Skip to content

Practical Case Studies

Case Studies

A collection of case studies and implementation stories from various companies and teams, showcasing how they've tackled security and compliance challenges.

Identity

Link Notes
The building blocks of modern enterprise identity
  • When considering your overall enterprise identity architecture, you’ll want to build a strategy that touches on three main dimensions: the different types of identities, the identity lifecycle, and identity governance and administration
  • Identity types:
    • Human identities: employees
    • Device identities: machines (laptops, servers), whether physical, virtualized, or containerized
    • Non-human and software identities: service accounts, API keys, applications and services (often represented by certificates), and shared administrative accounts
  • Identity lifecycle: refers to the beginning, middle, and end of a digital identity—its creation, ongoing operation and management, and deprovisioning
  • Identity governance and administration: refers to the set of tools, processes, and teams managing the identity lifecycle
  • Stages of enterprise identity modernization
Reimagining Access Management Material's approach to access management, breaking it down into three categories: base access, just-in-time access, and tailored access
On Reviewing Employee Accesses Managed Through Okta How Mercari's Security team approached the challenge of reviewing user access permissions in Okta, while dealing with legacy configurations and practices
Backend Authentication and Authorization Patterns: Benefits and Pitfalls of Each
  • The API Gateway/edge authentication pattern
  • The middleware pattern
  • The embedded pattern
  • The sidecar pattern
Streamlining AWS access with Rippling at scale Integrating IAM Identity Center and Just-In-Time access
Passkeys - Threat modeling and implementation considerations Post reviewing the current state of the technology from a security standpoint and discussing some critical aspects of passkey implementation
Passkeys for Normal People Post looking at how to set them up, how to use them on websites and in mobile apps, and talk about what some of their shortcomings are
The cryptography behind passkeys Post examining the cryptography behind passkeys, the guarantees they do or do not give, and interesting cryptographic things you can do with them, such as generating cryptographic keys and storing certificates
Passwordless Authentication Series Palantir went passwordless across their company, including corporate and production environments (Part 1, Part 2)
Access approvals considered harmful If we're unsure about access being safe, adding an approval step can just be kicking the can down the road

Code

Link Notes
How we organize and get things done with SERVICEOWNERS
  • How GitHub engineering solves the age old problem of who owns what
    • GitHub engineering determined that we were missing a layer in between CODEOWNERS, how we group humans, and work to be done. Injecting a “service” layer between groups of functionality and the people maintaining them opens up a number of interesting possibilities
    • Consistency in our service definitions also allows us to centralize information about the services we run into a service catalog
    • Our service catalog is the one-stop shop for up-to-date information on the services that power GitHub. Each service in the service catalog also has a number of scorecards as part of our fundamentals program
  • The SERVICEOWNERS file
    • A SERVICEOWNERS file lives next to the CODEOWNERS file
    • SERVICEOWNERS consists of a series of glob patterns (app/api/integration*), directory names (config/access_control/) and filenames (app/api/grants.rb) followed by a service name (for example :apps maps to the team github/apps)
  • The service-mappings.yaml file: defines how services referenced in the SERVICEOWNERS file relate to services in the service catalog and GitHub teams
  • The serviceowners gem: a Ruby gem we integrate with our Rails app that combines data from the SERVICEOWNERS and service-mappings files to produce several types of output
  • The ownership.yaml file
    • Our service catalog can slurp up service information from any repository within the GitHub org that has an ownership.yaml file
    • Ownership expresses version controlled values for various service metadata
    • This allows us to have the boundaries of a service span across multiple repositories; for example, the GitHub Desktop app can have a component service within the monolith while also having its own standalone artifact from a different repository
Uber The Path to Code Provenance Strategy for ensuring we have a verifiable attestation of the origin of all code running in production
How DoorDash Ensures Velocity and Reliability through Policy Automation How DoorDash leverages OPA to build policy-based guardrails with codified rules that ensure velocity and reliability for cloud infrastructure automated deployments

Infrastructure

Link Notes
Unfashionably secure: why we use isolated VMs The Canary team shares a number of security choices they made that helped them achieve complete customer isolation
How Palantir Enables a Secure, Rapid Software Development Environment This post provides background on why and how Palantir initiated their Software Supply Chain Security (SSCS) program, and focuses on the threat model behind our security controls and posture
How Palantir Secures Source Control How Palantir protects source code, from zero-trust development to commit signing
Plaid’s journey to creating a key management system Plaid's journey of creating and leveraging a secure Key Management System to protect sensitive data, including design, architecture, usage, and challenges
Building Uber’s Multi-Cloud Secrets Management Platform How Uber built their own Secret Management Platform, solving key challenges and setting a new standard for secrets management

Endpoints

Link Notes
Enforcing Device Trust on Code Changes How the Figma security engineering team leveraged commit signatures and Okta Device Trust certificates to protect GitHub release branches
Designing for security and usability: Figma's modern endpoint strategy How Figma is securing devices without slowing teams down—using tools like Santa, Opal, and smart MDM workflows
Rolling Out Santa Without Freezing Productivity: Tips from Securing Figma’s Fleet Here's how Figma scaled Santa, an open-source binary authorization tool, across all their laptops to boost endpoint security while keeping workflows seamless
Scaling On-Prem Security at Palantir How Palantir leverages Insight, Foundry, and Apollo to keep thousands of servers in check
Endpoint vulnerability management at scale How Canva does endpoint vulnerability management on their endpoint fleet comprising over 5000 devices deployed across numerous countries worldwide

Implementations

Link Notes
Inside Figma: securing internal web apps A deep-dive into how Figma built a system for securing internal web applications that lets them require SSO authentication, enforce fine-grained authorization (via Okta groups), and support CLI tools, all using ALBs, AWS Cognito, and Okta
Inside Figma: getting out of the (secure) shell A simple solution for zero-trust shell access on AWS, by leveraging AWS SSO and Systems Manager
Visibility at Scale: How Figma Detects Sensitive Data Exposure Figma built Response Sampling, a real-time monitoring system that samples API responses to detect sensitive data exposure. It validates access permissions asynchronously, catches authorization bugs in staging and production, and integrates with their FigTag data categorization system to protect all sensitive fields
Catching Compromised Cookies How Slack automatically detects stolen session cookies