Shifting mindsets with a certified and secure cloud IAM environment
to set up Okta IAM and complete the audit for four ISO security certifications
to deploy Okta on flex’s infrastructure as Infrastructure as Code (IaC)
customers registered in three years
- Certified for international standards (ISO) on data protection and privacy management systems to meet the high security demands of customers
- Realising a strategic security architecture
- Establishing a new corporate culture with IAM
- Enhances employee efficiency through various automation features
- A continuous journey to improve customer experience
Flex set up Okta in just nine months after appointing a chief information security officer (CISO) and creating a security team in 2021. They acquired important data security certifications, including five for international standards, such as ISO 27001 (Information security management) and ISO 27701 (Cloud Information security management systems), and ISMS-P, the toughest certification to get in Korea. It is the first Korean HR platform to have received these certifications, and Okta’s Workforce Identity played a significant role in the audit process for security certifications.
To create the security architecture that was requested by the security team at flex, the team had to develop a number of different solutions. Okta enabled them to complete the integration of more than 50 security solutions as well as numerous in-house applications in just a couple of weeks. This brought the team closer to their goal of creating the layered architecture that the security team was pursuing and of completing the audit.
When building IAM architecture in a legacy environment, most IT teams are reluctant to be the owner of IAM. This is because it is difficult to manage IAM in a legacy environment. However, once they began using Okta, this was no longer a challenging task and thus the flex security team was able to take ownership of IAM. This facilitated the integration process with the security system and in-house applications. Being able to do this changes the corporate culture for IAM management through the introduction of Okta solutions.
The flex team uses a number of security automation features of Workflows among the various other features of Okta. There are a lot of SaaS services out there that provide workflow automation, but Okta Workflows is run within the Okta system meaning that there is more emphasis on the security aspect of the automation. flex deployed Okta Workflows for enhanced security and work automation to not only improve convenience but to also manage security risks that may arise in the process.
The flex team is constantly upgrading their products to enhance the customer experience, of which security is a vital element in the journey. They have not only obtained diverse security certifications but are also reflecting security requirements on their products. They are also upgrading their services to ensure that companies and organizations in different industries, not only those in the commercial sector and enterprises, but also the public and financial sectors, choose flex, their HR platform.
From our experience so far, applying service and system access control to over 1,000 servers and a container environment meant a huge amount of work that would take at least several months and a lot of effort to complete. The flex team, however, finished applying Okta features on the entire infrastructure in just days. What's more, it only took two hours to apply Okta as IaC on our infrastructure, which is incredible work efficiency based on my past experience and is the best experience I've ever had.
Flex security team
Gaining customer trust as the first HR platform to acquire certification for international standards on data protection and privacy management systems
When it comes to employee policies in Korea, a lot of it is still in their infancy. Words like diversity and inclusion can be found in the handbooks, with its actual definition being open to interpretations. A case in point is the comprehensive wage system. The comprehensive wage system is a business practice that includes overtime compensation in the employee's regular pay. It calculates the monthly wage by adding a fixed amount of overtime compensation without any precise calculations. Although the system helped propel economic growth in Korea, the number of people who could no longer endure long hours of work and experienced job burnout has increased in many industries including IT, which has increased calls for legislation to be introduced that abolishes the system.
In 2019, one IT giant announced that they had terminated the comprehensive wage system. This sparked an industry-wide debate on whether to introduce a pay-for-performance system. This was followed by an increase in demand for an overhaul of the performance evaluation system and the employee benefits scheme.
In May that year, the Flex team launched a beta version of Flex, which placed an emphasis on time and attendance tracking, in line with the abolition of the comprehensive wage system and the newly introduced 52-hour workweek system. The team later added a series of new features, including payroll settlement, electronic contracts, workflow management, year-end settlement, and the provision of other insights. Flex, which had begun with a meagre three customers, grew at an exponential rate and soon drew in 2,000 customers in just six months by 2020, and went on to achieve the remarkable feat of securing 40,000 registered customers as of January 2022, three years since it had rolled out the service.
Supporting rapid growth with a secure infrastructure
As the service expanded at break-neck speed, security became a prominent issue. COVID-19 served as a trigger for rapid digital transformation in the corporate world, and businesses were increasingly adopting cloud-based software. But many companies maintained a conservative view on moving to the cloud due to privacy and security concerns, such as the leakage of confidential data like wage rates and family information.
To address these concerns, the Flex team appointed a CISO and reorganised the security team. The Flex security team developed a layered security architecture, while designing the data security infrastructure and the management system. They chose Okta's Workforce IAM as a solution for their account and authentication management, the heart of Flex's security priorities.
Innovating internal operations with Okta's Workforce IAM
The biggest reason Flex opted for Okta as an employee account and authentication management solution was their fast adaptability in an agile development environment. In the interview, the flex security team described their experience with Okta Workforce IAM, saying, "It only took us about an hour to integrate our system with AWS with Okta Advanced Server Access (Okta ASA). It then took us two days to apply it across 1,000 servers and a container environment. The integration was done faster and more effectively than any other IAM solutions we have used." Today, about 50 applications and systems deployed in Flex are integrated with Okta solutions.
Flex also leveraged the lifecycle management feature and Workflows from Okta that enabled them to turn Flex into a company with a smarter work environment. With Okta's lifecycle management feature, employers can effortlessly manage the user lifecycle that used to be managed individually in each application. While employee lifecycle management used to be a complicated workflow, the lifecycle management feature simplified the process. Users can reflect and manage revised employee information easily with Okta, such as when onboarding new hires, when an employee's position changes, even when people leave the company. This has improved their work efficiency significantly.
"The most difficult thing was retrieving the authentication given to people who left the company. Before we introduced Okta solutions, no one, not only leavers themselves but also their senior employees, the HR team, or the security team, knew the exact authentication or the scope of authentication given to those leaving," according to the Flex security team. Adopting Okta has not only allowed the team to check the leavers' authentication at a glance, but to also revoke access for different types of applications provided to them. This has become a vital element in Flex's security architecture, which pursues a zero trust security model.
Okta Workflows also laid the foundation for the organisation to work smarter. The Flex team is now managing requests from business users much more quickly with Okta Workflows. In particular, they are leveraging Workflows features to integrate with Slack and answering user inquiries on IAM or functional failures.
The security team also took full ownership of IAM at the company, after they implemented Okta, integrating it with the wider security system and internal applications. This was only possible because of the high level of automation Okta delivers.
Killing two birds with one stone on customer trust and growth
Despite only being around for a short period of time, Flex boasts of an incredibly large pool of customers from various industries and sizes. The customer base at Flex includes leading Korean companies, ranging from big conglomerates, such as SK, Hanwha, and Kakao, to unicorn companies like Moloco and NPIXEL. Now, Flex is on a journey to evolve into an HR platform that meets the security demands of more diverse customers.
Customers are keen on using the insights Flex provides to generate contextual data that show whether their employees are thriving within the organisation. Customers who have adopted flexible work hours, manufacturers who have not yet applied the comprehensive wage system, or companies that want to comply with the 52-hour workweek system are active users of the time and attendance tracking system. Nowadays, features like acknowledgments, reviews, feedback, and assessments are not only used as a communication channel with other employees but support a feedback culture within companies.
The Flex team is committed to going above and beyond, giving customers what they want and taking it a step further, to achieve the next level of customer satisfaction. Knowing that many customers are still hesitant about using HR SaaS, fearing that their confidential employee data may be leaked, Flex obtained four security certifications from Korea and abroad. The move has provided an objective assessment on Flex's security system in the short term and has also served as a basis for attracting new customers in the long term. As of June 2022, the Flex team has obtained five ISO certifications (ISO27001, ISO27701, ISO27017, ISO27018, and ISO22301) and a Korean certification (ISMS-P). In addition, Flex has obtained and is operating PCI-DSS, PCI-DSS, and CSA-STAR certifications.
The security team states, "Okta has played a considerable role in the audit process for various certifications. Without Okta, we would have to verify the compliance and effectiveness of each application separately. This would cause a serious delay in finally being able to receive certification, and a lot of efforts must be made to provide the back data that proves the compliance and effectiveness of our system in the audit stage. Okta enabled the Flex team to combine all audit-related information into a single format, which helped to facilitate the whole audit process."
The audit process was a fairly enjoyable experience for the team, and a pleasant one too. With Okta, they were able to provide common information that needs to be submitted for the audit, which helped to reduce the time needed for the audit. This also meant that they were able to receive certifications in a much shorter time.
An endless journey of improving customer experience
With security at the heart of everything they do, the Flex team is constantly upgrading their tools and products to enhance the customer experience. Beyond the diverse security certifications attained, the team is also upgrading their services to ensure that companies and organisations in different industries, not only those in the commercial sector and enterprises, but also the public and financial sectors choose flex their HR platform. They are working hard in the hopes that someday the flex HR platform can also become a member of the Okta Integration Network.