprioritize that time to focus on critical projects and in parallel, the engineering team has experienced improved efficiency through autonomous approvals for AWS access.

BRYTER can be confident that only authorized personnel have access to specific production services for the right duration of time. Each of these requests are also tagged with valid business justification, making it possible to improve efficiency for their engineering team while maintaining a reliable log of evidence - exactly what they needed to feel confident entering their next SOC 2 audit.

 Symops has been a game-changer for BRYTER, helping us mitigate risks from uncontrolled and open-ended access into AWS. We can now better ensure that by automating the approval process and allowing all of our team members to approve requests, we've eliminated bottlenecks and streamlined our workflows while maintaining a clear audit trail.

Recommended Posts