Olive benefits from modern and scalable approach to infrastructure access with strongDM

Olive benefits from modern and scalable approach to infrastructure access with strongDM

Olive, an AI and process automation solution designed for healthcare, has adopted strongDM and has been able to accelerate on-boarding for new technical hires, deploy fast and auditable least-privileged access across its remote workforce, and achieve query-by-query visibility into actions in databases and critical systems.

Olive provides an Artificial Intelligence and process automation solution designed specifically for the healthcare industry.

As the company grew, its processes for granting, managing and auditing database access became cumbersome and unsustainable.

As a cloud-first and HIPAA-compliant organization, Olive required robust auditability and controls across its entire stack.

Additionally, Olive’s flexible workforce model, The Grid, gives employees the ultimate flexibility to work from anywhere – but also means the company needs stringent security and access controls to protect sensitive data.

The Olive team needed a modern and scalable approach for infrastructure access.

Since adopting strongDM, Olive has been able to accelerate on-boarding for new technical hires, deploy fast and auditable least-privileged access across its remote workforce, and achieve the ‘holy grail’ of security postures-high-fidelity, query-by-query visibility into actions in databases and critical systems.

Custom workflows and insufficient controls create bottlenecks and compliance gaps

Olive serves over 40 healthcare organizations that encompass more than 600 hospitals in 41 states across the US – including a growing number of health systems with AlphaSites (on-site centers for AI workforce operations).

Olive helps healthcare systems like Tufts Medical Center automate patient pre-registration for COVID-19 tests, decreasing patient wait times and increasing testing capacity. 

When Olive was launched, the company primarily managed database access with Ansible.

The team constructed and maintained YAML files with lists of database users and their required access for databases, individual tables, entire clusters and more.

Then, they executed the appropriate Ansible playbooks to apply the changes to the clusters.

Access to customer systems (RDP into Windows server) required connecting to Olive’s corporate VPN and then RDPing into a server via business-to-business (B2B) VPN tunnel.

The team audited data access via custom scripts, usually written in Bash or Python.

“Granting, managing and auditing bespoke database access was becoming very difficult,” said Infrastructure Engineer Kellen Anker. “Data access requests were usually snowflakes or one-offs.”

Olive’s existing standards and policies governing data and customer-system access needed to be updated to keep pace with the company’s hypergrowth.

Accessing Olive’s private databases required connecting to the corporate VPN and authenticating with individual user credentials.

“User credentials were stored as encrypted Ansible variables,” said Anker. “It was difficult to keep track of who was already in our Ansible automations, and who was not, without decrypting and inspecting each of these config files. Managing usernames and passwords for Olive’s engineers quickly became unruly.”

Furthermore, Olive’s corporate VPN had become a bottleneck for network performance for nearly every employee.

Accessing Olive’s customer systems required per-customer networking settings, in the form of AWS route tables and NACLs. This quickly led to a bloated cloud environment and added unnecessary complexity to a system already plagued with scalability concerns.

The Olive team also recognized an opportunity to improve auditability and controls around customer system access, which would come as a significant compliance win.

Olive’s CloudOps, Infrastructure and DataOps teams faced challenges managing employee data access. The Security team didn’t have a complete understanding of the scope of employees’ access to data. IT had the headache of provisioning VPN accounts for one-off database access requests.

Saving time by standardizing Access Control Patterns

When Olive Senior Infrastructure Engineer Michael Plemmons suggested strongDM as a potential solution, the team carefully evaluated strongDM and another potential vendor.

One reason the team chose strongDM was because it supported Olive’s entire stack, including RDS, Redshift, DynamoDB, Athena and RDP access to customer systems. 

Olive’s Cloud Infrastructure team has found that the benefits of strongDM include standardized, simplified access to databases, higher security and uniquely responsive customer support.

“strongDM has saved my team time by not having to create one-off users for each database and has allowed us to standardize our access control patterns,” said Anker. “It has also been time-saving for ramping up new engineers who need to access all our data sources. With one command, they can start contributing.” 

Delivering a seamless access experience for end-users

“strongDM’s vastly superior UX was a major factor in the decision,” said Anker, who successfully pitched the solution to Olive’s leadership with Senior Vice President of Engineering, Vivek Desai.

“End-users no longer need to worry about authentication to individual data sources and requests for new data access are easier to fulfil.

“The UX for our customer support engineers – those who RDP into customer-hosted systems – has simplified tremendously for similar reasons. Managing up to dozens of login credentials for every server was unruly and error-prone; strongDM has eliminated the need to manage these entirely.”

strongDM has made it possible to get developers on-boarded and working on day-one, as they no longer have to wait for corporate VPN access and have a single, standard login with access to everything they need.

It’s also possible to give developers read-only access to certain databases, which Desai says can help them become better engineers, by simply seeing how other teams and individuals organize their database schemas.

“strongDM is an end-user-centric way of looking at accessing sensitive systems,” said Desai. “It puts the end-user first and it also adds modern methodologies and deployment patterns into the mix.”

Attaining high-fidelity security and confidence in compliance 

“From a compliance point of view, I have no users in my data layer,” said Desai. “It’s a phenomenal security posture. I can go in with my head held high to any healthcare organization in the world and tell them the data layer security is on par with and above, most regulatory requirements.

“Previously, there would be up to 300 users in the database layer at any given time, but now everything is managed through strongDM.

“And from a security point of view, having the ability to have line-by-line, high-fidelity audit trail of all access to core databases, saved in an immutable infrastructure is a security and compliance person’s Holy Grail and we got that with strongDM. “On top of that, very critical systems are recorded in full fidelity. Having that streamlined into an easy-to-use, deployable product is awesome.”

Click below to share this article

Browse our latest issue

Intelligent CIO North America

View Magazine Archive