The challenge: Secure, scalable access without growing the team
When Spiros Andreou joined Weaviate as Director of Security and Compliance, the company was transitioning from a high-velocity startup to a scaling business. The leadership team wanted to build security the right way while preserving the company’s developer-first culture.
The existing model of manual access requests and always-on permissions took a lot of staff time, and meant developers were waiting for access to be approved and granted, rather than being able to work immediately.
Prior to adopting Conductor One, access control was based on separate “admin” accounts, which meant developers were constantly switching accounts, and retained standing admin access, especially in cloud environments. In addition, because access was granted manually, developers were often blocked while waiting to be granted new access. Maintaining centralised visibility, completing user access reviews and on/offboarding access was taking two full days of staff time per week.
The goal when bringing ConductorOne on was clear: automate access to cloud environments like AWS, GCP, and Azure in a way that improved security and developer experience.
The solution: Zero standing privileges and automated approvals via JIT
Weaviate adopted ConductorOne to automate privileged access across its infrastructure using just-in-time (JIT) access. Within just one week of onboarding, they had policy-based automation live, dramatically reducing manual effort while increasing control.
“ConductorOne integrated out of the box with the things that we needed, and it just connected really easily as part of our layered defenses. We didn’t need to build a whole load of middleware around it. Set up two policies, bang bang, and it all worked.” — Spiros Andreou
With ConductorOne, developers request access only when needed. Access can be automatically granted, time-bounded, and revoked without manual intervention.
“There’s no standing access to our cloud environment anymore.” — Spiros Andreou
The team also extended coverage using ConductorOne’s open-source Baton SDK, writing custom connectors to enable access governance for customer-facing systems. This allowed them to enforce consistent policy controls across their entire environment, not just the mainstream apps.
CLI-native workflows: Making security seamless for developers
One of the most impactful shifts came with Cone CLI, ConductorOne’s command-line interface.
Developers no longer had to context-switch or file tickets to get the access they needed. Instead, they could request, track, and manage access directly from the terminal where they already work.
“It has made sure that we have a really good default posture for identity and access management, but that we’re also enabling folks to gain privileged access when they need that to do their jobs.” — Spiros Andreou
This shift not only removed friction, it improved security adoption. Engineers didn’t need to bypass the system; they embraced it.
“We wouldn’t have been successful without Cone. It’s made the developer experience night and day.” — Spiros Andreou
Business impact: Building customer trust through zero trust
Beyond saving time and improving their security posture, ConductorOne became a core part of Weaviate’s customer-facing security story.
Enterprise customers entrust Weaviate with sensitive data, and demonstrating how that data is protected is both a compliance necessity and competitive advantage.
“Some of our customers are giving us their crown jewels. With ConductorOne, we can show exactly how we protect that data through JIT access and zero standing privileges.” — Spiros Andreou
That visibility helps Weaviate to build customer trust.
The outcome: Two days saved per week, stronger security by default
What was once a two-day-per-week burden for Spiros is now a lightweight, automated process that takes only two hours.
Instead of manually approving and tracking infrastructure access, Spiros has shifted his focus to proactive security architecture and scale strategy. At the same time, developer access is faster, better scoped, and more visible across the board.
“ConductorOne has helped the team stay small and not block our rockstar developers.” — Spiros Andreou
What’s next: Scaling secure access across the business
Weaviate now uses ConductorOne to manage access across all major cloud providers and internal systems. With Baton and Cone CLI, the team continues to expand coverage and refine policies to fit the business’s growth.
The end goal isn’t just technical control, it’s operational excellence and getting identity security right. Identity and access are no longer reactive, manual tasks. They’re a secure, automated, and user-friendly system that supports scale.
Challenges
- Manual access workflows consuming two days per week
- Friction for developers requesting infrastructure access
- Need to demonstrate access controls to enterprise customers
Results
- Time spent managing access cut from two days to just two hours a week
- Standing access to cloud infrastructure eliminated
- Developers request access seamlessly via Cone CLI
- Privileged access granted just-in-time via policy-based automation
About Weaviate
Weaviate is the AI-native database for innovating with vector search, RAG, and agentic AI at scale. With powerful hybrid search out of the box, seamless connection to machine learning models and a purpose-built architecture that scales to billions of vectors and millions of tenants, Weaviate is a foundation for modern, AI-native software development.
