Modern Health offers employers innovative solutions promoting employee well-being. Backed by leading investors and serving 200+ global companies including Lyft and Pixar, the company focuses on workplace mental health solutions with 400 employees and more than $170M raised.
Challenge
Modern Health managed over 20 Postgres databases and faced five key issues:
- Inefficient Access Management: Lacked automated user provisioning and deprovisioning for database access.
- Difficult User Governance: No centralized system tied to their IDP for tracking and auditing user access.
- Audit Limitations: Default Postgres logging was insufficient for tracking user queries effectively.
- Manual Processes: Time-consuming, error-prone manual database provisioning.
- Data Privacy Concerns: Inadequate data masking created sensitive data exposure risks.
Solution
Modern Health integrated Formal's governance framework for streamlined data security and compliance.
End-to-End Observability
Formal Sidecar provides deep insights on data consumption, with AWS S3 integration for audit log archiving.
Granular Data Control
Open Policy Agent enables real-time data masking and redaction, ensuring sensitive data is protected at the field level.
Operational Efficiency
User-friendly interface and Terraform integration streamline resource management, reducing manual overhead.
IDP Integration
Secure, simplified database access request process tied directly to the organization's identity provider.
"Formal's advanced solutions in data observability and governance equip our team with leading-edge tools, ensuring unparalleled security for our customer's data. Formal's solution, with its robust data governance model and deep integrations into Modern Health's IDP, allowed database access to become more secure and more scalable for internal users that needed access."
— Michael Hensley, Head of Cyber Security at Modern Health
"Formal's evolving suite of security tools is crucial for our enterprise, simplifying complex security tasks like query storage in S3 buckets."
— Michael Ivey, Staff Security Engineer at Modern Health
"Formal's comprehensive approach to data governance is instrumental in scaling Modern Health's cybersecurity efforts, ensuring our team is equipped with the industry's best tools for protecting our clients' data."
— Michael Hensley, Head of Cyber Security at Modern Health
Results
Formal's infrastructure revolutionized Modern Health's internal development processes, improving developer experience while fortifying data security.
- Automated user provisioning and deprovisioning across 20+ Postgres databases
- Centralized access governance tied to the organization's IDP
- Comprehensive audit logging beyond default Postgres capabilities
- Real-time data masking and redaction for sensitive data
- Streamlined resource management via Terraform integration
- Improved developer experience alongside strengthened data security posture
Products Used
- Access -- centralized, IDP-integrated database access management
- Logs -- end-to-end observability and audit log archiving to S3
- Policies -- granular data control with Open Policy Agent-powered masking and redaction