Cypress secures and simplifies its complex hybrid environment with Okta
- Competing in the fast-paced Internet of Things
- Solutions for a complex environment
- Finding the right solution
- Automation for better HR
- New identity management standards
California-based Cypress Semiconductor has evolved into a global operation providing technology solutions for the Internet of Things. Its products are in smart devices of all types, from smart watches to cars to connected appliances. As a fast-growing, fast-moving company, Cypress had a developed complex hybrid IT environment that was expensive, inefficient, and came with increasingly complex security concerns
Cypress needed a modern identity management solution that would effectively secure cloud and legacy on-premises applications and platforms. It also needed a way to simplify its overall IT environment for better data control, smoother HR processes, and an integrated user experience. Cypress employees were overwhelmed by the number of applications and IT systems, each requiring separate log-ins.
Cypress needed just one day with the Okta team to know that they’d found an important partner. Okta had ready-made integrations for cloud and on-prem applications Cypress used. By accessing these features, Cypress seamlessly integrated many of its applications into one platform, giving employees a single, secure login. At the same time, Cypress was able to eliminate many older IT systems.
By implementing Okta’s integration with SuccessFactors, Cypress was able to automate its employee onboarding process, offering a better employee experience and realizing significant cost savings. As well, Cypress now uses SuccessFactors as its single source of truth that ensures consistency and enables Cypress to use more sophisticated security features.
Okta has become a crucial part of Cypress’ IT security strategy: any new applications adopted by the company must integrate with Okta to meet modern identity management standards. Importantly, using Okta as a provider of security services means Cypress doesn’t need to be an expert in identity management, freeing Cypress IT to work on high value add projects for the company.
Establishing a simple, secure IT environment
Cypress, a technology company that develops solutions for the Internet of Things, has millions of customers and multiple locations around the world. It also had a complex IT environment, a mixture of cloud and on-premises systems, and third-party and custom applications that required each user to have multiple accounts and passwords. Cypress turned to Okta to modernize its identity management system, implement new security standards, and offer an integrated, friction-free IT experience. In doing so, Cypress was able to deprecate or consolidate many existing IT systems—and now enjoys the cost savings of supporting only one platform instead of many.
Brad Burton, Director of IT, Cypress
Before Okta, we had a lot of limitations. We couldn't easily integrate our cloud applications or grow our cloud experience. Okta has facilitated our transition to the cloud quickly and easily.
- Automated employee onboarding and termination processes
- Pre-built integrations for easy transition to SSO
- Modernization and simplification of IT infrastructure
- Lower IT administration, maintenance, and infrastructure costs
- Reduced IT friction
- Stronger security posture with a Zero Trust framework
- New identity management standards
Delivering solutions for the Internet of Things
Although most consumers may not know the name Cypress Semiconductor, they probably own a device or two that incorporates Cypress components—perhaps a smartwatch, a connected appliance, gaming system, or vehicle infotainment or security system.
Based in San Jose, California, Cypress was founded in the 1980s as a semiconductor design and manufacturing operation. Over the decades, Cypress has always stayed ahead of the curve, evolving into a technology solutions company with millions of customers globally. Its world-class secure wireless technology, among other advances, have given the company a substantial competitive advantage in the Internet of Things (IoT).
“IoT is in everything. It’s not just connectivity but size factor, power consumption, and ease of use. Our company today really is built around providing solutions that solve all of those problems.” says Cypress CIO Steven Nott. “From an IT standpoint, Cypress works to deliver solutions that do a lot of different things—but always with the goal of doing it simply and securely.”
Searching to simplify a complex environment
However, simple and secure can be difficult to achieve, especially in a fast-moving company relentlessly focused on tomorrow’s innovations. As the company’s expertise and reach grew, so did the organization itself, in part through mergers and acquisitions. Stitching together disparate companies was exciting, but also challenging.
“We had to figure out ways to onboard thousands of people all over the world and get them to work together,” says Nott. Initially, help desks around the world manually onboarded each new employee, a tedious and expensive process that Cypress wanted to automate.
New employees and new workplaces also added to Cypress’s already complex hybrid environment of cloud, on-premises and home-grown applications. “All of that infrastructure was very hard to maintain and cost us a lot of hours to support,” says Brad Burton, director of IT for Cypress. “We had so many implementations, whether it be the actual cloud applications, or our internal identity solutions like LDAP and Active Directory.”
As well, Cypress employees used a number of cloud-based applications, including Microsoft Office365, Salesforce, Zoom, and SuccessFactors—but these weren’t linked together, causing frustration among end users. “We couldn't easily integrate our cloud applications, which made it hard to grow,” says Burton.
“Nor could we provide an integrated experience for employees—we had so many different accounts, logins, and different passwords. It was very tedious for someone to remember all the accounts they had to access.”
Cypress needed a modern identity solution that would effectively secure both on-prem and cloud systems and offer employees an improved user experience. The solution also had to adhere to the Zero Trust model of security: by default, no one is trusted inside or outside a network, and strict identity verification is required from anyone wanting to access resources. .
“We quickly embraced the fact that we are working in a perimeter-less environment,” says Nott. “A mixture of devices around the world are connecting to our systems. This is reality, and we needed a quick way to solve it from a security standpoint.”
Burton says the Cypress IT team began their search for an identity solution with a narrow focus. “We started looking for a single sign-on platform, and then a platform that would allow us to integrate our HR solution and be able to automate onboarding and offboarding processes,” Burton says. “We started with that as our low bar.”
‘The right solution’
Cypress was able to meet and surpass that bar quickly, and it happened without much shopping around. In fact, Cypress’ search for an identity solution started and ended with Okta, who helped Cypress tackle its broadest IT challenges.
“We knew Okta was the right solution,” says Burton. Their introduction to the Okta Integration Network was a game-changer for the Cypress IT team. “Okta came on site and in one day walked us through the process of integrating Office 365, Salesforce, and our internal applications. It was amazing to see that a lot of the integrations were already there for our legacy and cloud applications.”
“We knew those pre-built integrations would make it pretty seamless to transition to a single point of entry, and it would be easy to administer on our back end.”
Cypress was confident that Okta would benefit the company. A small Cypress team worked quickly to ready the company’s IT environment to deploy Okta and the first new features were launched in less than a month. “We achieved Single Sign-On first,” says Burton. With Okta Single Sign-On in place, employees around the world could access all their cloud, on-prem, and custom applications through a single, secure point of entry.
The next step was to integrate Okta and SuccessFactors to automate employee onboarding and offboarding. “We’ve saved time and increased quality by automating these HR processes,” says Burton. “Our new hires, day one, have access to Okta: they have an account, they have the password, and they have access to all the steps they need to access Okta as well as our internal infrastructure.”
It’s a secure way to manage the entire employee life cycle. “Every employee that comes in, even a contractor, is assigned a role, and that role gets assigned particular security and access. That security and access carries forward throughout your employment at the company and then it all terminates automatically.”
Cypress was so impressed with its early experience with Okta that it wanted to deepen the partnership. “We have a pretty complex security environment, and we now understood that Okta provided value in other solutions, and had other features, like Adaptive MFA, threat detection, and behavior analysis,” Burton says.
The Okta Identity Cloud ticked another box: “The fact that Okta seamlessly integrated with our VPN client, Palo Alto Networks, allowed us to eliminate a couple of other products and simplify the environment,” says Nott. Cypress implemented Adaptive MFA to secure access to its VPN, as well as its HR tools.“We needed a tool that really interfaced with our existing tools and Okta was able to be that.”
One platform instead of many
Today, over 7,000 Cypress employees access the Okta platform. The fast-moving adoption of the Okta Identity Cloud has yielded tangible results, including modernizing IT infrastructure company-wide, and enjoying the reduced IT friction and financial benefits that brings.
Importantly, working with Okta has facilitated Cypress’s move toward more cloud-based systems. “Before Okta, we had a lot of limitations,” says Burton. “We couldn't easily integrate our cloud applications or grow our cloud experience, but Okta has facilitated our transition to the cloud quickly and easily.” And that has, in turn, allowed Cypress to eliminate a number of its existing systems and create that integrated experience.
“Namely, we've been able to remove Azure AD,” Burton continues. “We've been able to remove our integration with ADFS and our internal LDAP solution. Now we have one platform to support instead of many platforms.” And one platform is simpler and easier to secure.
“From an administrative standpoint, one platform is much easier to manage, and it brings savings, so it paid for itself. That's where the ROI was,” says Nott. Not only that, but any costs associated with Okta are predictable, making operating within a tight budget easier for the IT team.
Nott credits Okta’s accessibility for other cost savings in terms of development and maintenance. Much of Okta’s feature functionality is drag-and-drop, with little requirement for coding, which reduces overhead. The AI functionality, as well, works as-is. “We're actually able to take the logs that come out of Okta alerts and we load it into our SIEM tool,” Nott says. “And so we're able to react to those alerts easily.”
That ease of use means Cypress developers don’t have to work on Okta full-time—and they don’t need to be identity management experts, because Okta is. “As a result, we’ve been able to be free to go work on a lot more important things that add value to the company,” Nott says.
Setting new identity management standards
Thanks to Okta, Cypress has achieved another of its major goals: ensuring a secure Zero Trust environment built around strict authentication requirements. In fact, Cypress has made Okta a key part of their official cyber security policy, setting four key identity management standards:
- SuccessFactors serves as the master data management system—“the single source of truth,” says Burton—which ensures a standard source of data on employees and identities.
- Access management is based on HR data.
- Okta’s Single Sign-On with Adaptive MFA must be employed for all applications.
- Okta integrates with Cypress’ SIEM tool, LogRhythm, improving visibility so the Cypress security team can better detect intrusions.
“All four of those things have been empowered by Okta,” says Burton. “Having our identity management standards and guiding principles in one single platform is extremely valuable for our customers, as well as IT.”
Working with Okta into the future
The partnership between Okta and Cypress is strong, and expanding. “One of the things that we learned through this journey was that it's much, much easier to onboard vendors and software that plug into Okta,” says Nott.
“And so we have standardized that as part of our vendor onboarding process. Now as we work on our roadmaps, we try to select products that plug and play into Okta or are easy to integrate into the backend—either Universal Directory or the other tools that Okta populates downstream. That really has made things much easier.”
Cypress continues to work with Okta to find creative ways to meet its security standards. Nott gives the example of Cypress factories, which come with additional security constraints because workers aren’t allowed to have a phone in the factory. “So we’re working with Okta on different forms of MFA, to create different profiles in different ways that they can authenticate,” he says.
Okta’s Impossible Travel—an advanced behavior detection tool—also fit perfectly in Cypress’ security strategy. “As an employee or an exec is traveling around the world, Impossible Travel may catch cases where we see potential compromises and prompt for MFA using Okta, Okta Verify, or a homegrown MFA integration.”
Over 90% of all of Cypress’ applications and systems are now integrated with Okta. The team is working to bring outstanding pieces—mostly small, older legacy systems—in line with Okta as the new standard. The long-standing challenge of integrating cloud infrastructure and on-prem infrastructure has been almost completely erased. “And we're doing it two different ways,” says Nott. “We're either phasing out the older systems as we migrate them to newer platforms, which is part of our system-consolidation strategy, or we're working with Okta to figure out ways to bring them in house.”
Not only are the Cypress security and IT teams on board with Okta—but the company’s many employees, the end users, are too.
“The Okta platform is easy to use. It’s simple. They know exactly where to navigate and where to find things,” says Nott.
“It's pretty cool when you're able to deliver a solution that is easy to use, that thousands of users all over the world actually like and want to use every day. Now they want to put everything on Okta, which makes my job a lot easier.”
Cypress is a semiconductor design and manufacturing company headquartered in San Jose, California. The company’s leading wireless technology—along with its MCUs, memories, analog ICs, and USB controllers—give it an unparalleled position in the global Internet of Things market. Cypress targets innovative markets that grow faster than the overall semiconductor industry, including key segments of the automotive, industrial, home automation and appliances, medical products, and consumer electronics businesses. With over 30 years of industrial experience, Cypress positions itself as today’s technology partner for tomorrow’s solutions.