Workiva takes a modern approach to security and compliance with Okta
daily Okta logins
days to implement ASA
of hours saved for the IT team
Okta is the identity source for every one of our employees. To have a solution for infrastructure access that integrates with Okta, and instantly provisions and deprovisions users and group membership - that’s huge.
Matthew Sullivan, Senior Security Architect, Workiva
- 1700+ daily Okta logins
- Secure, compliant reporting for Workiva’s customers including more than 75% of the Fortune 500
- Employees save thousands of hours by utilising Okta
- Only five days to implement Okta’s Advanced Server Access
Modernising reporting with SaaS
Workiva is transforming reporting, solving the most sophisticated challenges for over 3,000 organisations globally. Workiva’s customer base creates and connects data and narrative to consolidate and publish financial, performance, and regulatory reports to gain confidence and control across reports. The company achieved over $240 million in revenue in 2018 by bringing modern reporting to more than 75% of the Fortune 500 companies as well as to smaller private and public companies and government agencies.
As an enterprise SaaS provider, Workiva operates its multi-tenant service across a large-scale, cloud infrastructure fleet. Because of the sensitive nature of its customer data, Workiva has invested heavily in compliance – both for its own service and for the vendors it partners with.
The company is diligent about keeping up with the latest compliance standards, ensuring its policies and procedures adhere to SOC, FedRAMP, HIPAA, and GDPR. But Workiva treats security as more than just meeting compliance; it is core to the architecture and experience of the company and product.
As an Okta customer since 2013, Workiva has built its core workforce identity and access around the Okta Identity Cloud. With over 1,700 users enrolled across over 700 business applications, Okta is a key component of Workiva’s IT landscape, and with their adoption of Okta Multi-Factor Authentication, their security landscape as well.
Applying Okta to infrastructure
When looking for an infrastructure security solution, Workiva wanted something that would satisfy the compliance requirements and fit with the modern architecture of the product. Most importantly, they wanted something that would work seamlessly with Okta.
“Okta is the identity source for every one of our employees. To have a solution for infrastructure access that integrates with Okta, and instantly provisions and deprovisions users and group membership - that’s huge,” said Matthew Sullivan, Senior Security Architect, Workiva.
In their quest, they quickly found ScaleFT a strong partner of Okta for server access. ScaleFT was an early pioneer in the Zero Trust security model, with a modern architecture that aligned with what the Workiva team needed.
The team quickly fell in love with the product, recognising the clear benefits of no longer having to operate Public Key Infrastructure (PKI) themselves, automating access controls across their infrastructure fleet, and eliminating pain around credential management. The common pain point when an administrator leaves the company is quickly solved with ScaleFT. “Some IT Identity & Access Management Administrator at five o'clock on a Friday doesn't get a page saying, ‘Now go kill that account.’ It just happens. It's automatic. Some of those features, you don't realise how important they're going to be until you have them,” said Sullivan.
These security and productivity benefits were complemented with elegant solutions to very challenging compliance hurdles. For example, answering questions about credential management becomes a lot easier when the credentials expire after a single use. When compliance is the outcome of better security, and not just an exercise in checking boxes, it’s a much easier conversation with an external auditor.
The Security Assessor who performed the analysis could quickly see the benefit of having a complete end-to-end solution. The firm was impressed by how it enables better control for Workiva to manage risks and implement identity and access management effectively.
Okta acquires ScaleFT
Just as Workiva was finishing its evaluation, and getting ready to deploy ScaleFT’s Server Access product across its core infrastructure, the news hit that Okta would be acquiring ScaleFT. The news was so well received at Workiva that they officially became the first adopters of the new Okta product, Advanced Server Access. “Our perspective was, ‘Two of our favorite vendors marrying each other!?’ We felt pretty good about it. It’s been a great relationship for us and we've benefited significantly because of it,” explains Sullivan.
Rolling out Advanced Server Access has been a pain-free process for the Workiva team, seamlessly integrating with and extending core Okta identity and access to their server fleet. As a DevOps oriented company, Workiva deploys “infrastructure as code,” leveraging HashiCorp Packer to build machine images and Kubernetes to deploy workloads. It was easy for the team to bake Okta components into their existing build tools, automating the environments at scale.
Once they completed their rollout, getting the team on board with the new authentication workflows was a breeze. “The first time I demonstrated the solution to our operations teams, I quite literally heard gasps in the room,” explains Sullivan. The fact that Okta’s product components didn’t get in the way of how users interact with their tools and processes is a significant benefit towards its adoption across the company. “The software allows the Secure Shell (SSH) command to still work. And Secure File Transfer Protocol (SFTP) just continues to work. All these tools that we’re used to, but normally we have to jump on a VPN for – they just work. Support becomes a lot easier when it just works,” said Sullivan.
Eliminating the need for VPNs to access private systems is a benefit to adopting a Zero Trust architecture, but does require being precise and diligent about incorporating the right controls. Leveraging Advanced Server Access provides the contextual access controls needed to make smart trust decisions, while still preserving strong network layer security through the use of a bastion architecture. The productivity gains from moving off VPNs to bastions can’t be overstated. Sullivan explains, “The other thing that I realised early on and bought into is the ability to have the bastions be so easily configured. You just say, ‘Here's my destination. I don't want to worry about how I get there,’ and thanks to Okta, no one has to.”
From one software company to another
Across various markets and geographies, Workiva has seen tremendous growth and success by transforming the way people manage disparate business data with numerous collaborators, documents, and spreadsheets. Customer success is a key tenet to the organisation’s success, which is made possible through their partnership with Okta. Sullivan explains, “To the entire Okta team, thank you very much, you have no idea how much easier it makes my life and the lives of people I work with. What you do saves us time. We love you for it.”
Workiva, provider of the world’s leading connected reporting and compliance platform, is used by thousands of enterprises across 180 countries, including more than 75 percent of Fortune 500® companies, and by government agencies. Workiva customers have linked over five billion data elements to trust their data, reduce risk and save time. For more information about Workiva (NYSE:WK), please visit workiva.com.