IT with users at the core
An independent law firm accelerates its move to the cloud, in the interest of offering a simple, consistent technology experience for clients and employees. Protecting lawyer identities when they’re working outside the firewall is critical.
Giving the help desk a break
Gilbert + Tobin chooses Okta over other solutions for its small footprint, simple user experience, and vendor-neutral position. The firm implements Okta Single Sign-On and immediately eliminates help desk calls for password resets and lockouts for third-party managed applications.
Automating account management
To help secure client information, the team automates account provisioning and deprovisioning with Okta Lifecycle Management. Enabling and disabling account access across the firm becomes a simple, policy-driven process.
Simplified tools. More control.
Gilbert + Tobin moves to a cloud-based document management system. Okta Single Sign-On underpins access, providing granular control. The company also deploys Okta Verify, for secure, step-up authentication for remote users on their mobile devices.
Responsive support. Increasing value.
Going forward, the firm plans to expand Okta’s role to include automating Office 365 provisioning, and mastering employee profiles in a new HR system. IT continues to work with Okta’s Customer First team to strengthen its identity stance.
Okta was the easiest solution for our people to use. We could put icons on applications, and users knew exactly what they were connecting into.Mitch Owens, Chief Technology Officer, Gilbert + Tobin
IT with users at the core
Mitch Owens runs IT for Gilbert + Tobin, a leading Australian law firm with more than 700 professionals across Sydney, Melbourne, and Perth. During its 30-year history, the firm has built a reputation for an independent, progressive approach. Serving primarily corporate and government organizations, its legal experts pride themselves on their ability to act quickly and decisively in the service of their clients.
Owens started at Gilbert + Tobin in 2013 as the infrastructure and applications manager, taking on the CTO job in 2016. During that time, he’s seen “massive” technology change, driven by the need to make the firm more agile and responsive. “We’re becoming a very mobile workforce,” he says. Gilbert + Tobin professionals need technology solutions that they can use on the run, whether they’re on a corporate laptop or a mobile device.
While security and risk factors underlie any new technology decisions, Owens runs his organization on the idea that, if Gilbert + Tobin users can’t access their work easily, that’s a risk factor, as well. “I don’t spend a dollar on technology unless it’s making a fundamental change in the user experience,” he says. “I put the user at the core of all our tech decisions.”
“I’ve tried to deliver what I call the ‘borderless’ network,” he says. Traditional ways of connecting employees to the corporate network via VPNs or remote access stations—“all that stuff becomes cumbersome for a user, and it creates management overhead, from a technology support perspective. I want to give them a consistent user experience across the board for all the products they use across any platform.”
That vision has driven Owens to accelerate the move to cloud infrastructure during his CTO tenure. His team is right in step with the company as a whole, which has embraced a more open, agile philosophy, moving their Sydney office to an open plan layout and trading out desktops for laptops.
Securing the identities of high-powered lawyers
The identity story for Gilbert + Tobin began in 2014, before Owens became CTO. “We were trying to get our lawyers to use Microsoft OneNote and the Office 365 cloud, rather than the old yellow, spiral-bound notebooks,” he says. Lawyers typically use those notebooks when they’re out meeting with clients, representing them in court, or researching a case, so the question of authentication came to the fore. How would Gilbert + Tobin protect the identities of its professionals as they moved around, doing their work outside the company’s firewall?
“It’s always been fundamental for me. Identity is the thing that makes you unique. If someone else can assume that identity, it’s going to cause havoc,” he says. “That put us on the journey of looking at identity providers.” Because Gilbert + Tobin was a Microsoft shop, they naturally took a look at Active Directory Federation Services (AD FS). Okta had just opened an office in Australia, however, and Owens was curious. He reached out to the local account manager for a demo.
“Probably the thing that took me initially to Okta was the very small data center footprint required,” he says. “It didn’t really need one. I ran a couple of agents on utility servers, which gave us identity management access to a number of clouds, not just the one we were looking at. As we onboarded more products—straight-away—identity management was sorted.”
User experience was a deciding factor when Owens compared Okta and AD FS. “Okta was the easiest solution for our people to use,” he says. “We could put icons on applications, and users knew exactly what they were connecting into.”
Identity is the thing that makes you unique. If someone else can assume that identity, it's going to cause havoc.
The team also appreciated Okta’s flexible, vendor-neutral position. “There were a number of applications we had that might not be your traditional cloud app. They might just be websites, but we could create a SWA (Secure Web Authentication) app and assign a username and password, without sharing generic usernames and passwords with a whole group of people.”
Getting in early with Okta
Gilbert + Tobin was one of Okta’s first customers in the Asia-Pacific region. “We got a lot of support from Okta to get it up and running,” he says. “We had a number of web sessions with the customer success team because at the time they were based in the States. They were more than willing to adjust the timing of some of their sessions to make it more palatable to our time zone. We had a really good experience around the onboarding.”
The team first implemented Okta Single Sign On so Gilbert + Tobin employees could log in just once to access their entire suite of applications. With Okta, they could move across devices, platforms, and applications, and every login happened in the background, without them having to think about it.
That simple fact—that users no longer had to think about usernames and passwords— significantly reduced help desk tickets for the IT team. Owens measures Okta SSO success by the reduction he sees in self-service type queries to the IT service desk. “There are no complaints,” he says. “Without a product like this, I’d be managing user names and passwords in ten or twelve different applications, and it would become an absolute nightmare. We have reduced password lockouts and other simple access issues. I take that as a positive.”
Secure access, simplified and automated
Today, Gilbert + Tobin is going full-speed-ahead with Okta, federating with Microsoft Active Directory and using Okta Lifecycle Management to automate Salesforce account creation and deletion. “Now we don’t even have to manage identities on another cloud platform,” Owens says. “It’s all centralized.”
Gilbert + Tobin IT uses Okta Universal Directory to manage client identities as well, providing access to Microsoft SharePoint-based client portals. “We were used to having all these external users in the internal Active Directory, which was an absolute nightmare,” he says. “We’ve now managed to streamline client profile maintenance and all the compliance issues surrounding it, thanks to Okta.”
Okta Single Sign-on and Lifecycle Management go a long way toward securing client information and making sure the right people have access to the right information at the right time. “We work with major corporates in Australia, including financial services, government, and health organizations,” says Owens. “Our challenges are the same as theirs. It’s all around securing identity, understanding what users are doing, and where they’re doing it. Or around logging and picking controls, offering row-based access, and things like that.”
With Okta, Gilbert + Tobin IT can see real-time reports identifying who has accessed what application, and when. It makes complying with security regulations simple, and also alerts the team to possible breach attempts. When employees leave the company, Owens can disable access to cloud platforms and applications automatically, rather than running through a lengthy manual checklist. “It’s a lot more seamless,” he says.
We've now managed to streamline client profile maintenance and all the compliance issues surrounding it, thanks to Okta.
More value at every turn
Gilbert + Tobin professionals navigate to applications via saved hyperlinks and desktop icons, but Owens plans to change that behavior soon. “One of the next things we’re going to roll out is showing users how to use the Okta application dashboard,” he says, “so they can be anywhere, and if they open up the Okta app, they can use it to launch applications.” The Okta dashboard also gives users the ability to reset passwords themselves—another plus in a fast-paced, security-critical industry.
Okta also gives users the ability to reset passwords themselves—another plus in a fast-paced, security-critical industry.
Now that the team has set up Lifecycle Management with Salesforce, Owens also has plans to revisit the firm’s Office 365 implementation, to set up automated provisioning there. He is also looking to implement a new human resources information system (HRIS), with the intention of connecting it to Okta Universal Directory and using the new HRIS as a master for employee profiles rather than Microsoft Active Directory. “When that’s up and running, we’ll be able to get the true value out of Okta … basically doing account creation based on rule-sets, workflow, and approvals,” says Owens.
“We continue to find new and better ways to use the product,” he says. “Ongoing support through Okta’s Customer First team has been fantastic. We’re always asking questions, so whether that’s through a formal support channel, where we might raise an issue and next thing you know, they’re building up new releases in the sandbox with some of the features we want—or just touching base with the local technical people here. They’ve been really good. Quite responsive.”
For Owens, and for Okta, securing access to information is the starting point, but ongoing success hinges on the user experience.
About Gilbert + Tobin
Gilbert + Tobin is a leading independent corporate law firm, advising clients on their most significant corporate transactions and disputes. From its Sydney, Melbourne, and Perth offices, the firm provides commercial and innovative legal solutions for ASX 100 leading companies, major infrastructure and service providers, as well as government and public authorities across Australia and around the world.