Dark Rhino Security (DRS) wanted to provide a comprehensive Single Sign-On (SSO) for customers using the DRS managed Identity and Access Management (IAM) service built on Okta™ Identity Cloud. However, the company initially saw only three options: cost-prohibitive licensing from one or more software vendors; an internal development project that would take too long, cost too much and distract developers from more strategic tasks; or requiring customers to spend their own development resources to implement SSO – which could delay time-to-value for existing customers and make future deals harder to close.
With the cloud-based Datawiza platform, DRS now provides instant SSO support for customers accessing the support tools of its managed service. It has also enabled each DRS IT staff member to reduce the number of login IDs required to support customers from a couple dozen to just one.
The DRS Service
Targeted at mid-sized businesses with under 5,000 employees, the DRS Oktabase IAM service enables companies to implement a modern and highly secure solution for identity management without retaining the IT resources and security expertise to implement and manage the solution themselves. The DRS service can also be implemented far faster than what companies could manage on their own. In fact, most of Dark Rhino’s customers have small IT staff of just one or two employees – who typically don’t have the time or security expertise to implement and maintain an IAM solution.
“Companies trying to implement Okta themselves often lack the critical security expertise to ensure the integrations with their applications are done right the first time,” said Cazel, who was hired at Dark Rhino because of his deep security expertise. “Dark Rhino [now with Datawiza] accelerates the time to value while ensuring security best practices.”
DRS also uses Okta for identity management for its own IT staff who support the customer implementations.
The SSO Challenge
The DRS service is supported by Elasticsearch and Kibana for event logging and analysis. For many customers, DRS spins up several databases and additional open source tools. To manage user access to applications, customer administrators regularly access these databases and tools. Without SSO support, the administrators needed to maintain separate usernames and passwords for each database and tool. Logging into customer systems was also frustrating and time consuming for the seven DRS staff members managing the systems for customers. Each analyst had a unique username and password for as many as 20 databases across their client accounts.
Not having built-in SSO to offer as part of the DRS service meant customers had to live with the frustration, launch their own DIY SSO project, or hire expensive consultants to deliver it. This was not compatible with DRS’s mission to deliver fast and affordable support for Okta. Besides, having customers DIY their own SSO support carries security risks, since most developers lack the right kind of security expertise for such projects. These risks carry the potential to undermine the value of the DRS solution. In addition, some potential DRS customers have SOC 2 auditing compliance requirements. Without a compliant SSO solution, supporting SOC 2 would have forced DRS to prevent these companies from accessing the databases deployed on their own infrastructure.
“The reason we developed our service was to offer small businesses affordable access to an optimal security environment, which means we want to provide the open source software components of our solution for free,” said Cazel. “We just can’t add an expensive licensing cost to our solution, and requiring customers to spend their own development resources to implement SSO and possibly introduce vulnerabilities is also unacceptable.”
Finding a Solution
Solving the SSO challenge wasn’t easy. Kibana has its own licensing model, and DRS considered upgrading to the enterprise-tier license and purchasing the SSO support. However, the cost would have been astronomical. Dark Rhino also uses open source tools that have no built-in capability at all, and the Kibana license would not have helped with these.
As an Okta partner, DRS also looked at the Okta Access Gateway. While this solution had potential, it was also far too expensive to enable DRS to continue providing its low-cost service.
Some open source tools have third-party plug-ins that facilitate SSO, but these are developed and maintained on GitHub, so there are no SLAs or support for them, which made DRS – and potential customers – wary.
Datawiza provides a no-code platform for integrating open source tools, homegrown apps and other legacy applications and services to any IDaaS platform, including Okta, Azure AD, Auth0, Google and Amazon Cognito. Datawiza acts as an access broker between any application and any IDaaS, which enables businesses to centrally manage support for SSO and multi-factor authentication (MFA) across all their applications, located anywhere – in multiple public and private clouds and on-premises. Datawiza was also built by an experienced team with deep security expertise.
“Because Datawiza is a cloud-based solution that supports multiple IDaaS providers, we would be able to use a single Datawiza Access Broker for a single license fee to support all our customers and internal staff,” said Cazel. “Over a period of just two or three days, we set up a pilot on an internal database, saw how easy the solution was to deploy and use, and quickly rolled it out to a group of initial customers over another two or three days. So over a period of about a week, we were rolling out a vital new capability to customers, while eliminating a constant source of distraction and frustration for our staff.”
“Any other strategy for providing SSO would have taken weeks or months – per customer or identity platform – and would have involved significant costs and risks,” added Cazel. “Because Datawiza was built by security experts, we had confidence in it. And because it supports SSO and MFA, we are even able to automatically support customers with SOC 2 requirements – expanding our market potential.”