Jellyfish is an Engineering Management Platform that enables engineering leaders to align engineering work with strategic business objectives. By analyzing engineering signals and contextual business data, Jellyfish provides complete visibility into engineering organizations, the work they do, and how they operate.
To-date, they’ve raised $114.5M from investors like Accel, Tiger Global, and Insight Partners. Their customers include PagerDuty, Salsify, Session M (A Mastercard Company), and Toast.
Phil Kelly, Head of IT
Leading up to Phil’s roles as an IT leader, he built his experience in functions including IT operations, Systems Administration, and Infrastructure Engineering for organizations like C Space, Battery Ventures, and the Gillette Stadium.
James Kirk, Head of Security and Privacy
Prior to Jellyfish, James held various Information Systems Security Manager and Security Consultant roles for organizations like DataDog, Rapid7, The U.S Department of Defense, The U.S Navy, and Microsoft.
David Liming, IT Engineer
As a long standing Cloud Engineer, David has focused on security, infrastructure as code, and automation at companies like C Space and NGP VAN.
When Jellyfish first connected with Sym, they had wrapped up a SOC 2 audit and an exception came back asking who had production access. At the time, everyone on the engineering team had more access than necessary to complete their day-to-day tasks. Anyone who requested admin access to the AWS console would get it permanently. It was a growing problem that they were aware of and that they needed to fix.
The team urgently needed a tool that would allow them to provision access to users on a temporary basis, but also wanted a tool that would eliminate overhead by managing revocation automatically.
Phil Kelly joined Jellyfish shortly after Sym was officially brought on as a vendor partner. His short-term solution to managing access requests was to have employees send requests in Slack, and then manage those requests via a manual ticketing system. “It just created a lot more work for myself for the sake of documentation.”
Once Phil was given the keys to Sym, he and David Liming got to work on implementation. Their organization already worked in Terraform so he knew that Sym would be a natural solution.
Their primary use case was to manage their organization’s overly permissive AWS access. This effort was two-fold: 1. They needed to eliminate broad-admin access from the whole organization and 2. Restrict role permissions that were outside of the necessary scope. To do this, their team reviewed all of the IAM policies that have been used by the team in the past year and set a wildcard admin role that would only enable access to things that were looked on, and gated it with Sym.
Adoption from their Engineering and Success organizations was initially met with skepticism. Going from broad access to gated access appeared like a forfeiture of privileges. However, once the team realized that they were able to continue maintaining requests in Slack and that the approval also gave them access, the company experienced near-immediate adoption. Within 3 months of launching Sym, David and Phil handled over 1000 approvals with a majority of the request durations being under an hour. The team assimilated quickly to the new culture of on-demand access and revocation on an as-needed basis.
Upon seeing the successful adoption of the initial workflow, they got started on a second use case to enable admin access to a custom admin portal for data used by their engineers, success team, and sales engineers. This process would automate a workflow that was being done manually, saving time for all parties involved.
Since implementing Sym, Phil has seen observed a number of immediate benefits for the organization and for himself personally:
As for what’s next, Phil and David are looking to expand adoption of their customer-data access use case to include the entire organization, including Sales and Marketing teams. Additionally, they’re eyeing Sym’s PagerDuty integration as their next major workflow to enable fast-tracked approvals using on-call schedules.