Intelligent CIO North America Issue 25 - Page 73


Olive provides an Artificial Intelligence and process automation solution designed specifically for the healthcare industry . As the company grew , its processes for granting , managing and auditing database access became cumbersome and unsustainable .

As a cloud-first and HIPAA-compliant organization , Olive required robust auditability and controls across its entire stack .
Additionally , Olive ’ s flexible workforce model , The Grid , gives employees the ultimate flexibility to work from anywhere – but also means the company needs stringent security and access controls to protect sensitive data .
The Olive team needed a modern and scalable approach for infrastructure access .


and then RDPing into a server via business-to-business ( B2B ) VPN tunnel .
The team audited data access via custom scripts , usually written in Bash or Python .
“ Granting , managing and auditing bespoke database access was becoming very difficult ,” said Infrastructure Engineer Kellen Anker . “ Data access requests were usually snowflakes or one-offs .”
Since adopting strongDM , Olive has been able to accelerate on-boarding for new technical hires , deploy fast and auditable least-privileged access across its remote workforce , and achieve the ‘ holy grail ’ of security postures-high-fidelity , query-by-query visibility into actions in databases and critical systems .
Custom workflows and insufficient controls create bottlenecks and compliance gaps
Olive serves over 40 healthcare organizations that encompass more than 600 hospitals in 41 states across the US – including a growing number of health systems with AlphaSites ( on-site centers for AI workforce operations ).
Olive helps healthcare systems like Tufts Medical Center automate patient pre-registration for COVID-19 tests , decreasing patient wait times and increasing testing capacity .
When Olive was launched , the company primarily managed database access with Ansible .
The team constructed and maintained YAML files with lists of database users and their required access for databases , individual tables , entire clusters and more .
Then , they executed the appropriate Ansible playbooks to apply the changes to the clusters .
Access to customer systems ( RDP into Windows server ) required connecting to Olive ’ s corporate VPN
Olive ’ s existing standards and policies governing data and customer-system access needed to be updated to keep pace with the company ’ s hypergrowth .
Accessing Olive ’ s private databases required connecting to the corporate VPN and authenticating with individual user credentials .
“ User credentials were stored as encrypted Ansible variables ,” said Anker . “ It was difficult to keep track of who was already in our Ansible automations , and who was not , without decrypting and inspecting each of these config files . Managing usernames and passwords for Olive ’ s engineers quickly became unruly .”
Furthermore , Olive ’ s corporate VPN had become a bottleneck for network performance for nearly every employee . Accessing Olive ’ s customer systems required per-customer networking settings , in the form of AWS route tables and NACLs . This quickly led to a bloated cloud environment and added unnecessary complexity to a system already plagued with scalability concerns .
The Olive team also recognized an opportunity to improve auditability and controls around customer system access , which would come as a significant compliance win .
Olive ’ s CloudOps , Infrastructure and DataOps teams faced challenges managing employee data access . The security team didn ’ t have a complete understanding of the scope of employees ’ access to data . IT had the headache of provisioning VPN accounts for one-off database access requests .
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 73