With Push, Inductive Automation got complete visibility across their SaaS identities, apps, and integrations, allowing them to consolidate tools and stop chasing false positives from previous solutions.
Inductive Automation, a software company for high-tech manufacturing, needed a way to reduce the security risks associated with unmanaged cloud identities, apps, and integrations.
Push helped Inductive find and secure shadow accounts and apps with high-fidelity data that didn’t interfere with employees’ productivity.
Inductive was able to consolidate tools with Push and close a gap in their identity security program, all while improving their return on investment in SSO and their password manager.
Business challenge
As the software partner to critical industries in 100 countries, including nuclear power, water systems, pharmaceutical manufacturing and data centers, Inductive Automation deeply values security.
“An issue with our software could cause downstream effects that have massive ramifications.”
Over the past decade, Inductive has built a security team that prioritizes nimble solutions to complex problems while supporting a business that has scaled rapidly, with 30 percent growth year-over-year for multiple years. Inductive’s workforce is also highly skilled, with about 70 percent of the company in technical roles.
To secure identities and apps in the cloud, Inductive needed an approach that would not disrupt their velocity while also closing the security gaps for a long tail of powerful apps and integrations.
Technical challenge
With a strong strategy around centralizing identity via SSO, Inductive’s security team were paying close attention to the explosion of third-party apps and integrations that could access critical business systems and data while flying under the radar.
I was always worried about the gaps, like what about the apps that don’t have SSO or don’t have MFA?” Jason said. “Everything, every major breach you read of, goes back to identity in some way. So protecting those identities is just like a foundational component of a modern security program. You can’t protect what you don’t know. So if you have people spinning up apps with weak passwords and no MFA, and you don’t even know that app exists. I mean, it’s just a massive potential issue for you."
The security team embraces a “guardrails, not gates” approach.
With Inductive’s culture of experimentation and innovation, the security team embraces a “guardrails, not gates” approach. So legacy cloud access security broker (CASB) solutions were a poor fit for multiple reasons.
“So we really wanted to wrap our heads around what people were doing in a way that wasn’t heavy and draconian,” Jason said. “We didn’t want to proxy all traffic and decrypt it all and break sessions. And, you know, weaken some of the fundamental security of internet browsing so we could get that visibility and then cause performance impacts as a result.”
Other market solutions were so niche, they only tackled part of the problem, and for a while, Waits’ team used two tools in order to manage OAuth apps and to find and secure shadow SaaS and accounts.
But the solutions didn’t “spark joy,” he said. They relied on data sources like email that were prone to false positives — what Jason calls “chasing ghosts.”
They started looking for a modern solution that could validate their security controls across a portfolio of managed apps while finding and fixing issues on the unmanaged ones, too.
“We were trying to look at the lightest way we could get that visibility, and wrap our heads around this problem in a way that's very user-friendly,” he said.
Solution
Inductive chose Push after a competitive vendor review. With Push, the Inductive team was able to get rid of two other security tools, saving budget and time. With high-fidelity data from Push’s browser activity detection approach, they now confidently rely on Push as the source of truth for their cloud app portfolio.
“So with Push, we loved the UI/UX and we loved the founders’ vision. We got a tool that was better quality and we reduced another vendor, so that’s always a win.”
Inductive chose Push after a competitive vendor review. With Push, the Inductive team was able to get rid of two other security tools, saving budget and time. With high-fidelity data from Push’s browser activity detection approach, they now confidently rely on Push as the source of truth for their cloud app portfolio.
“We’re not mandated to do a bunch of bogus compliance stuff. So we don’t buy tools to check boxes. Everything we do, we do it to solve a problem,” Jason said. “But the whole ‘Does it spark joy?’ is my benchmark. So with Push, we loved the UI/UX and we loved the founders’ vision. We got a tool that was better quality and we reduced another vendor, so that’s always a win.”
Broad visibility across apps and OAuth integrations
By providing broader visibility with more accurate data across cloud identity, third-party cloud apps, and OAuth integrations, Push helps Inductive get a complete picture of their ecosystem.
Push helped Inductive find and secure apps used only in pockets of the organization and get them managed centrally.
Automated remediation
“Automation is in our name,” said Jason, so Push’s automated remediation workflows were a huge draw.
Push’s use of a Slackbot to directly engage end-users to help them make simple but meaningful security improvements was a perfect fit for Inductive’s culture. This approach offloads Inductive’s security team while also being more effective: “It’s not someone from the security team reaching out and saying, ‘Hey, what are you doing?!’ It feels less accusatory if it’s a Slackbot,” Jason said. It’s also a much more scalable solution for their 4-person team.
Easy deployment
With Inductive’s managed Chrome browser program, they were able to deploy the Push browser extension to 99 percent of their devices in 5 minutes in the middle of a regular workday. The deployment was so seamless that they received no help desk requests, Jason said.
Return on investment
Push also helps Inductive improve their return on investment in a recent migration to a new enterprise password manager and an ongoing emphasis on centrally managing apps via SSO. They use Push’s detection of shadow apps and accounts, as well as its password manager detection capabilities, to close the gaps they find.
A foundational source of truth
Push has become a trusted source of truth for Inductive’s cloud portfolio, providing the foundation for their vendor risk management program.
“We have a cybersecurity strategy we’re implementing company-wide with a big identity component. So being able to validate that is just super critical. Otherwise it’s all a paper policy,” Jason said. “We don’t like to say we’re going to do something. We like to do it and validate that we are doing it. It only takes one little incident, one little crack, so staying on top of this is just really important for us.”
Jason Waits is the chief information security officer at Inductive and leads a team that oversees multiple security domains, including data protection, network security, vulnerability and risk management, detection and response, incident management, and cloud security. Jason is a SANS Lethal Forensicator coin holder and won the US Cyber Challenge in 2017.
Inductive Automation is a leader in SCADA software services for high-tech manufacturing and other critical industries such as pharma, nuclear power, water management, and data centers. Inductive is headquartered in Folsom, California, and was founded in 2003.
With Push, Inductive Automation got complete visibility across their SaaS identities, apps, and integrations, allowing them to consolidate tools and stop chasing false positives from previous solutions.
Jason Waits is the chief information security officer at Inductive and leads a team that oversees multiple security domains, including data protection, network security, vulnerability and risk management, detection and response, incident management, and cloud security. Jason is a SANS Lethal Forensicator coin holder and won the US Cyber Challenge in 2017.
Inductive Automation is a leader in SCADA software services for high-tech manufacturing and other critical industries such as pharma, nuclear power, water management, and data centers. Inductive is headquartered in Folsom, California, and was founded in 2003.
Inductive Automation, a software company for high-tech manufacturing, needed a way to reduce the security risks associated with unmanaged cloud identities, apps, and integrations.
Push helped Inductive find and secure shadow accounts and apps with high-fidelity data that didn’t interfere with employees’ productivity.
Inductive was able to consolidate tools with Push and close a gap in their identity security program, all while improving their return on investment in SSO and their password manager.
Business challenge
As the software partner to critical industries in 100 countries, including nuclear power, water systems, pharmaceutical manufacturing and data centers, Inductive Automation deeply values security.
“An issue with our software could cause downstream effects that have massive ramifications.”
Over the past decade, Inductive has built a security team that prioritizes nimble solutions to complex problems while supporting a business that has scaled rapidly, with 30 percent growth year-over-year for multiple years. Inductive’s workforce is also highly skilled, with about 70 percent of the company in technical roles.
To secure identities and apps in the cloud, Inductive needed an approach that would not disrupt their velocity while also closing the security gaps for a long tail of powerful apps and integrations.
Technical challenge
With a strong strategy around centralizing identity via SSO, Inductive’s security team were paying close attention to the explosion of third-party apps and integrations that could access critical business systems and data while flying under the radar.
I was always worried about the gaps, like what about the apps that don’t have SSO or don’t have MFA?” Jason said. “Everything, every major breach you read of, goes back to identity in some way. So protecting those identities is just like a foundational component of a modern security program. You can’t protect what you don’t know. So if you have people spinning up apps with weak passwords and no MFA, and you don’t even know that app exists. I mean, it’s just a massive potential issue for you."
The security team embraces a “guardrails, not gates” approach.
With Inductive’s culture of experimentation and innovation, the security team embraces a “guardrails, not gates” approach. So legacy cloud access security broker (CASB) solutions were a poor fit for multiple reasons.
“So we really wanted to wrap our heads around what people were doing in a way that wasn’t heavy and draconian,” Jason said. “We didn’t want to proxy all traffic and decrypt it all and break sessions. And, you know, weaken some of the fundamental security of internet browsing so we could get that visibility and then cause performance impacts as a result.”
Other market solutions were so niche, they only tackled part of the problem, and for a while, Waits’ team used two tools in order to manage OAuth apps and to find and secure shadow SaaS and accounts.
But the solutions didn’t “spark joy,” he said. They relied on data sources like email that were prone to false positives — what Jason calls “chasing ghosts.”
They started looking for a modern solution that could validate their security controls across a portfolio of managed apps while finding and fixing issues on the unmanaged ones, too.
“We were trying to look at the lightest way we could get that visibility, and wrap our heads around this problem in a way that's very user-friendly,” he said.
Solution
Inductive chose Push after a competitive vendor review. With Push, the Inductive team was able to get rid of two other security tools, saving budget and time. With high-fidelity data from Push’s browser activity detection approach, they now confidently rely on Push as the source of truth for their cloud app portfolio.
“So with Push, we loved the UI/UX and we loved the founders’ vision. We got a tool that was better quality and we reduced another vendor, so that’s always a win.”
Inductive chose Push after a competitive vendor review. With Push, the Inductive team was able to get rid of two other security tools, saving budget and time. With high-fidelity data from Push’s browser activity detection approach, they now confidently rely on Push as the source of truth for their cloud app portfolio.
“We’re not mandated to do a bunch of bogus compliance stuff. So we don’t buy tools to check boxes. Everything we do, we do it to solve a problem,” Jason said. “But the whole ‘Does it spark joy?’ is my benchmark. So with Push, we loved the UI/UX and we loved the founders’ vision. We got a tool that was better quality and we reduced another vendor, so that’s always a win.”
Broad visibility across apps and OAuth integrations
By providing broader visibility with more accurate data across cloud identity, third-party cloud apps, and OAuth integrations, Push helps Inductive get a complete picture of their ecosystem.
Push helped Inductive find and secure apps used only in pockets of the organization and get them managed centrally.
Automated remediation
“Automation is in our name,” said Jason, so Push’s automated remediation workflows were a huge draw.
Push’s use of a Slackbot to directly engage end-users to help them make simple but meaningful security improvements was a perfect fit for Inductive’s culture. This approach offloads Inductive’s security team while also being more effective: “It’s not someone from the security team reaching out and saying, ‘Hey, what are you doing?!’ It feels less accusatory if it’s a Slackbot,” Jason said. It’s also a much more scalable solution for their 4-person team.
Easy deployment
With Inductive’s managed Chrome browser program, they were able to deploy the Push browser extension to 99 percent of their devices in 5 minutes in the middle of a regular workday. The deployment was so seamless that they received no help desk requests, Jason said.
Return on investment
Push also helps Inductive improve their return on investment in a recent migration to a new enterprise password manager and an ongoing emphasis on centrally managing apps via SSO. They use Push’s detection of shadow apps and accounts, as well as its password manager detection capabilities, to close the gaps they find.
A foundational source of truth
Push has become a trusted source of truth for Inductive’s cloud portfolio, providing the foundation for their vendor risk management program.
“We have a cybersecurity strategy we’re implementing company-wide with a big identity component. So being able to validate that is just super critical. Otherwise it’s all a paper policy,” Jason said. “We don’t like to say we’re going to do something. We like to do it and validate that we are doing it. It only takes one little incident, one little crack, so staying on top of this is just really important for us.”
