Case Study Automation & Orchestration Continuous Compliance Financial Management Commercial
Last updated on February 3rd, 2023 at 4:31pm
When do your best ideas materialize? For the founders of Encamp, a big idea came while camping. During a backpacking trip in Arizona, brothers Luke and Sam Jacobs talked about their love of nature and their experience in environmental compliance. Specifically, they wondered if there was a better way for Environment, Health, and Safety (EHS) professionals and compliance teams to manage their environmental compliance processes. From this trip, Encamp was born.
Today, there are more than 50 employees in the Encamp organization and over 200 customers who rely on their premier technology and expert compliance services to automate and streamline environmental compliance. Encamp is the largest third-party filer of EPCRA Tier II reports. These reports, mandated by the US Environmental Protection Agency (EPA), legally require companies that store hazardous materials to submit an annual Tier II report. For each of those reports filed through Encamp, the company donates a tree to nonprofit organizations such as One Tree Planted, helping sequester carbon from the atmosphere and promote human and environmental health.
Ben Jacobs, Encamp’s VP of Engineering, says “Through digitalization and in-house expertise, Encamp works with enterprises throughout the U.S. to transform environmental compliance programs that help achieve positive business outcomes.”
Balancing startup growth and the need for control
Ben came to Encamp in early 2020, a time of dramatic growth, from his position as a software engineer at Netflix. His mandate was to further mature the engineering effort and scale the team to capitalize on a great idea.
In his early months at Encamp, Ben juggled a lead developer role while hiring team members. In mid-2021, as more engineers joined, he shifted to putting infrastructure and processes in place to better support a mature 20+ engineering team.
Encamp is completely cloud native in AWS. As with most startups, the Encamp engineering team started rather small and team members had relatively elevated privileges in AWS because the organization needed to move fast.
However, as more people join an engineering team, access requirements become more diverse. Not all team members need access to the same things, and the access required for senior roles is often different than that required for more junior roles. On top of this, organizations must manage the nuances across different environments. For example, there’s likely more room to experiment with new services in a dev environment.
These were some of the challenges Encamp faced as the engineering team grew. Ben realized the organization needed a better picture of cloud use across the organization, how these accounts were configured, and how to ensure the right level of access to cloud workloads.
“In our early days, many team members had high-level privileges, because we needed to move very, very quickly. But this starts becoming scary when you add more folks. So, we had this need to start building out a hierarchy of our organizational accounts within AWS. One of our initiatives was being more sophisticated about how we set up our organization in AWS and then controlling access to those environments. This included keeping track of configuration across accounts and making sure these accounts were configured consistently for our purposes. We also had to ensure we were monitoring accounts consistently from a security and compliance perspective,” Ben said.
The challenge: how to build in control without stifling the freedom the team needed to solve challenges and innovate the Encamp solution?
The Build vs Buy question
Every organization with inhouse software development expertise eventually confronts the ‘Build vs Buy’ question. Do you invest your internal resources in building an application to solve a need, or do you look to buy a solution? In the startup world, the bias tends toward buying a solution.
“I knew early on that we would at least triple our engineering team. So, the need to control developer access to our cloud environment and put in place the automation to scale setup and provisioning was going to become a challenge. What might be a small drain on time now, was going to become more complicated, take up more time, and introduce the possibility of mistakes,” Ben shared.
“We could build something, but you must also support what you build. I was skeptical that we could build and support a solution by borrowing time, essentially, from our engineers who were focused on building our software. But the even bigger issue is that doing so is so far out of our core competency. I was confident that there’s someone else who has thought more deeply about the problems around access, configuration, and control across workloads.”
Getting started with Kion
In business, few things can beat the power of a referral. As Ben talked with his team about the need for cloud governance and management, one of his security engineers recommended a product — Kion — to help provide labor savings, consistency in account setup and configuration, and risk reduction.
Encamp began their journey with Kion’s guided evaluation offering, a free 30-day experience with the product installed in their AWS environment. Kion is a self-hosted solution that is installed in a customer’s cloud account, ensuring the privacy of customer data and allowing for increased integration potential across a customer’s tech stack.
“Prior to our evaluation, the Kion team developed a mutual success plan, and we had weekly meetings with the team to ensure everything was configured properly and our goals were achieved. We completed our evaluation in less than 30 days; the process went very smoothly, and we moved right into procurement.”
“After the initial configuration we rolled it out to everyone. Our security engineer used one of our biweekly engineering meetings to introduce the product, show how it worked, and then gave our team access. From the first sales call through initial implementation, the experience was very, very friendly. It was quite a smooth transition, and we haven’t looked back.”
How Encamp uses Kion
The main initial goals with Kion focused on access control and consistency as Encamp set up different environments in AWS.
From a financial management perspective, Encamp uses Kion’s budget enforcement feature to monitor spend. “We’ve implemented alert triggers in Kion that are based on percentage change, so we’ll be notified if there’s a significant increase in spend. In some cases, like a developer doing a lot of heavy computing, this increase makes sense, but Kion provides the opportunity for us to check and confirm this.”
“If we see a big delta month over month in our spending, Kion gives us insight and helps us identify areas where we’ve possibly forgotten to turn off something we were experimenting with or turn off a service in our machine instance that we left running. I welcome people experimenting because that drives our product and our company forward, but Kion allows us to implement caps on spend and then take action if a cap is reached.”
Having achieved their SOC2 Type One attestation, Encamp is now pursuing their Type Two attestation. SOC2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality, and privacy. Kion has contributed to this effort by providing increased visibility and the ability to easily demonstrate configuration setup of the production accounts during audit.
The Kion Value
“All of the capabilities that Kion provides — like consistent ways of monitoring spend and access control and a way to scan and enforce configuration policies — were things we needed to figure out. The obvious business impact we’ve seen by using Kion is the time savings — both from a build vs buy perspective and, now that it’s implemented, from the perspective of allowing us to focus on our environmental compliance product instead of managing our cloud environment.”
“Kion has fit all of our use cases for cloud management and governance. I also appreciate how Kion can scale with us — the point of entry into Kion is perfect for our cloud spend now and, when our spend grows as our business grows, the product will scale with us.”
“We have not had to think about cloud management deeply since we implemented Kion. Instead, we’ve concentrated on solving problems for customers. Our focus must be on building stuff that no one else has built yet to meet the needs of our customers.”
