Miles McGuire - Guardrails: Keeping customer data separate in a multi tenant system - Rails World

Rails Security Automation

Learn how Intercom uses guardrails to keep customer data separate in their multi-tenant system, navigating complex data models, edge cases, and automation to ensure data security and scalability.

Key takeaways
  • Guardrails are essential for keeping customer data separate in a multi-tenant system, such as Intercom.
  • Intercom’s data model is complex, with almost 800 active record models, and multiple databases.
  • The company was initially using an active record solution, but it was not scalable.
  • A key challenge was identifying and fixing edge cases, which required manually reviewing issues and making decisions about how to handle them.
  • The solution involved setting up a safe app and ensuring that it was used consistently across the system.
  • The company also implemented automated protection against data breaches and relied on engineering best practices to separate customer data.
  • Additional measures included raising exceptions when attempting to access data that did not belong to the current app.
  • The company’s data model includes an app ID column, which helps to separate data for each customer.
  • Admins are crucially not associated with a single app, so a separate system was needed to manage admin access.
  • Intercom’s authentication process was also complex, with multiple ways of inferring the right app.
  • The company used Honeycomb for tracing and debugging, which helped to identify issues and improve performance.
  • Edge cases were a major challenge, but by manually reviewing issues and making decisions, the company was able to fix them and improve data security.
  • Automated protection was implemented to prevent data breaches, and the company relied on engineering best practices to ensure data separation.
  • Additional measures included setting up a safe app and raising exceptions when attempting to access data that did not belong to the current app.

More talks

Josh Graham Interviews Aaron Bedra • YOW! 2020

👍 Looks GREAT To Me: Getting Past Bare Minimum Code Reviews - Adrienne Braganza Tacke

DjangoCon Europe 2024 | KEYNOTE: When I Grow Up I Want to be a Database Administrator

Martin Fleischmann - A Gentle Introduction to Spatial Data in the Pandas Ecosystem [PyData Prague]

DjangoCon Europe 2024 | KEYNOTE: AI, away from the hype

SAINTCON 2023 - Dustin Lee - A Beginner's Guide to Zeek

Your Tests Lack Vision: Adding Eyes to your Automation Framework

Going beyond Parquet's default settings – be surprised what you can get