The Overview
Featuring:
- Paul Guthrie - Information Security Officer
- Matthew Jackson - Security Operations and Architecture Manager
When Matthew Jackson, Security Operations and Architecture Manager, first joined Blend, there were about 100 employees. At that time, the Blend security team knew everyone at the company. However, as the company grew, both Blend’s headcount and number of applications scaled considerably. The security team increasingly ran into requests from new Blend employees seeking access or existing employees requesting applications the security team was not familiar with. It soon became extremely time-consuming for the security team to make well-informed decisions around access.
In response, Paul Guthrie, Information Security Officer, and Matthew Jackson implemented a bold and strategic vision to re-imagine employee access at Blend. From their experience, they knew that:
- Management needed to be delegated away from centralized security to teams who had more context
- Security teams needed to set automated guardrails
- Access needed to be self-service and easy to request
The goal was to improve security while reducing user friction. Using a metaphor, Blend was looking to build guardrails on a coastal highway: safety measures that don’t block the view, but instead protect users and enable teams to go faster than they would otherwise. From their perspective, the best security programs are the ones no one even knows are in place. Security is enforced behind the scenes, gently nudging users in the right direction without introducing friction.
One of the core problems that they faced was that provisioning access was a manual and expensive process. There was a lot of coordination required between centralized IT support teams and a host of different application owners and managers. This slowed down employees from getting access to the systems they needed.