Plan your dream trip with Cresta AI Agent at CCW Las Vegas – Learn more

  • Products
    Back
    PLATFORM
    AI Platform
    Cresta is the enterprise-grade Gen AI platform built for the contact center and trained on your data.
    • Cresta Opera
    • Integrations
    • Responsible AI
    PRODUCTS
    AI Agent
    Cut costs, not quality, with human-centric AI agents you can trust
    Agent Assist
    Harness real-time generative AI to empower agents with unmatched precision and impactful guidance.
    • Knowledge Assist
    • Auto-Summarization
    Conversation
    Intelligence
    Discover and reinforce the true drivers of contact center performance.
    • Cresta Insights
    • Cresta Coach
    • Cresta Quality Management
    • Cresta AI Analyst
  • Solutions
    Back
    USE CASES
    Sales
    Discover and reinforce behaviors that accelerate revenue growth
    Customer Care
    Deliver brand-defining CX at a lower cost per contact
    Retention
    Transform churn risks into
 lifelong promoters
    Collections
    Accelerate collections while minimizing compliance risk
    INDUSTRIES
    Airlines
    Automotive
    Finance
    Insurance
    Retail
    Telecommunications
    Travel & Hospitality

    Why Transcription Performance Is Holding Back Your AI Strategy

    LEARN MORE
  • Customers
    Back
    Customer Stories
    Learn how Cresta is delivering lasting value for our customers.
    • CarMax
    • Oportun
    • Brinks Home
    • Snap Finance
    • Vivint
    • Cox Communications
    • Holiday Inn
    • A Top Telecom
    • View all case studies

    Our Own Zero to One: Lessons Learned in Building The Brinks Home AI Agent

    LEARN MORE
  • Resources
    Back
    Resources Library
    • Webinars
    • Ebooks
    • Reports
    • Solution Briefs
    • Data Sheets
    • Videos
    • Infographics
    • Media Coverage
    • Press Releases
    Blog
    Industry News
    Help Center
    Solution Bundles

    AI Maturity Blueprint: A Practical Guide to Scaling AI Adoption in the Contact Center

    LEARN MORE
  • Company
    Back
    About Cresta
    Careers
    Trust
    Customers
    Partners

    We’re Going Global! Cresta Expands to APAC and EMEA

    READ THE POST
Request a demo
Request a demo
  • Cresta Blog
  • Industry Leadership
  • Technology

Build vs. Buy: How Cresta Engineered Its Own Customer Data Access Solution

There is that moment in life of every startup when it’s no longer three people in someone’s garage. Early on everyone wears multiple hats and if the scope is small, having access to everything is fine. But as the company matures, scalable and auditable data access processes are required to provide customers with the assurance their data is protected.

Access provisioning is a big topic on its own and there are a lot of providers. But since they all try to make a living out of it, there is only so much customization one can hope for. After having a nasty experience with one of the providers who tremendously overpromised and drastically underdelivered we made a decision to build a provisioning solution for access to customer data ourselves — within the security team.

Why ‘Build’ Won Over ‘Buy’ at Cresta

The question ‘build vs. buy’ is very popular in the SaaS world, but I believe it is only ever posed for real to engineering. Other departments tend to lean towards the «buy» answer a lot. Not the case for Cresta security. As we proudly advertise that our team consists of engineers, we always consider the ‘build’ option very seriously.

The goal of the solution is to be able to answer at any given moment who of the employees has access to which customer data and why. Our engineering already allowed us to leverage the identity provider we use, so what remains is:

  • Make it more granular and transparent
  • Leave a paper trail in our SIEM
  • Account for edge cases, such as on call and customer-facing roles

First, we needed to teach our production and our SSO provider to work together in determining whether an employee has access to a given customer data or not. This integration is detached from the process of requesting and granting access. The persisted state of access is stored in the SSO provider. This allowed us to not introduce additional software in the way of a user, once the access request is processed and granted.

For managing approval flow we decided to use the application, where Cresta employees spend a significant amount of time already — corporate messaging platform. Yes, we created a chat bot. The flow could then become as complicated or as simple as our policies require that to be:

  • All actions are recorded and forwarded to SIEM
  • Line manager and security team are defined in our SSO provider, so we know the pool of approvers
  • We can allow escalation to happen in urgent situations
  • We can account for the pool of employees being on call
  • We can account for the employees assigned to the accounts in a CRM

Build vs. Buy: The Pros and Cons of Our Custom Solution

There are definitely pros and cons to our solution.

Pros of Building Our Own Access Solution

  • Compliance as code. Not in the usual sense, where one writes a script to see if something violated a policy. In our case code is the policy. It’s not enough to write a document and have everyone acknowledge they read it and hope they will follow it. In our case the policy is engineered as software.
  • Flexibility. We can always find a solution to unblock people in what they do. It will never be as flexible as ‘everyone is the admin’, but it can be pretty swift while staying compliant and justifiable for an audit.
  • Financial advantage. Provided we can manage the scope, almost always an in-house solution comes out cheaper.
  • Eat your own dog food. As it is a service, we go through the same process any software solution at Cresta would go through. We went through design reviews and developed everything according to our change management policies. Which allows us to test how security influences engineering flow.

Cons of Building Instead of Buying

  • Friction. Yes, we are building a solution that no one asked for. Maybe not everyone even knew there was a problem that needed to be solved. People tend to be more tolerant if it’s a bought solution. Even if it’s very expensive and not very convenient, the barrier to write a support ticket or to join an external office hours meeting is high enough that users find a way to live with whatever problem they have.Having someone reachable inside definitely lowers the tolerance to inconveniences. I personally have nothing against healthy friction. Different departments exist for a reason and they protect their goals. But it’s something to pay attention to, if you decide to build anything inside.
  • Maintenance. This is in a way a consequence of the point above. There is a high risk of the scope creep. Then it levels out the expected financial advantage and possibly the transparency of the policies. If there are a lot of special cases and exceptions, the policy becomes as full of bugs as the code. Even if you manage to keep your scope intact, this product stays for you to maintain.

Overall our experience with building and using this custom tool is positive so far. We do enjoy solving security and compliance problems with an engineering solution. Sometimes the answer to the ‘build vs. buy’ question can be ‘build’ for the security team too.

Author:

Sergey Kruk

March 20, 2025

100 South Murphy Ave Ste 300
Sunnyvale, California 94086

Karl-Liebknecht-Str. 29A
10178 Berlin, Germany

100 King Street West
1 First Canadian Place, Suite 6200
Toronto ON M5X 1E8

Info
  • AI Platform
  • Customers
  • Resources
  • Partners
  • Trust
  • About
  • Careers
  • Blog
  • Support
  • Contact Us
Follow us
  • LinkedIn
  • YouTube
  • Twitter

Newsletter

Subscribe for the latest news & updates

© 2025 Cresta

  • Terms of Service
  • Privacy Policy
  • Employee Privacy Notice
  • Privacy Settings