There’s a dirty little secret in Silicon Valley: the greatest threat to the security of customer data is not Russian hackers, foreign intelligence services, or even companies selling your data for profit. It’s the fact that an alarming number of employees at tech companies have unrestricted access to your private and personal data through the internal tools that companies build themselves to support customers. In the Bay Area alone, we estimate that tens of thousands of tech workers have access to these software programs whose names imply total access like “God View” or “God Mode”. While employees do need internal tools to diagnose issues, fix problems, and do their jobs, these in-house software programs lack permissioning, auditability, and controls — which can lead to access abuse.

Access abuse is a serious problem. Although most employees use their power responsibly, many companies are at risk from a single malicious employee abusing their access (it only takes one). This issue isn’t limited to small tech companies. Even companies with substantial resources that you would expect to take privacy seriously have failed to do so:

• Uber and Lyft employees stalked celebrities, spied on users, and tracked journalists, causing an FTC action.
• Snapchat employees were caught viewing photos that were supposedly deleted.
• Facebook employees were caught stalking women’s profiles and had access to hundreds of millions of users’ passwords stored in plain text.

These are just the reported stories. If you ask any tech employee how much access they have to your data, you might start worrying less about Russian hackers and more about tech workers accessing your private data. Even worse, when companies outsource customer support or operations work, it magnifies the problem because contractors frequently get access to the same internal tools.

How did this happen? And why?

As scary as this problem is, we didn’t get here as a result of bad intentions. Most companies want to do the right thing when it comes to protecting sensitive customer data. The problem is that protecting sensitive data requires building a robust admin console, a suite of advanced internal tools and controls that would inevitably take significant engineering resources away from the company’s core product.

Early stage companies almost always choose to focus on the core product because their primary goal is acquiring new customers and it’s vital to the success of their business. Companies follow the path of least resistance, building a bare bones version of an admin console as a band-aid solution until they have more customers and can dedicate the resources.

This is how the story usually goes:

1. The “Stop-Gap Measure”: The core product is starting to get traction and you need a way to empower non-engineers to resolve customer issues. As a result, the engineering team hacks together some rudimentary admin console. This effort is rushed because the engineering team needs to return focus to building the company’s core product. The UX is terrible and employees have access to all customer data. Everyone says it’s “just a stop-gap measure” and will be improved when there’s more time.
2. Bringing Out the Duct-Tape: The company is growing. More and more employees are using the hacked-together admin console to service customers. At this point, several features have been added to console and duct-taped together. Some features may even be broken or deprecated, requiring users to be trained not to use them. Everyone still has access to everything, and engineering provides little to no support because they are focused on building the company’s core products to keep up with customer demand. Everybody hates using this admin console and the engineers hate working on it as well.
3. Spiraling Out of Control: The company now has hundreds of employees using the admin console. Engineering support increases slightly, but only because the console is so broken that lack of support is causing real customer issues. A support rep may have changed something on a customer account not realizing that the change would have serious downstream effects. No one has any idea who made the change, or what the previous state was. Band-aid solutions are put in place and technical debt continues to pile up. On top of that, hundreds of employees now have access to sensitive data and your company is one copy-paste away from making some bad headlines.
4. Game Over: The company is failing compliance audits because it cannot demonstrate appropriate data controls or audit trails, operational costs are skyrocketing because the admin console is practically unusable, and customers are complaining about mistakes and slow response times. The company has no choice but to fix the problem by spending millions of dollars to hire or reallocate significant product and engineering resources. The scary part about this stage is that some companies never fix the problem.

The moral of the story is always the same: Tech companies shouldn’t build hacked-together internal tools as a temporary band-aid solution. Imagine if, instead, tech companies had a robust, user-friendly admin console from the beginning that gave them high quality tools for their employees and controls to protect their customer data. It would mean way more control over who has access to sensitive customer data, a dramatic decrease in time to resolve customer issues, better tools that employees don’t despise, and faster time to market because engineering efforts are focused on the right things. Everyone would be in a better place: companies, employees and customers would all benefit.

A Better Way

After years of building and maintaining admin consoles at tech companies and hearing horror stories from many other startups, we set out to create a better way: a high quality admin console as a service that eliminates the need for companies to build their own hacked-together internal tools. This is INTERNAL, the admin console that we always wished we had and never had the resources to build.

We designed INTERNAL around three principles:

1. Every company should focus on building their core product, not an admin console. That’s why INTERNAL is built to work the moment you connect to a data source: no engineering work required. Tables and records are automatically generated and linked together based on pre-existing relationships within your data and customization can be done with a few simple clicks. No SQL knowledge is necessary, making it easy for anyone to set up your console without being blocked on engineering.
2. Employees need high quality internal tools to be successful serving customers. It may come as a surprise to some, but internal tools aren’t unique snowflakes. We’ve identified a pattern for what people need: search and filtering, table and record views, ability to create and modify data, auto-generated tasks based on changing data, event triggers, and the ability to connect data across disparate systems (i.e. many databases and third party systems like Zendesk and Google Sheets). When done right, these are the tools that make teams faster, efficient, and more accurate. That’s why we focused our engineering and design efforts to make these features easy to use, powerful, and turnkey.
3. You can’t go halfway on data privacy and compliance. INTERNAL builds the security and compliance features that in-house teams never have the resources to build until it’s too late. Granular access controls and audit logs ensure employees only access the data they need, when they need to, and help companies be compliant with GDPR, HIPAA, SOC audits and more. No more compromising on data privacy and compliance, no matter how big or small your company is.

INTERNAL solves the fundamental issue that companies need robust, high quality tools but never have the resources to build them right. That is why we believe there will be a shift in the way companies think about their admin consoles. Just as companies once built dashboards in-house that are today replaced by analytics companies and just as companies once built sales tools that are today replaced by CRMs — we believe companies will choose an admin console as a service that provides quality tools for employees and data privacy protection for their customers, without compromising the development of their core products.

This is a massive problem that affects every tech company. It will take time to change and some companies will have to learn the hard way. So for now, the dirty little secret in Silicon Valley may remain, but we plan to fix that one admin console at a time.

If you want to see how you can leverage INTERNAL to change the story of your admin console schedule a demo with us today. We’re also looking for great talent to join our amazing team. Check out our job posting here.

‍