Divvy Homes uses strongDM to enforce security best practices with granular auditing, automated provisioning, and just-in-time access.
Divvy Homes aims to make homeownership accessible to everyone. With flexible financing, potential buyers can save for a downpayment while living in dream home as renters. Divvy’s technical team needed an operationally lightweight way to grant secure access to resources as its workforce grew. StrongDM simplifies onboarding and offboarding, enables just-in-time (JIT) access for on-call engineers, and provides a granular audit trail to help Divvy’s security team ensure that the right people are accessing the right parts of the network.
StrongDM Simplifies Access for Divvy's Expanding Team
Before StrongDM, the development team at Divvy managed access manually, with SREs granting and revoking access (or provisioning temporary access) through TCP directly. This method worked with a smaller staff–as David Schlesinger, Head of Security & IT, puts it, “you’ve got to start somewhere”–but as more and more people joined the organization, keeping track of who had what access got a lot harder.
Our team is distributed across the United States. We all work remotely, and needed a better way to manage access to everything.
David SchlesingerHead of Security & IT
The team needed an operationally lightweight way to grant engineers secure access to resources. According to David Schlesinger, they had everything they needed; they just needed to find the right tool. Divvy evaluated several Zero Trust and infrastructure access solutions. The company chose StrongDM because it was the easiest to use, and it ticked all the boxes, including:
- Comfortable user interface/straightforward desktop client.
- Good integrations, including Slack (for just-in-time access) and Datadog.
- Granular auditing and session capture.
- Convenient command-line tool.
- Deployable through Kubernetes.
- Tool-agnostic (e.g., you can use your preferred SQL client).
The team also likes the way StrongDM sits within their infrastructure. According to David Schlesinger, “The network topology is straightforward, and it’s very easy to spin up additional gateways or relays as needed.”
StrongDM Empowers Security Best-Practices
Ease of deployment was one of the big selling points of StrongDM. Divvy uses Okta for identity management, so David simply created a group for users who needed StrongDM access. He decided what base-level resources engineers required and was able to automatically provision all those accounts. Users caught on very quickly.
The trial was full access, so it was easy to roll out once we became a paid customer. –David Schlesinger, Head of Security & IT
Now, life is much happier for the SRE and platform teams. With StrongDM, Divvy no longer has to manage resources within a VPN. Admins can provision access to precisely the right resources based on a user’s identity, including just-in-time access. StrongDM provides a granular audit trail so Divvy admins know who did what, where, and when.
StrongDM also makes it easier to work toward security best practices such as Zero Trust. Divvy plans to pursue SOC 2 to demonstrate its state-of-the-art security program to potential partners.
Divvy Uses StrongDM for Auditing, JIT, and More
StrongDM has become an essential tool for the Divvy technical team, particularly when it comes to onboarding/offboarding, JIT access for Kubernetes and datasources, and auditing user access.
StrongDM makes it easy for Divvy to quickly and confidently onboard and offboard users by automating much of the process. David Schlessinger, head of Security & IT, notes, “I want to know that when we deactivate an account in Okta, the user has lost access. It's a lot easier when everything just works automatically.”
Providing just-in-time access to on-call engineers has been another big-time saver for Divvy. Before StrongDM, engineers had to get help from an SRE, which involved a lot of waiting and wasted time. Now, they simply request the access they need for the time they need it.
Divvy needed a way to audit access to ensure that accounts were properly provisioned and that access was revoked when engineers no longer needed it. With StrongDM, admins can easily track every resource that every user has access to, including all the commands they run.
And that’s not all. Divvy has found new ways to use StrongDM, not only managing access to internal resources but also securing different websites behind the platform. With its user-friendly design and top-notch support, StrongDM gives Divvy confidence that the right people are accessing the right parts of the network. Plus, says David Schlessinger, “I just think that StrongDM is a cool piece of technology.”