Authorization as platform infrastructure: Lessons from scaling access at Vanta

Most platform teams treat authorization as an afterthought, sprinkling if statements across services until enterprise customers demand granular access control. Eeshan Agarwal, senior engineering manager at Vanta, shares lessons from migrating to a centralized, policy-as-code authorization layer serving thousands of organizations.

This talk covers:
• Why authorization breaks down at enterprise scale
• How to evaluate build versus buy for authorization infrastructure
• The dual-read migration strategy that enabled zero-downtime system swaps
• What policy-as-code looks like in practice and why it cut security bugs by 4-5x
• How the same architecture now governs AI agent permissions

Attendees leave with a practical framework for treating authorization as core platform infrastructure.