CaseWare equips the audit and accounting industry with a host of cloud and desktop tools. Its customers receive actionable insights that empower them to exceed their clients’ expectations. With strongDM, CaseWare provides resource access to its teams, empowers its developers to handle emergency alerts, and even creates auditable just-in-time access requests through Jira and Slack.
strongDM is a must-have for a cloud-native team. The time savings were noticeable on day one. That’s what matters to our team, and what we’ve been tracking.”
Nicholas SkoretzCloud Infrastructure Engineer
Scattered Access Management Created Technical Debt
CaseWare struggled with multiple sources of truth for access management. For example, secret managers stored expired keys. Legacy machines accessed data without any explanation or standardized management, and new team members found themselves searching multiple repositories before finding the right key or method to access a particular box. Onboarding could take months.
A significant problem lay in the tools CaseWare used – or the lack thereof. CaseWare used a variety of secret repositories, including AWS and Github. The company reached a point where it needed to move on some of its technical debt, eliminate undocumented patterns, and ultimately simplify user access. The infrastructure operations and DevOps teams felt the most pain, dealing with daily tickets to access resources.
CaseWare Simplifies Incident Response with strongDM
Former co-workers of Nicholas Skoretz, Cloud Infrastructure Engineer at CaseWare, steered him toward strongDM. After researching several options, CaseWare chose strongDM because the demo showed exactly how useful the tool would be.
strongDM empowered CaseWare’s developers to take over some round-the-clock responsibilities from the Ops teams. Before strongDM, infrastructure operations answered each alert, even those unrelated to infrastructure, and then escalated it to someone else. This two-step approach meant spending several minutes at the start of every ticket trying to figure out how to access this or that specific box. It was a serious pain point.
Using the libraries and SDKs strongDM offers for extensibility, CaseWare wrote their own middleware to interact with PagerDuty. Now, DevOps can handle tickets directly. If an incident happens relating to their applications and the servers on their applications, they'll automatically get access for the life of the PagerDuty alert. And strongDM’s SSO integration and SCIM integrations have enabled CaseWare to quickly manage access to almost every box in the environment.
This Must-Have Tool Saves Time and Strengthens Access Control
Time savings have been the most significant benefit for CaseWare. Support has shaved minutes off incident response times, which is critical. Onboarding is seamless and much more straightforward, and users can access the infrastructure on day one.
Additionally, the company has more control over access and an increased security posture.
“strongDM helped us mitigate the log4j vulnerability that affected the industry. Having decision makers on call to log in to the server in 15 seconds helped immensely with quick mitigation, as did full sessions available for playback,” Skoretz said.
Overall, strongDM is a must-have tool for CaseWare. “On the surface, it’s simple and easy to use, but that doesn’t hide the extensibility,” Skoretz said. "It didn’t take long for strongDM to insert itself into our workflows, but it hasn’t changed them. It’s just easier, and that’s what I like most about it.”