Sensis Plans for a Scalable, Secure Future with Okta
users including customers and employees
on-prem servers eliminated
apps set up for automatic provisioning
- From print to pixels
- A fractured framework
- A transformational journey
- An auditor’s dream
- Factoring in security
- Building better services
Sensis has produced directories for more than 130 years, bridging the gap between businesses and the people who need them. When consumers began making purchasing decisions online, Sensis decided to focus on digital versions of its trusted print directories—now simply referred to as Yellow and White Pages.
This shift to digital directories required a modern approach to IT. Sensis’ IT environment included large datacenters with thousands of servers. A series of disparate solutions created a frustrating environment for employees, and made it difficult for IT to monitor activity and produce reports. This framework also required customers to authenticate into multiple systems to access a full range of tools.
Sensis needed a seamless user experience that would delight customers, maintain employee productivity, and scale easily. To centralise its IT framework, Sensis prioritised identity by partnering with Okta. Within 18 months, Sensis became a cloud-only company with no on-premise infrastructure and consolidated workflows for customers and staff.
The new centralised infrastructure made it easy for Sensis to gather data and generate detailed, admin-friendly access management reports. The Okta admin console increased visibility into user access requests, increasing the speed of IT’s response to events. By streamlining its onboarding and offboarding processes, the company also ensured that users had access to data they need—and nothing more.
Once Sensis had a clear view into its activity logs, the company noticed a number of access requests from international users. Since all of the company’s users are based in Australia, it decided to activate the geo-blocking feature included in Okta’s Adaptive MFA product. Security was stronger as a result, and the company is now adding other policies designed to protect executive accounts from spoofing.
Next, Sensis is planning to expand its business service offerings by providing voice search and online booking options. Since both of these solutions will rely heavily on data, the company will continue to put security—and identity—at the forefront.
Modernisation made easy
When Sensis shifted its focus from print directories to digital business offerings, it decided to modernise its IT infrastructure, too. The company needed a more agile environment that would scale well, improve the customer experience, and provide the necessary security. By partnering with Okta, Sensis was able to transform its complex, on-premise environment into an agile cloud-based infrastructure within just 18 months.
In this digital day and age, trust is key. Once an organisation loses trust with its customers, it's almost impossible to win that back. Okta plays a crucial role in keeping that trust and identity secure.
Robert Marino, Enterprise Technology Manager at Sensis
- Reduced maintenance and provisioning workload for IT
- 18 month modernisation, from start to finish
- Improved visibility with simple and convenient reporting
- Improved customer and staff experience
- Improved security posture including granular access control
- Day One access for employees and partners
A digital revolution
For more than 130 years, Sensis has forged connections between Australians and small-to-medium-sized businesses leading the way with print and online directories in Australia, including the Yellow and White Pages. In this way, Sensis provided businesses with advertising opportunities, while offering people a quick and convenient way to find the products and services they needed.
Now, most customers look to the internet when they need to purchase a product or service. Advertisers have had to adapt, and Sensis has evolved alongside them. The organisation now encompasses a number of digital consumer businesses, including online directories— Yellow and White Pages.
"Yellow is a solution offering services to small-to-medium-sized businesses. Services could include quotes, online bookings, and interactions between our small business customers and the end users who need them," explains Robert Marino, Sensis' enterprise technology manager. "White Pages offers that same level of customer interaction, whether that's with a government organisation or a business."
Sensis also owns a rapidly expanding business called Skip, which allows customers to pre-order coffee and food so they can "skip" the line when they arrive at a café or restaurant. All of Sensis' businesses have one thing in common—they provide digital advertising opportunities for modern marketers.
"We've gone through quite a large transformation over the years," says Marino. "We work with a lot of tradespeople and small start-up businesses so we have had to educate as well as lead in terms of technology. We're here to make connections between what the customer needs, and what small businesses are offering. It's all customer-focused, and about building connections between people."
Much of this transformation has occurred within the last decade, and it began with a desire to reposition Sensis as one of the biggest digital marketing companies in the industry. To achieve that goal, however, the Company needed the agility to quickly bring new customer solutions to market. But the Company's legacy technology infrastructure was complex and unwieldy.
"We were 100% built on data centres, with about 3,000 servers on-prem," says Marino. "It was challenging to manage those, along with multiple on-prem systems, and the identities of approximately 1,000 internal employees, including staff within Australia plus some offshore partners."
Sensis was experiencing many of the same infrastructure problems that most long-established businesses encounter. It needed to be able to provide simple reports and documentation to auditors and government regulators but, because the infrastructure was fractured, the company lacked the necessary visibility. It also created an environment where a customer might have to authenticate into as many as five different systems to access all their self-service options.
The Company needed a new centralised infrastructure made up of agile, cloud-based solutions—and with a strong identity solution at its core.
"Identities, whether they belong to staff members or customers, are a key component of any organisation," says Marino. "Our customer experience needed to be seamless, so it was crucial to have an identity solution that would allow customers to easily move between platforms. We also needed to apply that solution internally, because onboarding and offboarding was a real pain point prior to our transformation."
In early 2016, Sensis purchased a range of Okta products, including: Customer Identity Products Authentication and User Management; Workforce Identity Products Single Sign-On (SSO), Adaptive Multi-Factor Authentication (MFA), and Universal Directory; and Lifecycle Management, which can be used to manage employees and customers.
Then, the company moved 100% of its infrastructure to the cloud. By deploying a full suite of Okta products, the Company created a consolidated framework with a strong identity core, and a simplified user experience. The Company also modernised its customer experiences by rolling out a set of apps built using the latest standards, including OpenID Connect. Now, customers and staff can access everything they need through a single dashboard, and the number of helpdesk calls have been drastically reduced.
The overhaul was massive but, with Okta involved, it only took 18 months from start to finish. "We have two staff members working on Okta, and it's not their primary function. They've got other duties, but whenever we need integration help, we reach out to Okta and the turnaround time's very quick," says Marino.
Once the project was complete, Sensis had a centralised, cloud-based infrastructure for both customers and employees. "We've got nothing left on-premise," says Marino. "We're a very big AWS and Salesforce organisation, so most of our infrastructure sits in AWS, and our CRM system sits within Salesforce. Becoming this new digital organisation was a big shift for us."
A clear view
Sensis' newly consolidated IT infrastructure also solved one of the Company's more significant challenges: gathering the necessary information to compile the detailed access management reports required by auditors and government regulators.
This was particularly important given the number of business units at Sensis. While IT helped each unit set up dashboards and reporting, they were expected to manage their own apps and platforms. In a disparate environment, this made it difficult for IT to pull data from all the different business units. Now, reporting is simple.
"Having a centralised identity system makes reporting very easy," says Marino. "My team can generate those reports from a single point of truth, in an easy-to-follow format."
It became easier to monitor accounts as well. "That central view is a real core component," says Marino. "That single pane of glass is critical. I don't have ten people with ten sets of eyes on our systems, so having that centralised dashboard for all our applications is crucial to being able to react quickly to an event."
Next, Sensis automated its provisioning process by making its HR system a single source of truth that feeds user updates through Okta's Lifecycle Management solution, and provides users with access to the appropriate apps. The Company also boosted its regulatory compliance by fulfilling requirements of strict access controls for sensitive data.
The Company has a small IT team, so it often relies on external partners to help build out new solutions. As a result, Sensis needs to be able to quickly provide those partners with access—and when projects wrap up, they need to be able to revoke access just as fast.
"By onboarding those vendors through Lifecycle Management, we don't have to be concerned that another party might access our systems through their identities. We can manage that trust quite easily," says Marino. This applies to internal staff as well. "We onboard all our staff, whether it's a partner or internal staff, through our HR system. It all runs through the staff identity environment, and that onboarding is done very, very quickly now."
By carefully managing user identities throughout the entire lifecycle, Sensis eliminates the possibility of zombie accounts. In turn, this prevents bad actors—or even employees who have moved on to new roles—from accessing sensitive data.
"In our organisation, we get audited quite regularly," says Marino. "We also have financial controls that we need to be mindful of, and it helps to know that we're being cautious about removing system access when people move on, or move between positions. People move quite often between departments, and revoking access to information from previous departments is a critical component to lifecycle management."
Once improved visibility and access controls were in place, something unexpected happened: Sensis began to notice access requests coming in from users located all over the world. Since Sensis' customer and employee base is located in Australia, this raised concerns within the company, especially because it collects sensitive user data in order to provide users with relevant content and recommendations.
"In our organisation, data is key for us," says Marino. "So, protecting and securing that data is a primary focus. We need to make sure that the security around that is robust and can cope with bad actors coming from outside our region."
The Company decided to use geo-blocking, an option provided by Okta's Adaptive MFA. Now, any requests that originate outside of the region are automatically prompted for a second factor.
"At the start, security wasn't a main focus for our identity platform, but once we were able to see these rogue access requests, the security component became very crucial," says Marino. "The geo-blocking functionality really locked down our platform and secured our users."
Sensis is setting up policies to prompt for a second factor in other situations as well, such as when user location, and network context doesn't match past behaviour and the Company's security policies. Spoofing is another specific area of concern, but with Okta its new policies will protect the accounts of Sensis executives.
"In this digital day and age, trust is essential," says Marino. "Once an organisation loses trust with its customers, it's almost impossible to win that back. Okta plays a crucial role in keeping that trust and identity secure."
Boosting customer convenience
With a secure, easy-to-manage identity infrastructure in place, the Company is able to spend more resources on improving (and adding) customer offerings.
"We want to bring in new business services like online booking and voice search," says Marino. "Voice search is obviously a growing area in technology, and integrating with services like Google Home and Alexa are a big opportunity. We want our users to be able to ask Google Home, 'Can I book the hairdresser up the road for an appointment?'"
Identity will continue to play a major role throughout these new initiatives. "In the case of voice searches, there's definitely going to be a lot of data involved," says Marino. "We need to make sure that access requests are accurately authenticated, monitored, and reported. For us, security around data is crucial. We're a data organisation, so it's important for customers to know that data is secure."
With Okta's holistic approach to Zero Trust security in its back pocket, Sensis will be well-positioned to make this goal a reality.
Sensis helps Australians connect and engage through our leading platforms. We help create and manage valuable connections via our digital consumer businesses (Yellow, White Pages, True Local, Whereis and Skip), search engine marketing and optimisation services, website products, social, data and mapping solutions, and through our digital agency Found. Sensis is also Australia's largest print directory publisher including the Yellow Pages and White Pages. Find out more at www.sensis.com.au.