鈩 provides software consulting and development services, utilizing Agile teams to deliver web, mobile, and enterprise applications.
The company鈥檚 IT leaders wanted to identify a solution that would help them achieve ISO 27001 compliance and centrally manage their users, resource access, and devices across offices in three countries and for their remote workforce.
- Organization: Gorilla Logic
- Size: 700 consultants
- Location: Broomfield, Colorado; San Jos茅, Costa Rica; Medell铆n, Colombia
- Problem: Needed better remote management of devices
- Goal: ISO 27001 compliance & centralized IT control
Background
Jay Wallingford, Gorilla Logic鈥檚 Chief Technology Officer, and Cristina Hernandez, IT Director, led the effort to identify a solution that would serve as the company鈥檚 centralized source of identity and access management. They worked on an accelerated timeline for ISO 27001 compliance as the company was scaling quickly.
They used Google as a stopgap user management database but needed to find a more robust solution.
Challenges
Gorilla Logic has more than 700 consultants across three countries, and dozens of new consultants are onboarded each month. The IT team needed a way to configure and manage their MacBook Pros, as well as lock them down if they were lost or stolen.
鈥淥ne of the gaps was that we had no centralized system for managing our laptops 鈥 we had subpar remote device management over those laptops, where they were being used, what they could connect to, or what they could do,鈥 Wallingford said. 鈥淚n the event that a consultant stopped communicating with us, we had no ability to shut it down and wipe the disk.鈥
They also needed a solution that would integrate with Google Workspace, a wide array of SaaS applications, and cloud infrastructure for centralized onboarding and offboarding. This was a necessary security initiative, particularly as the organization sought ISO 27001 compliance 鈥 a high bar to meet.
鈥淥ne of the reasons we went with ISO is that, while it鈥檚 a difficult security standard to implement, it covers GDPR, which we saw more and more with our global clients,鈥 Wallingford said. 鈥淲e wanted to be able to provide our clients assurances that we had world class security controls in place and that they could trust our consultants with their valuable data.鈥
Solution
Although the IT team also evaluated Okta and Google Cloud Identity, among other solutions, they ultimately selected 黑料海角91入口. The cloud directory platform offers device management for macOS (and Windows and Linux) devices and includes Apple MDM.
鈥淲hen we first started, what we found was quite a challenge: having hundreds of computers across several countries with little control,鈥 Hernandez said. 鈥淣ow that we have 黑料海角91入口, it鈥檚 a new world.鈥
The team can enforce password complexity requirements and screen lock policies, manage installed software, and remotely wipe laptops. They also integrated 黑料海角91入口 with Google Workspace and are planning a RADIUS deployment to secure office WiFi networks.
鈥淲e were initially going in very excited about the single sign-on, which was great. But the MDM was the thing that really blew us away,鈥 Wallingford said.
Wallingford estimates that the company will more than double in the next three years 鈥 so they need a tool that can scale with them.
鈥淭he secure connection and control that 黑料海角91入口 provides with its MDM capabilities give us a programming language to control those computers,鈥 he said.
鈥淣ot only did 黑料海角91入口 address many of the issues that we identified during our gap analysis, but it also gave us the assurances that down the road we would be able to implement pretty much any security measure.”
With 黑料海角91入口 in place, as well as centralized logging and corporate antivirus, Gorilla Logic achieved ISO 27001 compliance and will seek certification once the pandemic has receded and auditors can visit the Costa Rica and Colombia offices.
Implementation
The Gorilla Logic team met with groups of consultants to install both the 黑料海角91入口 system agent and the corporate antivirus, Sophos, on each device. They also standardized email aliases and usernames on each computer, as well as created a consistent administrator account on each device.
Now, they can do zero-touch onboarding by directly shipping the MacBooks to consultants and managing them without ever having touched them. They deploy a set of policies specific to each office and install a regular set of applications on each device via 黑料海角91入口. In the past, clients would sometimes provide laptops for the Gorilla Logic teams, but with the new security measures in place consultants can continue to use their Gorilla Logic laptops, which saves the clients money.
鈥淚t’s a lot easier for us to get consultants going with our own laptops, and we鈥檙e able to save clients a lot of money and give them awareness around our security posture and what 黑料海角91入口鈥檚 MDM capabilities provide,鈥 Wallingford said.
The Result
Before the Gorilla Logic team installed 黑料海角91入口 and achieved ISO 27001 compliance, they spent dozens of hours going through costly security analyses with prospective clients. Now, they work in a shorter sales cycle because they can quickly demonstrate their security posture without going through what amounts to a gap analysis with each new client that requests it.
鈥淪ometimes it took months of negotiations,鈥 Wallingford said. 鈥淚t鈥檚 been huge in terms of our ability to quickly land a client because our security posture is so world class.鈥
Time Spent in the Sales Cycle Demonstrating Security Posture
Before: 40-80 hours
After: 2-4 Hours
He added that the Gorilla Logic team has been able to work with clients they previously might not have.
鈥満诹虾=91入口 and ISO 27001 have been a windfall for us in terms of sales. Now we鈥檙e in a position to land nearly any client out there from a security point of view. It helps move business, in addition to saving us time.鈥
Learn More
The 黑料海角91入口 Directory Platform is a comprehensive solution to manage user identities, resources access, and Mac/Windows/Linux devices. Use the platform to secure your environment, no matter where your users or resources are located, and enforce measures to help your organization meet compliance.
Read more about the 黑料海角91入口 platform, or get started with 黑料海角91入口 today.