Zefr enables responsible marketing by using AI to help companies improve the effectiveness of digital campaigns. Its patented Cognition AI scores videos for brand campaigns, aligns with industry standards for transparency, and optimizes investments. Before StrongDM, Zefr struggled with onboarding and offboarding for technical hires. It also needed a better way to provision temporary access to on-call support teams. StrongDM helped Zefr reduce administrative overhead, implement IT and security best practices, and increase efficiency as well as happiness for the engineers.

User Offboarding Was a Major Pain Point

User offboarding caused Zefr the biggest headaches. With over 30 databases, 30 users, and a lot of turnover, the team’s homegrown automation left many accounts with too much access. A ticketing system was supposed to help with onboarding and offboarding, but since the role was delegated to whoever was free on the engineering team, decommissioning access still fell through the cracks. 

Company growth and frequent turnover made it even more difficult to track user access. Zefr had a lot of one-off microservices that were hard to reconcile with other systems, and on-call users needed privileges elevated temporarily while on PagerDuty.

Finally, auditing was nearly nonexistent. Zefr didn’t have the bandwidth or expertise to handle it properly, and with no way to track who was accessing what, the problem seemed insurmountable.

StrongDM is Simple to Deploy

StrongDM fit the price point for Zefr, and it was simple for the team to deploy through Terraform. There was minimal configuration to deal with.

“It’s modular, easy to deploy, and has straightforward documentation. Any time you get a tool like this that’s offering ease of use or good support, having good documentation that’s up to date is humongous,” said Ken Cieszykowski, Site Reliability Engineer.

Adoption happened overnight. StrongDM can discover databases and show users what they have access to in a single feed. A user can sign in via Okta or Google and immediately be ready to work. Engineers love it.

“The basic reality is that our engineers are in databases a lot. Before StrongDM, the workflow was awkward, but now, it is unambiguous where they are supposed to be. This has been a critical part of adoption for us,” said Wes Tanner, Vice President, Engineering.

Zefr Slashes Administrative Overhead by 88%

The most significant impact for Zefr has been reducing administrative overhead, particularly the time spent managing temporary access. Typically, admins spent four hours per week dealing with provisioning and decommissioning users. Now, it’s more like 30 minutes per week, and it can be handled by the IT team and folded into IT best practices.

Zefr also reaped an unexpected benefit in terms of engineering efficiency. Developers can see what they have access to and don’t have to ask for credentials. This saves time, gets them into their systems faster, and minimizes the likelihood that someone will inappropriately share their credentials.

“StrongDM makes my life easier by handling nearly all the administrative things like expiring time access, grouping resources by type, and frankly by having gateways and relays that are able to be ephemeral,” Cieszykowski said.

Zefr has also added Kubernetes clusters to its StrongDM deployment and plans to replace its SSH gateways. StrongDM has simplified how Zefr grants least-privileged access to Kubernetes by mapping each user to a StrongDM role, then plugging in their credentials.

And while auditing had seemed like an unsolvable problem before StrongDM, now Zefr can easily see what is happening within its databases. StrongDM brings together authentication, authorization, networking, and observability onto a single platform. This not only helps Zefr adhere to security best practices but also provides a clear audit trail.

Said Tanner, “Security is a necessary part of day-to-day life. In terms of how we go forward, StrongDM will continue to be part of that story. It has all the mechanisms in place for database access control that we require, and I haven’t found a competitor yet that does the same thing.”