Derivco: From South Africa to the world with a security model that supports collaboration
to get an integration network up and running
integrated and secured by Okta
10 locations can access their work tools securely
- Developing online gaming software for multiple partners
- Collaborating with partners while strengthening security
- Making security easy for employees and partners
- Removing IT friction to continue embracing agility
- Betting on a modernised infrastructure
Derivco, the South African software development house specialising in online games, needed a secure and agile way to keep business partners up-to-date on the progress of ongoing projects. The best solution would be to give them access to specific internal environments, where they could track projects in real time - but how to do this securely and without increasing the operational overload of Derivco’s IT teams?
To give several business partners access to different resources in separate systems, Derivco decided that creating local Active Directory (AD) domain accounts for each external user wasn’t a viable option, as this would be challenging to manage and, if not done properly, could open serious cybersecurity vulnerabilities. Instead, the development house turned to trusted partner Puleng for advice and was introduced to Okta Universal Directory as a solution for managing all users, groups, and devices from any number of sources, such as AD, in just one place.
To strengthen security while reducing IT friction for employees and business partners, Derivco also implemented Lifecycle Management to automate access management practices, and integrated work tools such as Office365 with Single Sign-On, Multi-Factor Authentication, API Access Management, and ThreatInsights, which blocks access requests from suspicious IP addresses. Meanwhile, a dedicated Customer Success Manager ensures that Derivco has continuous access to the latest updates and insights it needs to keep succeeding.
Having integrated its APIs, user identities, and nearly 200 active applications with Okta, Derivco now finds it easy to manage exactly what employees and partners have access to, and when. Automation and out-of-the-box integrations are speeding up processes for security teams and developers alike, who are now able to focus on other business or security initiatives.
Next, Derivco plans to move away from its on-premises infrastructures and to make Okta the primary identity provider for its HR systems. Meanwhile, the company aims to adopt a zero trust approach to security that also improves the experience of employees and partners alike.
When we were looking for an innovative way to collaborate with our business partners, Okta had the perfect solution: opening access to a few select environments in a secure and agile manner, without us having to create new accounts for guest users in our local domains.
Michelle Wilson, Identity and Access Management Service Owner at Derivco
Evidence of one of mankind’s oldest activities has been found throughout much of the ancient world, from Chinese texts to Egyptian scriptures. Today, it remains popular and, like most other human activities, also happens online. If you could bet on what we’re talking about, what would be your guess? This question is also a clue: we’re talking about gambling.
With the online gambling market forecasted to nearly double by 2023, many parts of the world are developing legislation that enables gamblers to play safely, in a regulated way. Meanwhile, making this possible online is Derivco, a software developer specialising in online casino games. Born in 1996 in its founder’s garage in South Africa, the software development house today employs more than 3,000 people across 10 locations, including the Isle of Man, Sweden, Australia, Barcelona, and Costa Rica.
In this fast-moving global market, collaboration needs to happen efficiently. When it comes to internal practices, this isn’t a problem for Derivco, which has a series of practices and tools that support its developers to work in an agile way. A favourite is the use of Jira boards for team members to track, manage, and report on work in progress in real time.
However, enabling business partners to join in these agile practices was challenging back in 2017, when Derivco teams needed to export their Jira boards as PDFs to send as progress reports to partners via email, a repetitive process that was holding back an otherwise fast-moving team. A more efficient solution would be to enable both parties to view how projects progressed in real time, in the Derivco environment. But how to give them access to the necessary internal systems without opening up cybersecurity vulnerabilities?
To answer the question, Derivco turned to Okta. “Okta is, and already was in 2017, the top player in the global identity and access management market,” says Michelle Wilson, Identity and Access Management Service Owner at Derivco, of the choice. “When we were looking for an innovative way to collaborate with our business partners, Okta had the perfect solution: opening access to a few select environments in a secure and agile manner, without us having to create new accounts for guest users in our local domains,” she explains.
Adopting a security model that keeps collaboration flowing
At the time, Derivco relied on Active Directory (AD), an on-premises user account management service, to verify the identity of any person requesting access to resources, systems, and on-premises applications. To give several business partners access to different resources in separate systems, Derivco would need to create local domain accounts for each of these external users, which would take time and effort to manage and, if not done properly, could have severe cybersecurity consequences. “If something goes wrong, you can end up giving a lot of access inside the environment to someone who doesn’t need it, and exposing sensitive data,” Michelle explains.
Looking for an alternative, Derivco asked its trusted cybersecurity advisor Puleng Technologies for support. The South African consultancy in turn recommended the adoption of Okta Universal Directory, a solution for managing all users, groups, and devices from any number of sources, such as AD, in just one place in the Okta Identity Cloud. With Puleng’s hands-on assistance, Derivco accepted the advice and completed the implementation within the year.
“Okta is such a user-friendly, well-constructed system, that it took us no time to become proficient in it,” Michelle recalls. “Today, Universal Directory is foundational to our organisation. In one place, it keeps everything we need to control who has access to what and when,” she adds.
Lifecycle Management was also implemented to further ease the load of Derivco’s IT team by automating the provisioning and deprovisioning of access rights to employees who join or leave the company, or move between roles that require access to different applications. Furthermore, Derivco also added an extra security layer to work tools such as Office365 with Single Sign-On, Multi-Factor Authentication, and more recently, Okta ThreatInsights, which blocks access requests from suspicious IP addresses.
“Okta fits extremely well with all systems we already had in place. With Okta MFA, we can for example enable different sign-on policies in addition to our Microsoft conditional access policies. This way, instead of choosing one protection mechanism over the other, we can keep on adding extra layers of security to all our systems and applications, which is fantastic,” says Cobus Van Tonder, Technical Specialist at Derivco, who is expanding the Okta integration to more applications within the company’s hybrid on-premises and cloud infrastructure.
Finally, to further secure enterprise data, Derivco implemented API Access Management to configure access policies and authorization to some APIs it develops internally. The solution helps to control how APIs are used by all employees, business partners, and contractors who use them to access Derivco’s custom applications.
Partnering for success and agility
Inspired by a successful implementation, Derivco revised its entire architecture to see how else it could take advantage of the Okta Identity Cloud, inviting the Okta support team to its headquarters for a two-day workshop. “And that’s when it became clear that we wanted a Customer Success Manager,” Michelle recalls. “We were very impressed by how quickly and frequently Okta launches updates, and how many insights the Okta team could share with us about Identity and Access Management. Having a dedicated Customer Success Manager means we’re continually getting those updates first-hand,” she explains.
Cobus, who agrees that the partnership has been a success, explains that his team of engineers immediately noticed improvements in their work environment too. “Okta makes our life so much easier. Before, it could take six months to provision users to an application if we were developing the integration network from scratch. Today, an integration takes 10 minutes,” he shares, explaining that Derivco has now integrated 200 active applications. “Okta lets us iterate and optimize now, not six months from now. We’ve reclaimed the time and capacity to focus on developing great games.”
Betting on a more secure and automated future
Next, Derivco plans to move away from its on-premises lifecycle and governance tool by replacing it with Okta Workflows. “In doing so, we will save ourselves months of work currently needed to maintain the infrastructure, backups, and availability of our on-premises system,” Michelle explains of the vision. “I’m really excited about that project,” she adds.
And in the meantime, Derivco aims to adopt a zero trust security model that empowers both developers and business partners. “We want to continue securing our business as much as we can, but without adding friction to their processes and tools,” Cobus adds. “This is something that we know Okta can help us with, which is why the Okta Identity Cloud is going to take center stage in our next security review,” he concludes.