Oktane19: How Industry Leading Brands Secure User Interactions In SaaS App



Jim Brennan: Good afternoon. On behalf of BetterCloud and Okta. I want to thank you for being with us here today. We are super excited about the panel that we've assembled. We've got some thought leaders from some of the best, most innovative brands that are going to share with us their thoughts, their perspectives on how to best manage and secure user interactions.

Jim Brennan: We're going to invite them up in just a few minutes, but before we do, I want to spend some time talking about what we mean in terms of what a user interaction is. So I think we all can agree that one of the many benefits of SaaS, maybe the best benefit is this notion that any user can access any application, anytime, from any device. And of course, to make this happen, there has to be a secure connection between that user and those applications. And there's a variety of technologies that makes that possible.

Jim Brennan: Things like single sign-on, multifactor authentication, to name a couple. But it's also important that we understand what's actually taking place within those applications as well. So what is that user doing in relation to other users, to the data within those applications, and to those applications themselves? This is what we mean by interactions. And when you start to think about things like this, what you find pretty quickly is that many of those things that makes SaaS so powerful, that ability to quickly collaborate and communicate at scale, those are the same things that can introduce some new liabilities into your environment.

Jim Brennan: And, in fact, it can actually introduce a new type of insider threat. Now we're all familiar with insider threat, and I think if I were to ask you, most of us in this room, when we think about insider threats, we think about that malicious insider, that disgruntled employee or that former employee, maybe taking that dump of sensitive data and putting it up on Pastebin for example.

Jim Brennan: But the reality is actually quite different from that. We actually, at BetterCloud, conducted a survey just a couple of weeks ago and we talked to about 500 IT practitioners and leaders. And what we found is that it's actually quite different, the situation. It's not so much that malicious insider, but instead it's that well-meaning, but negligent end user. It's that end user who maybe doesn't understand the consequence of those interactions. Right? And so, this is a different way of thinking about this threat. And I think it's the reason why you also see that most of the people we talked to, almost all of them, still consider this to be a really big problem that they haven't yet solved. And, in fact, most of the C-levels told us that they didn't think they were doing enough, they weren't investing enough to solve that problem. So I think it's a great example of this double-edged sword we have with SaaS. Great power, but also some new challenges that we have to overcome together.

Jim Brennan: We saw a very recent example of this just a couple of weeks ago. If you saw a TechCrunch article that talked about the fact that there were many accounts, Box accounts that had been compromised because essentially some users had changed some settings with regards to the sharing of files and folders. Nothing malicious, just didn't understand the implications of what they were doing, and the result was, in fact, a thousands of files were shared publicly containing all types of sensitive information, personal information, credit card information, sensitive IP. This is made worse by the fact that many of these apps have very different ways of configuring these types of settings, so it becomes a real problem for the end users to know what they're doing, frankly.

Jim Brennan: Now, if we start to dig in a little bit deeper into this idea of interactions, at the highest level, it's about trusted versus untrusted, and really no surprises here. In the context of a trusted user interaction, it may be a user interacting with another employee that's typically going to be trusted. Although, if that employee should not have access to certain types of information, might be untrusted as an example. Of course, they can also interact with users outside of their company, that could also be trusted if it's a partner that they're doing business with. But if it's not a partner, then typically that's going to be an untrusted type of interaction.

Jim Brennan: But this is not enough. There's more to the story than this. We have to start thinking about what's involved in those interactions in terms of data and the applications. So let me walk you through with some other examples and we'll start with the top right. You've got your services team, they've got a statement of work, and they're sharing that out with a partner, a delivery partner on that same project. On the surface, totally trusted, right? But what if that statement of work contains some information that, that partner has no need and really shouldn't be seeing at all? Sensitive pricing information or competitive information. Now it's not so clear. That line gets a little bit blurry.

Jim Brennan: In a similar way, you're marketing manager has invited your outside PR agency to join the Slack channel. Sounds good, right? Sounds perfectly fine. It happens all the time. Who else is in that Slack channel? What else is being talked about in that Slack channel? Again, that line starts to get a bit blurry at that point. Now, on the untrusted side, it's a little bit more straightforward. Engineer's sharing a roadmap with a former employee. Probably no reason for that to happen. How about the help desk? They've been given full super admin rights to manage your SaaS apps. Now, why? It's probably because the SaaS apps don't give you a whole lot of granular options in terms of the role based permissions. So we see this happen all the time, but now you've got a team that really has no need to have full admin rights and they've got the keys to the castle. So, it's not just about the user, it's about who they're interacting with and what they're interacting with.

Jim Brennan: The partnership between Okta and BetterCloud, it's all about building upon those secure connections and getting to the point of having secure interactions. We make a SaaS management platform that allows you to manage multiple SaaS applications from a single console and we're able to build upon the single sign on and the MFA and the identity lifecycle of Okta and offer things like secure onboarding, offboarding. We can give you full visibility into configurations of your applications, your data, your users, and then offer your way to see what's going on in terms of your data.

Jim Brennan: Two main use cases that we have today within the integration. The first is a scenario where something has happened in Okta with regards to the lifecycle of a user. Perhaps a new user has been created. Perhaps the role has changed. That event can act as a trigger into the BetterCloud platform. And at that point we can take a variety of actions across those multiple SaaS applications. Everything from adding that user to new groups, giving them access to files and shares, adding them to Slack channels and the list goes on.

Jim Brennan: The second use case has more to do with security. So, of course, Okta has the ability to see what's happening and detect certain types of malicious activity. Perhaps it's a failed multiple login attempts. That's a good example. That too, can act as a trigger into the BetterCloud platform, and we can then put into place automated remediations to address that security risk. So it's all about taking that initial information and then adding to it through automated workflows and through the rich context that we've assembled by having visibility into all of those multiple SaaS applications that we can deliver that type of outcome.

Jim Brennan: So with that, I'm going to ask my panel to join me up on stage. And, invite you to take a seat and drink a some lovely milk that's been put on the stage here. I think that's water actually, but thanks guys.

Jim Brennan: Okay. So we've talked a bit about user interactions and now I'd like to ask you to be maybe just to say a couple words about who you are, who you work for, and maybe how long you've been a customer of Okta and BetterCloud.

Jim Brennan: Jay, we'll start with you.

Jay Feliciano: Hello? Oh, hey. Jay Feliciano from Spotify. I'm a SaaS and security engineer over at Spotify. Basically just kind of helping make our SaaS apps do more than what they do today. Been a BetterCloud customer for about six years and an Okta customer for about two and a half.

Peter Barnett: My Name's Peter Barnett. I work for Bird Rides. I'm their systems administrator and my primary concentration is wrangling all the SaaS applications that we have. Been using BetterCloud as the umbrella to house them. And we were just talking about. That's it.

Karl Cassel: Yes, I'm a Karl Cassel, from Juul Labs. I'm an API integrations engineer. We've been a customer of a BetterCloud for around two years and an Okta customer for around one and a half.

Raul Santos: Hi. I'm Raul Santos. I work for a Peloton. I'm the lead DevOps engineer. My team and myself are responsible for kind of all enterprise integrations into our infrastructure, that is including our SaaS services, SSO, and we've been an Okta customer for just over a year and a BetterCloud customer longer than that actually.

Jim Brennan: Excellent. Well, thank you again for being here. Really excited to have you. So we talked a bit about this idea of insider threats changing recently and moving away from the malicious insider to maybe the well-meaning but not so careful end user. Tell us a bit. I'll start with you Jay, if that's okay, because you sat close to me. Tell us a bit about some of your experience with that and your perspective on it, maybe some things you've done using BetterCloud and Okta to solve that.

Jay Feliciano: Sure. Yeah, definitely something really big to consider. Right? I think one of the biggest struggles that any IT administrator has is when people are, at least for me, what I've seen is when people are leaving the company, right? And using the whole untrusted/trusted user model. What we like to do is specifically when one of the better ones that we've done is when admins are leaving the company. We're doing kind of like a pre-offboarding with them. We're kind of removing all admin rights, putting it all through triggers based in BetterCloud going through and using whatever connectors are available today. Plus, we've done some great work with BetterCloud too, on getting like new APIs added in there. We get the admins going through, unrolling them from their Slack, from being an owner in Slack to getting their Box permissions revoked. All that. And also at the same time while keeping them working and not eliminating their ability to actually work.

Jim Brennan: Got it. So, sort of a staging area for them before they leave, they can keep working, but you done that pre-work to make sure that things are taken care of.

Jay Feliciano: Exactly. I think, obviously, I think any company finds through audits, you're always going to find like the little pieces that get missed behind, and this has really helped us a lot with that.

Jim Brennan: That's great. Okay. Thank you. Peter, how about you?

Peter Barnett: Okay. I'm not nervous at all. That's okay. Okay. So from a security standpoint, BetterCloud has been extremely beneficial to us because of the offboading workflows. When an admin gets let go or leaves the company, no one really knows what they have access to other than them. Not everything's documented, especially in companies that are new and developing your like, oh, well you need this? Here you go. And it's not documented anywhere. Whereas, in BetterCloud with the auditing features and the logs that you can look through, there's no secrets. So, that's what it's been really helpful with BetterCloud.

Karl Cassel: I think for, we use it as a role based thing. So in terms of giving people the least amount of privilege that they should have, so not letting new hires be in certain groups that they shouldn't be a part of. So we use a lot of the workflows in order to kind of correct that initial onboarding and as well as the offboarding as well. So, getting the forwarding for all the emails and getting all of the drive data or whatever data that needs to be transferred over to whatever manager. And I think just, that and the workflows really do help us.

Jim Brennan: Right on. And can I ask, are you also controlling, for example, how sharing settings can be configured by users? Is that part of that as well?

Karl Cassel: Yeah. So, the sharing settings, we take a look at a lot and we really make sure that, okay, you're a part of accounting, so you should only see accounting. And, within the accounting group, maybe you shouldn't be seeing something at a C-level should see, and etc., et cetera.

Jim Brennan: Do users welcome that or do you get back, the fact that you're taking some of that control away from them?

Karl Cassel: It's tough because, from a security standpoint, we have to kind of enforce like, okay, you shouldn't have to see this at all. This is not something you should be seeing or something that is really ... you need to see to do your job, you don't need it. So a lot of it is just that and just helping the user understand, okay, this is what has to be.

Jim Brennan: Okay. Thank you. Raul?

Raul Santos: Actually, want to add to it

Jim Brennan: Yeah, please.

Raul Santos: There's a couple of things that, as SaaS services grow, and a lot of us use them in our personal lives. These methods that we've been using personally do not apply in the workplace anymore. And things like BetterCloud, things like workflows and remediations, and actually notifying users actually helps because they just don't have the knowledge and they're doing something that they would do in their personal lives with their family and friends, and they might not understand why doesn't apply at work.

Raul Santos: So the tool of BetterCloud and actually allowing them to know, we're helping them. Because there's just that knowledge in the new world of IT that everybody uses it personally. You don't see where the boundary of this is not okay at work.

Jim Brennan: Sure. And do you find most users welcome that education because they just feel kind of blind to what's actually happening here?

Raul Santos: Yeah.

Jim Brennan: They do? Okay. That's a great point. I think we talked about this before, is this the fact that, especially when the way you configure these platforms can be very different and to put all of that on the end user is pretty unrealistic, right? To think that they're going to take the time or really have the interest to understand all those different settings. Right?

Jim Brennan: Those are all great examples, and we talked a lot about sort of the relevance of security when it comes to offboarding as well. How about this notion that there's something that happens in the environment, maybe it's something that Okta picks up on. Maybe it's some something that looks suspicious, right? Or maybe something that's confirmed to be malicious, and this idea of using workflows in that context to remediate. You touched upon it a little bit, right? In terms of notifying and educating users, but talk a bit about sort of using it to actually remediate to reconfigure things or to lock something down. Karl, we'll start with you if that's okay.

Karl Cassel: I guess in terms of locking things down, a lot of it is based on groups in my mind. So we set particular apps to be part of certain groups. And so, when a user gets onboarded, like accounting or in IT, they would get provision these apps and we know for sure that okay, they will have these apps and they won't have anything that they shouldn't have. And, I think in terms of security, it'll give the least amount of privilege and you could build on groups as well. So you could have higher tiers of groups. So, let's say like a system admin should be having these apps, so we'll put them in this admin group.

Jim Brennan: Okay. That makes sense. Really relying upon groups to, along with that model of least privilege to enforce some of those policies. Okay. All right. Peter, how about you? Can you could tell us a bit about any experiences you've seen where maybe you become aware of the fact that something bad is happening and you don't have a lot of time, I'm guessing, you wish you had more people? That's probably the case for all of you. How do you utilize a platform like BetterCloud to get that job done?

Peter Barnett: One example of something internal that could happen is when someone maybe purges or offloads a bulk of documents from their drive or something from their machine or one of these apps applications to an address that's outside of the domain. Currently, we're working on trying to lock things like that down. We're really using workflows for things like attribution based grouping, based off of location, who we would report to, all kinds of things because as Bird has scaled in a very dramatic and quick way, I've had to take a small pool of users and get extremely granular and specific with the applications, what group, what Slack channels, and create the nesting. BetterCloud has enabled me to pretty much walk 10 dogs at one time with one leash. I know it's not specific on the remediation of security things within, but yeah.

Jim Brennan: Well, and that's something that is definitely common with all four of you, right? You're in very high growth companies and the amount of people that you're onboarding is really staggering on a daily and weekly basis. We talked a bit last night at dinner about all the challenges that brings up. And, as always, growth is a good thing, but if you're sitting in these seats, it's a real challenge. Right?

Jim Brennan: Jay, I know, I know obviously Spotify is in that boat and it's a good place to be. Tell us a bit about that experience for you and how you mitigate that.

Jay Feliciano: Sure. So, I mean, it's always interesting seeing a company growing at scale super fast, and you would think that as a company grows, some of the problems that you're used to dealing with will go away and you get new ones that emerge. But, I found that a lot of the old problems just compound and just get bigger and bigger. So one of the ones that we've been working on lately is someone has a compromised device or if they lose it in a cab and obviously, you have 5,000, 6,000, 10,000 people, that one or two a month now it turns into maybe like 10 a month. And that process, obviously you want to act quick on, you want to do these things and not having to go into each individual system kind of really slows you down and really leaves you that much more open and exposed.

Jay Feliciano: So being able to utilize something like BetterCloud and being able to create a workflow based around a device being compromised and just having any admin, any function, any trigger, just really just go in and do all those precepts that you have to do for securing somebodies data.

Jim Brennan: Do you do that in an automated fashion or are you doing that on demand as needed typically?

Jay Feliciano: In this one right now we're doing as an on demand when something happens. So it's just a matter of someone reports, lets us know they lost their phone, and immediately we go in and drop their name, and then BetterCloud takes over and runs whole course for us instead of having a waste a half an hour, an hour to do that.

Jim Brennan: Just to clarify, once that initial trigger happens, BetterCloud is performing all the tasks in an automated way?

Jay Feliciano: Right. Correct.

Jim Brennan: Got it.

Jay Feliciano: And one of the things we're looking into is actually automating that task using the APIs to see hat other triggers we can pull into that. So maybe whether that's from some type of reporting or something.

Jim Brennan: In that case, those tasks have some pretty big implications, right? Talking about wiping devices potentially?

Jay Feliciano: Yeah.

Jim Brennan: At a minimum, blocking from using those devices. So you've got to get that right.

Jay Feliciano: Yeah. We get pretty heavy handed on it, so we'll definitely go in, lock down devices, reset passwords, basically just separate that user out from everybody else until we can triage and find out what exactly happened with the devices.

Jim Brennan: Yup. That makes a lot of sense. Good. All right. Raul, another high growth company, Peloton. You're up to how many employees now?

Raul Santos: Probably close to 1,600, 1,800. When I was there starting a year ago, maybe 500, 600. We also have a very high growth of seasonal employees. We have a lot of retail stores. We actually do our own delivery. So for the holiday season we grow massively, very, very quick, for these employees that their lifecycle at the company is very, very short. That lift up actually having to onboard this massive amount of people, and actually, they're gone within a couple of months, it's reduced the amount of work we're having to do.

Raul Santos: And while we're still doing workflows, we're still fine-tuning some of those things, BetterCloud has made it in a way where before being a BetterCloud customer, I had my own custom written scripts in Python. You've seen every bodies API. The amount of time it took, every time something changed just to fix it, sometimes it was a couple of hours, sometimes it was a couple of weeks. That kind of workload is gone. It's the same with that kind of work, it would take an army of me and we still haven't figured out cloning.

Jim Brennan: Well, I'm guessing you don't have time to fix those scripts when the API changes and now that script isn't working, right? So it's both the manual aspect of making the script in the first place, but then keeping it up to date and maintaining it when you know things are gonna change, right?

Raul Santos: Not only maintaining them, it's also if I leave a company and I develop something and that knowledge that with me, when I'm gone and if something breaks, if there wasn't someone there close with me developing it, they might never be able to fix it again because they don't know the moving pieces. With BetterCloud, it's that natural speak that anyone can pick it up.

Jim Brennan: Yeah. Yeah. With the offboarding of the seasonal employees, because that's a real challenge, and of course, you've got your retail studios as well as your corporate offices. Definitely security implications to that, that we talked about. Do you tend to do that type of offboarding as well, depending upon the role? I would assume. If you're a delivery driver versus somebody working in a retail studio, tell us a bit about that. I assume you've got them set up in different roles.

Raul Santos: They have different roles, different axises. Where it's interesting, when you're in just the environment that's 365 days of the year, you have to be able a reducer in things, even on the weekends, nights. We are now at a point where we are in three countries, so we're in Canada, US, and the UK. So the amount of time it would take some manually do some of these things, we're reducing it, and we do not have an army of people working 24/7. If we ever to do those things, on demand has helped a lot.

Jim Brennan: Great. Peter, I know you've got some similar challenges with Bird and we talked a bit about the fact that you've got fleets that go out and service the scooters and/or charge them. So tell us about your experience with that. Probably a little similar to what Raul was talking about, but I'm sure you've got your own challenges as well.

Peter Barnett: That concept is not a mystery to me. If I got hit by a boss who's going to solve the problem? Whereas with BetterCloud, everything's built within it, so anybody can really pick it up. Something that came to mind when you were talking, Raul, is that when with the scaling, we're in multiple countries, right? We're all over the place. Somebody hits me up and says, "Hey, I need to send an email to these people, these people, and these people in three different countries for this reason and they all report to different people. How am I supposed to very quickly group that set of people together and get them that email?"

Peter Barnett: Something so simple. But based off of, and I know I'm going off of what you asked me, but this is kind of-

Jim Brennan: Good.

Peter Barnett: This is my workhorse right now. The connectivity between the Okta and the attribution level of the granularity, like who I report to, where I'm coming from, my bamboo isn't seen necessarily in BetterCloud unless I'm using web hooks, so how am I supposed to connect these dots? And I had a really cool analogy last night and I'm failing to remember it now, but basically G-suite in BetterCloud, in Slack, like we're all playing the same game. We're just touching the ball at a different time. So if I can figure out how to get my UK people and my Santa Monica people and my whoever else in one group for this reason, and then maybe segregated into different groups for another reason, I can't do that without the workflow in BetterCloud.

Peter Barnett: For offboarding or when an employee changes the location, like we were in Venice before and then we moved to Santa Monica. If I don't have it built into the workflow to remove me from a location and add me to a different one, I'm now in two different locations. One may not exist anymore and it may be getting security information that I'm not supposed to seat because I'm not there.

Jim Brennan: Yeah. And there are big implications to that, right? That's one of them. And that's a great point. And we talked before about the implications of actions users take, but clearly the actions that administrators take have even more far reaching implications. So that's a great of using the platform to kind of govern that a bit too. Right?

Peter Barnett: And on the seasonal aspect, Bird is relatively seasonal as well. It's not too fun to go on a Bird in the snow or the rain or whatever. We do have periods of time where I got to move people or people go on to the next project, they leave the company, whatever. But sometimes it's a large group of people. How do you do that without creating hours of manual labor for your entire team? That's just another feature.

Jim Brennan: Excellent. So all this sounds great, of course. But if you haven't experienced it, the idea of having not only one but now two platforms that have the ability to reach in and manage and touch multiple SaaS applications, getting all that working seems like it can be quite difficult. So, Karl, maybe you could tell us a bit about your experience onboarding into BetterCloud and Okta, and then also getting those two platforms to work together.

Karl Cassel: Yeah. So I think with onboarding, your bulk add feature was a very helpful in getting a bunch of users onboarded at the same time, because sometimes we have onboarding classes of a hundred, and it's just like, how do you do that manually? The bulk add is really helpful feature to help get us to that level. And it scales pretty well. We can bulk move users, so if we need to do like a structure change for example, we're able to move users from one group to another pretty easily, or mass move, or make any mass changes very easily through that bulk add, remove and maybe even group add feature.

Jim Brennan: Okay. And, tell us a bit about getting to the point with the platform where you could do those types of things. So when you first became a customer, what did that experience look like to get you to that point where you can start having and seeing the value like you just described pretty quickly?

Karl Cassel: When we first started, we didn't have as big of classes, so it wasn't as hard to kind of go through the workflows in BetterCloud and just onboard individually. But as classes kept getting bigger and bigger, we were like, "Okay, so we have to figure out how we're going to have to onboard 50 people at one time." And so, we were like, "Oh, the bulk add feature exists. Okay, so let's try this out and see how this would make our lives easier." And you just fill out the Excel sheet and boom, plug it in. And there it is. And a bunch of users just get provision at the same time. And once the operation is done, in Okta, we just do a sync and we have our users. A lot of that is also each user. We can assign a group when we add them. In Okta, we could mimic those groups and it'll make our provisioning pretty seamless.

Jim Brennan: Great. Jay, how about you? Tell us about Spotify's experience. First, getting along the BetterCloud platform and then getting that Okta integration working.

Jay Feliciano: Getting on the BetterCloud platform was super simple. Almost like the Thanos snap, it happens that quick. But to being able to get useful on it, the app itself is pretty intuitive. It's written for both engineers and entry-level people, so anybody can really get on it and start really making changes to it pretty quickly. Then being able to connect it with Okta, having those built-in connections already there, it makes being able to actually have a big impact in a company super simple.

Jay Feliciano: I mean, we live in a world right now where people, it's either you have to build it or you have to buy it, right? And I think this kind of lends to both of those where you can buy this tool, but then there's things that you could build within it if it doesn't exist today and the flexibility that you need is there, but I don't have to spend what these guys were talking about earlier, I don't have to spend weeks, hours, months, days at a time trying to figure out what's the best way to build this, maintain it, document it, have it laid out when it's just all right there in front of me between these two.

Jim Brennan: That's great. That's great. And how about, because we know nothing's perfect, so how about when we run into problems with understanding how to maybe, maybe not even so much the technology piece of using BetterCloud, but just knowing sort of best practice. What does a good offboarding workflow look like? Tell us a bit about your experience working with the BetterCloud team.

Jay Feliciano: So I'm pretty sure everybody in the health department over at BetterCloud knows me personally. I'm pretty sure I've spoken to everybody at least once or twice a day on average. It's really such a good partnership to have because you come up with something, you're all of a sudden you're in the middle of breakfast and you're brainstorming an idea of like, "Oh shit, I want to do this." Sorry, I can't curse. I want to get this done, I want to do this now. And there's people already there waiting and like, "Oh yeah, sure. Maybe like we haven't even seen it either, but let's figure it out together." It's like a symbiotic relationship almost.

Jim Brennan: That's great. That's excellent. Raul, how about Peloton? Tell us about your experience first getting on the platform and working with it.

Raul Santos: The platform is super easy. I think when you start adding more connectors, and this is one that I kind of, as soon as you release connectors are probably just spend an afternoon adding everything that we had. The amount of data that all correlated very quickly, was great. And again, to try to build that internally, the amount of people, the amount of time, that one afternoon will probably pay for itself. So it's very, very easy.

Raul Santos: Even as more workflow ideas come up and we run into issues because any tool, it's a tool, some of the things that you're trying to do, while there are examples of what does a good onboarding or offboarding workflows looks like, they don't apply to everybody. Using some of those tools and contacting BetterCloud and having that instant support, just even in chat, they're saying things that I sit there and like I'm doing 10 things at a time, working with the support and working on other things. Being able to achieve what I'm trying to achieve because now it's a partnership. I don't have my head going in circles trying to figure out how to do something. I have a conversation with someone of like, "Hey, this is what I'm trying to do. This is how I'm trying to do it." And you have that conversation of like, "You're trying to do it this way, but to think about it this way." It's instant and it's a great thing to have.

Raul Santos: And it's one of those things were an older generation of admin, you were that sole person that did it. You didn't share your knowledge. But in the SaaS world, we're all partners, we're all working together, and we're all trying to achieve the same thing. It's not about my personal, this is intellectual property. No, we're trying to achieve these things. We're trying to provide these services. So the actual service that the business is running can progress.

Jim Brennan: Absolutely. And it is a partnership. It's very helpful for us because we learned from those interactions as well. Right? That's what informs our view of what best practice looks like and then we can share that back with other customers when they contact us. That's great. Peter, how about with Bird?

Peter Barnett: What's really great about again, the relationship between Okta and BetterCloud is that when a person needs to go and their threshold is exceeded, and BetterCloud just punches of the rest of the payload out on its own, I don't have to go in and deactivate this, deactivate this, remove them from this group. The payload and the workflow is just ... it's one touch. And on the support side, BetterCloud has the best customer service that I've experienced personally in comparison to some other applications. Okta is amazing too. We are at Okta.

Peter Barnett: But I mean, just the chat and the window, I think we tested it on a call with my team and they're like, "Yeah, just try the chat window out." Two seconds later. And they're like, "Oh, okay." And I was like, "Sorry, it was just a test." He's like, "Did I win?" I was like, "Yes." I don't have a question for you though

Peter Barnett: But yeah, with, offboarding especially, when you got a million things going on, everyone in the department just kind of growing on their own, so to speak, in their own direction, having offboarding and onboarding, just taken care of so I don't have to worry about it anymore so I can concentrate on other things it's really nice to be able to have BetterCloud to take care of that.

Jim Brennan: Excellent. Karl, how about Juul's experience coming onto platform?

Karl Cassel: I think Juul as a whole, we've really loved it and just being able to maintain and do a lot of reporting because since they come up of our security team, we've had the need to have a lot of reporting and so they're just like, "Oh, give me these logs, give me those logs." I'm like, "All right, so let me pull it up from BetterCloud and show you what's happened, what actions admin have taken and we can get you whatever you need." So a lot of the reporting makes it really easy for us.

Jim Brennan: Great. And, of course, that's one of the benefits of having a centralized platform is you're able to funnel all that activity through that and then all of this become that much more meaningful. Right?

Jim Brennan: And we talked a bit about the partnership. One of the things that's really important to BetterCloud is the notion of community. We've built up a strong community and we are definitely moving in a direction of empowering the community to share workflows and to share that knowledge even more directly. Tell me a bit, I'll start with you Jay, about how that could provide benefit to you and how you might use something like that.

Jay Feliciano: Oh, for sure. I think all of us, we tend to operate in silos from time to time, thinking about our problems only exist within our company. Really jumping into even just using the BetterCloud Slack channel, right? Being able to speak with other industry professionals, dealing with similar things, and you'll source out a lot of the answers that you're looking forward just based on a quick conversation you can have with a group of people that you actually haven't physically met in person, which is pretty awesome. That alone right there kind of helps us out a lot.

Jay Feliciano: And then, being able to like if we see that something doesn't exist or if there's like a feature, like, hey, we would really like to see this, we jump in, we will submit those feature requests and it's pretty interesting at how quick you guys jumped on that. Being able to have that and actually influence the way that the platform goes and moves, so it's nice seeing that the community really helps drive BetterCloud together.

Jim Brennan: Excellent. Well it's like, I think Raul said we're all in this together, right?

Jay Feliciano: Definitely.

Jim Brennan: Yeah. And the more we can learn from each other, the better off we all are. Right?

Jim Brennan: Well, this has been really excellent. We do have some time for questions from the audience to throw you some curve balls. So, I believe there's a mic floating around, a mic or two somewhere. If you have any questions, go ahead and raise your hand. Please, don't be shy. We've had some great discussion here, but I'm sure there's more.

Jim Brennan: Any questions?

Jim Brennan: Okay. Well I'm sure that the panelists don't mind sticking around for a few minutes afterwards. If you have any questions, please come up. I want to thank you for being here and I would encourage you to come visit the BetterCloud booth on the expo floor. You see a couple of white hoodies floating around here. We may be able to get you one of those if you stopped by the booth, but more importantly, to learn more about the product and to understand how we can help you in this area and how the integration with Okta can help you as well.

Jim Brennan: Was there a question over here? I saw ... Yeah.

Speaker 6: Hi. We use a BetterCloud as part of our lifecycle management to do something like, for instance, when somebody has data in a SaaS app, when they are offboarded, we use BetterCloud workflow to migrate the rights of that data to the manager. Is there anything like that, that any of your companies have leveraged to maybe give me some ideas to bring back to things we do?

Jim Brennan: Yeah, it's a great use case.

Jay Feliciano: Yeah. So that's actually really good one because something similar that we kind of worked on as well. When someone leaves, obviously, all that data stays floating around and it doesn't really go anywhere if you don't do anything with it. So being able to go through and knowing what apps you're offboarding the person and you can kind of set a lot of those. So, a good example when someone is off boarded with us, we're wiping calendars or transferring meetings, we're reassigning Google docs over to people. If a person has data inbox and that needs to be retained, we can either move that to like a container account of we need to maintain that data or, again, switch it to their manager, so their manager can figure out what to do with it. I mean even all the way down to, sending out emails to teams like, "Hey, just letting you know that this person was offboarded recently." So just that window of visibility that wasn't there for like a lot of managers that's really helped a lot with that.

Jim Brennan: That really speaks to that idea of interactions and understanding in a persistent way what those interactions look like. It's more than just understanding maybe who connected to what resource but understanding ownership and what they belong to and what resources were assigned. So that's a great, great use case.

Jay Feliciano: Even one more to add to that too, is I know Slack has released some updates recently about when users leave and integrations and whatnot, when you're offboarding people now, you can set it, you can get integration logs from Slack so you know exactly what the person has integrated and what could potentially fail, which is again, super helpful.

Jim Brennan: Great. I think there was one more question. Yeah.

Speaker 7: My question is more on top of that last what you were saying on the workflows. Do you have any switches that, so if someone's being offboarded? I know that it's automatically going to the manager, but is there a workflow before that to have a question out to the manager to initiate that workflow if they don't need it or if they're not supposed to get it? Because there's some information, even though it's coming from an employee to a manager, the manager should not see that information.

Jay Feliciano: Got you. I see what you're saying. Yeah. There's definitely gates that you could put in place. I know with a lot of the workflows you can set spaces in between the actions, right? So when something starts to happen, you can have it shoot out an email and whether that email is requesting permission to allow this to occur or if you're looking at maybe reaching out to, again HR, you can add those steps in where, when the person's offboarded, Manager A requires that data from User B is assigned over, that can shoot out an email automatically over to HR and they can approve it, reply back, and the process can continue for sure.

Jim Brennan: Any additional questions for our panel? Yep. Right here.

Speaker 8: Hey, thanks for the talk. What do you do about your vendors whose user management doesn't integrate with BetterCloud? Does your company's even allowed that at this point?

Jim Brennan: You're saying when the BetterCloud platform does not have a native integration?

Speaker 8: Exactly.

Jim Brennan: Yeah. So we just recently came out with an API to facilitate some of those use case, and I believe many, if not all of you, are making use of that API. So if there's anything you can share about that experience. I know Jay, you guys were looking at doing some integrations with that.

Jay Feliciano: Definitely. Anybody else want to jump in first?

Peter Barnett: Sure. We aren't currently utilizing it. We were just educated on it recently when we had our onsite experience. But it's a great tool especially being shown how it works. It's very flexible. But any integration that isn't currently supported by BetterCloud is okay, as long as we have it ... Basically, when we walked into Bird, when we first started, I walked into, when you're a kid and you dump out your Legos and none of them were organized, you don't have the instructions. It's pretty much what I walked into. So, recently we just got them all separated by color and organized and now we can start.

Jim Brennan: That's the analogy you were looking for.

Peter Barnett: It's a new one. But yeah, I was looking ... So, basically having the org set up in a way where you can use that manager attribute, getting to a point where you can just do the plug and play with the manager title. You don't have to be specific. It's built in. The complication is depending on what your source of truth is, if it's not Okta, If you're using a different directory service, your HRS system, it can complicate that a little bit.

Jim Brennan: Yep.

Jay Feliciano: And then also jumping onto the API thing again. There's apps that don't currently have any connectors today, but the way you can create a lot of these connections with the API is super straight forward. You don't have to be a backend engineer to be able to figure this stuff out. Like I was saying earlier, an engineer or someone who's never seen it before could literally just sit down and figure it out and do it.

Jim Brennan: Okay. Well, I want to thank Jay, Peter, Karl, and Raul. It was a real pleasure to have you today and I know we all enjoyed hearing about your experiences.

Jim Brennan: I want to thank everybody for coming. And again, please come visit the BetterCloud booth, we'd love to talk to you about the platform and the integration with Okta, and get you that Hoodie. So thanks for coming.

Have you thought about what comes after securely connecting users to their applications? Do you have insight or control over your users' activity in SaaS applications, including the files and data they share inside and outside your organization? These apps make collaboration easy and boost productivity, but they also create potential nightmares for Security & IT with the risk of insider threats. Join this panel discussion lead by BetterCloud with speakers from Bird, Peloton, Juul Labs to learn how you can leverage Okta and BetterCloud to deploy a systematic approach to manage and secure user interactions.