"Previously, to provide engineers safe access to critical resources in Snowflake and Kubernetes, we created a patchwork of static groups and roles, used Azure PIM to provide escalated access, and spent a lot of time managing group membership.”
Eugene Yedvabny
Senior Staff Software Engineer,
Afresh
"P0 is a game-changer. Before, we had to choose between access granularity and ease of use. Now we get both. I sleep well knowing long-standing escalated access isn’t lurking in any group.”
Eugene Yedvabny
Senior Staff Software Engineer,
Afresh
About Afresh
Afresh is a San Francisco– based technology company that partners with grocery chains to reduce food waste. Their AI-powered forecasting and replenishment platform improves freshness and efficiency—while cutting climate impact.
Afresh is an AI-powered platform that helps grocery stores reduce food waste. They serve some of the largest grocery chains in the U.S., training machine learning models on terabytes of data each day.
With sensitive customer data flowing through Snowflake and other cloud systems, Afresh needed to demonstrate strong controls to maintain SOC 2 and internal security standards. At the same time, they couldn’t afford to slow their engineering teams—especially during incidents.
AI-driven innovation depends on access to data—and control over it. At Afresh, that means ensuring engineers can move fast while minimizing risk to sensitive cloud systems.
Before adopting P0 Security, the Afresh team struggled to balance developer productivity with strong access governance. Microsoft Entra PIM introduced friction and group sprawl that slowed developers down and required constant maintenance from the platform team.
They needed something better—a modern way to grant just- in-time access across systems like Azure, Snowflake, GitHub, and Kubernetes, without writing custom scripts or creating hundreds of brittle groups.
That’s where P0 came in.
Afresh attempted to implement least-privilege access using Microsoft Entra PIM, but it quickly became a source of overhead. Developers struggled to find the right roles, and escalated access often lingered after incidents.
As their environment scaled, the platform team faced:
P0 replaced the complexity of Entra PIM with just-in-time automation and clean Slack-native workflows. Afresh now uses P0 to govern access across their cloud stack:
Implementation took just one Zoom call.
Afresh’s security posture has improved while eliminating manual overhead. P0 automates away the need for access cleanup scripts, reduces group sprawl, and ensures production access is right-sized and ephemeral by default.
More importantly, developer productivity has increased:
Control and govern privileged access across all identities with P0 Security.
