Posted by Miryam Brand
May 11, 2022
Founded in 2015, Stash is a fast-growing banking and investment platform that allows its customers to invest and build wealth. Its founders, Brandon Krieg and Ed Robinson, former Wall Street veterans, wanted to make investing easy and affordable for everyone. Today, Stash has over 400 employees, helping over 6 million people create a more secure financial future for themselves.
Stash operates in the fast-paced Fintech industry. To maintain its competitive advantage, the company employs hundreds of developers and engineers to create innovative financial services. To help bring services to market faster, Stash has a cloud-first philosophy, with automated workload orchestration and CI pipelines.
Gavin Grisamore, CISO at Stash, is responsible for the company’s security. As a financial services company, Stash operates in a highly regulated industry and Grisamore must ensure they maintain compliance with many regulations, such as PCI-DSS. As Stash’s software developer and engineering teams grew, secrets within their Kubernetes environment grew exponentially. However, Secrets Management is not something developers want to worry about; they want to focus on creating impactful solutions to help Stash grow and stand out against the competition.
To reduce risk, and help with compliance efforts, Stash was looking to uplevel their Secrets Management solution, as well as their VPN remote access.
When their technology advisor brought Stash’s attention to Akeyless, Stash was immediately attracted to the fact that Akeyless is a unified SaaS platform and is multicloud. This matched the cloud-first mindset of this very dynamic Fintech company. By using a SaaS-based Secrets Management solution, Stash eliminated the operational overhead associated with deploying and managing Secrets Management infrastructure, high availability, disaster recovery, and backups. As the company’s CISO, Gavin Grisamore highly values the fact that Akeyless is a platform that supports Zero-Knowledge through its unique DFC technology. DFC makes it impossible for Akeyless, or other 3rd parties, to view Stash’s keys and the data they protect. In addition, Akeyless enables Stash to scale their engineering teams and make DevOps workflows more efficient by using Just-in-Time access scenarios.
Stash was also looking to replace its Open Source-based VPN solution to address human-to-machine access use cases. In Akeyless, they found a unified platform with comprehensive features, able to meet their needs for both Secrets Management and Privileged Access Management (PAM).
Check out the Customer Testimonial video where Gavin Grisamore explains why he recommends Akeyless for any organization that struggles with Secrets Management or PAM.
DevOps InfoSecLearn why secret rotation is crucial, the challenges faced, and best practices for both manual and automated rotations.
What is Just In Time (JIT) Access Management?Explore the transformative power of Just in Time (JIT) Access Management in enhancing cybersecurity and streamlining operations. Learn its types, benefits, and best practices.
Why Open Source Based Vaults Will Be Left BehindThe origins of Vaultless™ Secrets Management and why Vaults based on legacy open-source code are being left behind.