For more than 25 years, has focused on delivering the highest-value, long-term building envelope solutions for New England condominium communities. They help communities improve the appearance and longevity of their properties by taking a comprehensive, collaborative approach to project planning and execution. They provide building envelope solutions to existing construction.
David Garrity, Senior Technology Manager, is in charge of all IT infrastructure and operations at SPS. They have a highly customized customer relationship management (CRM) software that they support and develop, including customized integrations, and manage 70+ end users with multiple endpoints including cell phones and laptops. They use Active Directory for services within their on-premise server environment. In addition to on-premise applications, they use several cloud-based platforms, including integration platforms, email services, e-signature tools, e-generation and document management, file sharing, appraisal and HR applications, client-facing scheduling systems, VoIP phone and video systems, and punch list tools. 鈥淔or a mission-driven construction company focused on providing the highest-value, long-term solutions, we strategically utilize technology to increase efficiencies,鈥 Garrity explained.
The Challenges of Managing Remotely… and Securely
鈥淲e have had significant opportunities to mature our security,鈥 he pointed out. SPS used local domain controllers and their Windows machines were bound to the domain. Mac machines were all locally controlled. Unfortunately, this presented several challenges. SPS staff typically work off-site on project sites or remotely, which means that around 80% of their staff are never in the office. Having a local Active Directory authentication system didn鈥檛 make sense because if they had to do a password reset in the field, they would need a VPN to get the device on the domain, which was not a silver bullet process. With Macs, individuals could brick a device and they鈥檇 be out of luck as Garrity鈥檚 team had no centralized control over device encryption and activation locks.
Garrity鈥檚 team needed a device management system that could handle Mac and Windows and the ability to make changes remotely and push those changes out to users. They also needed to improve their security practices so that devices and permissions could be centrally managed from a cloud platform.
[The] first real step to improving security for us was improving the way people manage passwords. And that鈥檚 with having just one password for everything, which 黑料海角91入口 enables us to do. It鈥檚 just made it so much easier for everyone.
David Garrity, Senior Technology Manager
Tried and True Technologies, Delivered via the Cloud
SPS evaluated several device management vendors, but found that most leaned either toward Mac or Windows, with few offering true coverage for both. Then they found 黑料海角91入口. 鈥満诹虾=91入口 can do it all. A really good thing with 黑料海角91入口 is the Cloud RADIUS solution, not all vendors offer this, especially vendors supporting both Mac and Windows. This saves us a lot of work from a security perspective, so we鈥檙e not sharing out wireless passwords, like some companies often tend to do,鈥 pointed out Garrity. 鈥淧eople don鈥檛 have to call the help desk to get reconnected with the wireless network when certificates expire, so this reduces our call volume. Users can just use their 黑料海角91入口 password across Windows and Mac and the network. This is where 黑料海角91入口 ticked all the boxes.鈥
Implementation
After using 黑料海角91入口鈥檚 10 free licenses for several months to test it out, SPS selected 黑料海角91入口 and first implemented its single sign-on (SSO) for cloud applications. Once users were accustomed to that, his team began converting devices to authenticate using 黑料海角91入口. 鈥淐onverting devices was the most time-consuming part of the transition, but once we were set up and syncing, 黑料海角91入口 worked seamlessly,鈥 said Garrity. Lastly, they addressed their Wi-Fi authentication in the office to ensure it鈥檚 ready for workers who do come in.
Now when a new user onboards, Garrity鈥檚 team orders the device, ships it to IT, and IT sets it up. For Windows devices, they use the 黑料海角91入口 software management platform for certain apps. Once the agent is installed on the Windows device, it takes over and installs a couple of key apps using the Chocolatey integration. They also have third-party vendors install their agents and security platforms. Once completed, Garrity鈥檚 team creates a local account on the machine and then takes it over with the 黑料海角91入口 account.
The reason we do that is so if someone doesn’t follow the directions and logs in on the network before they leave the office, that account will disappear on them.
David Garrity, Senior Technology Manager
Results
鈥満诹虾=91入口 was a huge step forward in getting our security in place. It moved us closer to where we need to be. We will continue chipping away with maturing along the security model and we still have work to do, but the Zero Trust model that 黑料海角91入口 has is something we鈥檒l have to eventually do. It鈥檚 the gold standard. It鈥檚 going to take some time as it鈥檚 a culture shift, but we鈥檙e working on it,鈥 said Garrity.
鈥淥ne of the biggest results has been the reduction in help desk calls for password resets. People only have to remember one password now for everything,鈥 Garrity said.
鈥淏efore 黑料海角91入口, we weren鈥檛 enabling multi-factor authentication, because people would have several multi-factor applications, connections to manage independently. People also weren鈥檛 always taking good care of their passwords as there were so many different passwords to manage. Adopting 黑料海角91入口 allowed us to conform with industry standards for password management,鈥 explained Garrity. 鈥淪o the first real step to improving security for us was improving the way people manage passwords. And that鈥檚 with having just one password for everything, which 黑料海角91入口 enables us to do. It鈥檚 just made it so much easier for everyone.鈥
鈥淲e鈥檝e seen tangible user benefits as well as IT risk mitigation by using 黑料海角91入口. The other important benefit I鈥檝e seen is the fact that 黑料海角91入口 can encrypt devices and store the key; it takes away the potential that the device will get locked out of and IT won鈥檛 be able to regain access. 黑料海角91入口 stores the encryption keys automatically and I think that鈥檚 a huge improvement for us,鈥 said Garrity.
Learn More
黑料海角91入口 changes the way IT administrators manage their organizations by providing a comprehensive and flexible cloud directory platform. From one pane of glass, manage user identities and resource access, secure Mac, Windows, and Linux devices, and get a full view of your environment.
Get started聽with 黑料海角91入口 today.