Loading…
BSidesSF 2018 has ended
View analytic
Monday, April 16 • 4:10pm - 4:40pm
Lessons learned implementing meaningful access controls to customer data

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
There exists an unfortunate open secret in our industry: that companies are often quite old and advanced in nature before they implement meaningful internal access controls to sensitive customer data. The reasons for this are numerous, ranging from lack of tools to lack of prioritization in the face of other engineering needs in startups. At Intercom we decided to undertake a significant body of work over a 9 month period to holistically address this issue internally resulting in an over 70% reduction in the number of people with such access and dramatically improved tooling, processes, and automation. This presentation will describe Intercom's journey with this work, the methods used, and the lessons learned which we think would be helpful for other companies.

Presenters
avatar for Patrick O'Doherty

Patrick O'Doherty

Security Engineer, Intercom
Patrick O'Doherty is a Security Engineer at Intercom in San Francisco where he works on all aspects of securing the Intercom platform. When not working on security he can be found hacking things at Noisebridge or attempting to produce very bad electronic music.



Monday April 16, 2018 4:10pm - 4:40pm
AMC - Theatre 7