Valon has an ambitious goal – reimagining mortgages from the ground up. The company services mortgage loans across all 50 states and DC and has more than 50 engineers. With the growing size of the engineering team and scale of the business, Valon knew that it needed to invest in state of the art access management controls to allow it to continue scaling with appropriate permissioning.
The platform engineering team knew that they needed the company’s access controls to reflect the maturity of the business. According to principles of least privilege – engineers should only get access to what they need to get their job done. The cornerstone of this strategy is providing just-in-time access; in other words, giving access only when they need it and no other time. This is a process that can become increasingly expensive with scale.
Overly restrictive controls could grind operational businesses to a halt. Paul knew that he could manually grant and revoke access using the internal IT team and google calendar reminders, but that would be an operational nightmare. Additionally, the mighty IT team of 3 supports over 250 employees and without a systematic approach it is difficult to understand and adjust employee access in real time.