P0 Security logo. 'P0 Security' is written with the 0 stylized as a lock, and below is the motto 'Access is our priority 0'
Sign up

Divvy Homes gains stronger visibility and control with a modern cloud-native privileged access solution

Shashwat SehgalShashwat Sehgal -
  • case study

Tags
case study
coverImageType
divvy-homes
AI summary
Divvy Homes migrates from a cumbersome legacy PAM solution, gaining control over cloud entitlements, visibility into over-privileged access within GCP, reduced operational overhead, and elevated their developer experience.
cover
img blog divvy case study.png
SEO updates
Author
Shashwat Sehgal
Date
Mar 20, 2024 04:11 PM
Description
Divvy Homes migrates from a cumbersome legacy PAM solution, gaining control over cloud entitlements, visibility into over-privileged access within GCP, reduced operational overhead, and elevated their developer experience.
Published
Published
Slug
divvy-success-story
publishedAt
Mar 1, 2024

About Divvy

Divvy is a financial technology company that offers a rent-to-own program, allowing renters to build equity in a home with the option to buy it within a few years.

Quote:

“We use P0 to control privileged access for GCP and Snowflake, including production databases such as CloudSQL, Kubernetes (GKE) and other services. Developers generally do not like any product or policy that restricts their access to production, but our roll-out of P0 has been very smooth. I hear several engineers comment on how easy P0 makes their day-to-day jobs.
Before switching to P0, our infrastructure team used another popular PAM solution, which was architected as a network proxy. This solution was not easy to use, especially as our organization became more cloud native, and started deploying workloads on Kubernetes.
We switched to P0 last year, and there have been several benefits. Not only do they cover more access use cases than our legacy PAM product, but they also provide visibility into over-privileged access within GCP. They have made our journey to SOC2 much easier”
  • David Schlesinger, VP of Engineering
 

Challenge

Divvy, stores and processes sensitive financial data, including SSNs and other financial information of their users. Divvy had implemented strict access controls on databases containing customer data in GCP. Before engaging with P0, Divvy faced several challenges with their IAM set up.
  1. Operational overhead: The platform team was processing several access escalations via JIRA tickets, or ad-hoc messages over email or Slack. The team wished to reduce this operational overhead, since they wanted to spend their time on revenue-driving features and priorities.
  1. Hard to deploy: The team had invested in a legacy PAM solution that required deploying a proxy or a bastion before every resource that they wanted to secure. This was especially hard for cloud-native resources. For example, for Snowflake, admins need to follow several steps for every database that requires access control. Given the high usage of Snowflake, this process was very cumbersome.
  1. No control over cloud entitlements: Over time, as Divvy’s developers began building on cloud-native technologies (such as GKE, Snowflake and other GCP services), they started using the native entitlements in GCP and Snowflake IAM. The proxy could not control these entitlements, which greatly reduced its ROI.
  1. Developer experience: The legacy PAM was not very easy to use for the development team, especially for a modern cloud-native stack. Given the complexity of the cloud, any attempt to implement fine-grained access led to a poor developer experience, as developers usually didn’t know what group or role to request.

Solution

The P0 team worked together with the Divvy infrastructure team to develop and operationalize a migration plan for the legacy PAM solution. They were able to successfully migrate the entire org to P0 in a few days with minimal disruption to developer workflows.
Key Features:
  1. Control Standing Access: Divvy’s engineering teams use P0 to define standing access for Postgres for their developers.
  1. Access to GCP resources: Engineers can use P0 for just-in-time access to sensitive resources in GCP, such as Postgres (CloudSQL), GKE and BigQuery.
  1. Slack integration Engineering team uses P0’s Slack integration for access requests and approvals.
  1. On-call automation via PagerDuty: Using P0’s integration with PagerDuty, on-call engineers can get automated access without requiring a human approval

Impact

  1. Developer Experience:
      • Mean-time-to-resolution of access requests has dropped from hours to minutes.
      • For database access, developers use P0’s features to request access for specific SQL queries. This makes it easier to request least-privileged and fine-grained access to exactly what the developers need, without getting lost in the complexity of Snowflake or Postgres IAM roles.
  1. Security:
      • P0 has automated many of the infrastructure team’s repetitive tasks, while enhancing the overall security posture.
      • P0 also gives the infra team visibility into over-provisioned access and unused keys, which the legacy PAM did not provide.

Provide privileged access in under 5 minutes

No credit card needed.