greenhouse_logo

Greenhouse replaced VPNs with strongDM for a more convenient approach that also enforced least privilege

113

Staff

3

Database types

Windows, Linux, K8s

Why strongDM

The Greenhouse InfoSec team used VPNs to segment networks across dev, staging prod. That approach was complex to manage and frustrated staff. In order to access any databases, internal web apps or k8s clusters, engineers had to run a startup script each time. It created a lot of friction for staff. Greenhouse replaced VPNs with strongDM for a more convenient approach to network segmentation that also enforced least privilege.

Less work for InfoSec: strongDM combines a VPN, role based access control for all database and server types and web apps as well as layer 7 auditing into one single solution. It eliminated the need to maintain 6 different tools. There was no need to maintain separate VPNs, bastion hosts, credentials, keys or whitelist IP addresses. strongDM unifies authentication and access in Greenhouse’s existing SSO and standardizes 2FA in order to access any database or server.

Improve Security

The challenge of a VPN based approach to segmentation means once on a VPN “you have full unfettered access to the network environment which opens up so many vulnerabilities. If the computer you’re using to access the database has been compromised by malware, there’s a possibility it could be used as a jump off point for the attacker to get into the network and then get to the data and systems.” Greenhouse adopted strongDM in order to enforce least privilege. strongDM allows them to grant read only access to specific databases or servers instead of the entire network. That way “in the situation that an attacker might have access to a computer, they have no way of breaking into the network through that computer. The only thing that’s actually processing the data is the strongDM proxy. There’s not the risk of having these computers attached via VPN to the production network.”

After strongDM, we were able to cut their VPN access so they didn’t have that insecure access to the entire private network.

Dave Anderson

Director of InfoSec, Greenhouse Software

Improve Audit Trail

“Before strongDM, we were dependent on the database or application’s logs to provide us with the audit data we needed, which often was not enough. A lot of times most of the systems will tell you when something changes, but not when it was read or accessed. With strongDM we get full auditability into everything a person does- when they connect, what commands they type, what data they retrieve, we’re able to see everything.”

Dave-Anderson-Testimonial-Video-Widget

Ready to learn more?

See how easy it is to manage staff's access to everything.