To solve this problem, Blend had initially built an internal tool so that end users could make access requests for SSH servers, databases, and IAM roles using Slack. This worked well but required constant attention and maintenance. Blend had an excellent group of security engineers who built amazing tools, but they needed to be focused on their own applications and intellectual properties.
By adopting Opal and deprecating their internal tool, Blend was able to shift their talented security engineers towards Blend’s product and trust Opal to build an industry-leading access management solution. With Opal, Blend employees can use a self-service app catalog to make requests. Admins can scale approvals and management through decentralization of system owners and managers. Lastly, the security team can configure resource-specific access policies based on the sensitivity of the resource.'
Why did Blend adopt Twingate
Ahead of adopting Twingate, the Blend team was managing multiple VPN solutions with inconsistent rules around who had access to what cloud resources. This meant that there was a lack of transparency and consistency around employee access controls which led to an increased workload on support and IT as their company scaled in size.
Given these pain points Paul and Matthew spun up efforts to simplify network access controls for users while also making the deployment process easier for their security team. They found both outcomes with Twingate and were drawn to the platform’s ability to seamlessly integrate with Okta and infrastructure orchestration platforms like Terraform and Opal.
How did Opal and Twingate Provide Value to Blend
With Twingate and Opal together, Blend is able to implement a zero trust architecture both inside its network and across its applications and infrastructure. Zero trust is a powerful concept in network security where, by default, no access is given and no source is trusted. Implementing zero trust is challenging but when done correctly, it fortifies organizations against attack by limiting their attack surface.
Both Twingate and Opal empower Blend to manage access granularly. With Twingate, Blend is able to grant very specific and short-lived network access. Once users receive network access, they can use Opal to request very specific infrastructure and cloud IAM access. Security can implement guardrails by configuring resource-specific access policies based on the sensitivity of the resource.
In addition, both Twingate and Opal reduce operational friction. In order for a security program to be successful, it must be easily and widely adopted. Employees should be able to use workflows for getting access without in-depth technical knowledge. With Twingate’s desktop application, application owners and users can deploy the solution without diving into the nitty-gritty of VPN workflows. In fact, end users barely know that Twingate is running, but it’s actually powering a lot of the background interactions. Similarly, with Opal, end users can leverage a simple, self-service app catalog to search and filter for the access they need. Opal also enables users to make and approve requests directly out of Slack or start sessions for RDS and SSH access using the command line interface.
By implementing zero trust across its network, applications and infrastructure, Twingate and Opal have helped Blend become secure by default. By leveraging the infrastructure that the security team has put in place, whether its defining Twingate resources or using Opal workflows, users are able to access the tools and systems they need in a secure manner.