Lessons Learned Implementing Meaningful Access Controls to Customer Data

Patrick O'Doherty - Lessons Learned Implementing Meaningful Access Controls to Customer Data There exists an unfortunate open secret in our industry: that companies are often quite old and advanced in nature before they implement meaningful internal access controls to sensitive customer data. The reasons for this are numerous, ranging from lack of tools to lack of prioritization in the face of other engineering needs in startups. At Intercom we decided to undertake a significant body of work over a 9 month period to holistically address this issue internally resulting in an over 70% reduction in the number of people with such access and dramatically improved tooling, processes, and automation. This presentation will describe Intercom's journey with this work, the methods used, and the lessons learned which we think would be helpful for other companies.