Global petrochemical and energy asset manager Stork chooses Okta to secure its operations

250

hours a month in IT support time saved by Okta Self Service

80

Okta connected apps are accessed via a single enhanced security password

99%

reduction in time spent waiting for authentication with Adaptive Multi Factor Authentication

The world is moving towards a circular economy. Under the guiding sustainability principles of ‘reuse, repair, refurbish, recycle’, when a product reaches the end of its natural life, it’s then used to create another. To make this economic model a reality, it’s crucial that industrial assets are skillfully managed to maximise their uptime and lifespan. It’s a central principle for Stork, a company headquartered in the Netherlands that provides tailored asset management solutions designed to optimise this lifecycle. 

“We operate primarily in the oil and gas, energy, and petrochemicals industries, with a 17,000 strong workforce delivering our services worldwide,” explains Alex Voermans, Manager Technical Application, Stork.

Stork is responsible for managing and maintaining assets for some of the world’s most relied upon industries. Not only must it minimise the downtime of these assets and lengthen their lifespan, but it must also secure them from external threats. To help Stork secure its systems for its workforce and its customers, the company turned to Okta.

"Our new identity and access management solution had to provide the right people with the right access, at the right time, while giving end-users a simple dashboard for accessing all of their applications and multi-factor authentication for maximum security. Okta ticked all these boxes and more."

Alex Voermans,

Manager Technical Application, Stork

person in welder's protective clothing at work

A cloud-first secure solution

Stork’s journey with Okta began in 2016, when it made the decision to move its operations from an on-premises infrastructure to the cloud. When it shifted all of its workforce and customer applications to the cloud, Stork recognized that this required a strong identity and access management (IAM) system to retain and enhance the strong values of trust and security that have helped build the Stork brand.

Previously, Stork relied on a username and multiple password setup managed via an Active Directory. This meant that staff members often had one set of usernames and passwords to sign in to their computers and several other sets to access various applications. This was a lot to remember. Alex says he had three requirements for Stork’s new IAM system. 

“Our new identity and access management solution had to provide the right people with the right access, at the right time,” he adds, “while giving end users a simple dashboard for accessing all of their applications and multi-factor authentication for maximum security. Okta ticked all these boxes and more.”

Aggregating multiple apps reduces IT tickets

Prior to Okta, with so many passwords to remember, Stork users frequently locked themselves out of their accounts and had to call IT for a reset. This could only be done during office opening hours, resulting in frustration - particularly for people working flexibly. Inevitably, it also meant the IT desk had to clear a backlog of resets each morning. 

“We added Self Service to our Okta package in 2019, and now, every user has 24/7 access to our systems,” says Alex. 

Okta Self Service saved Stork 268 hours of help desk time that month alone. Based on a 40-hour week, Self Service frees up the equivalent work of almost two full-time IT staff members, freeing them up for more pressing tasks.

80 Okta apps accessed via a single password

Stork relies on dozens of applications to support a workforce of 17,000 and manage hundreds of client assets. Before using Okta and the move to the cloud, most of these were located on-premises and accessed via a VPN and an Active Directory. The majority of these apps have now been migrated to the cloud and connected to Okta, which simplifies access and enhances security, says Alex. 

“We have around 80 apps connected to Okta, which means we have collapsed 80 different passwords into one. Plus, our password policy for this one password can now be much stricter with more characters because you only need to remember one.”

Authenticating users while blocking bad actors

Given the sensitive nature of much of the work undertaken by Stork clients, and with external threats an ever-present reality, security is paramount for Stork. In addition to seamless Single Sign-On, which connects many of Stork’s identity stores, Stork has adopted Adaptive Multi-Factor Authentication (AMFA). This is a crucial tool that Stork relies upon to authenticate genuine users and automatically block suspicious IP addresses - a tedious task that was previously done manually and wasn’t scaleable. 

AMFA with Okta provides a significant advantage over traditional MFA both in terms of time and security. Traditional MFA with SMS is integrated with each individual app. This required 1.5 days per app and created a lag for getting appropriate levels of security on newly bought apps.  Users had to authenticate their identity for each application often via a text message. As many of Stork’s users use up to 60 apps each day, that’s a lot of text messages. Suppose an average user logs into only five apps a day and has SMS texts for two-factor authentication; that’s roughly 25 minutes a week spent on authenticating for a single user. Considering the 6,000 people that Stork has within Okta now, this represented as much as 130,000 hours a year before Okta. 

With SSO and centralised AMFA, each app is integrated in one place, so one authentication provides access to all the apps assigned to a particular user, significantly reducing the amount of authentication prompts and ensuring a smoother experience for the end user. Okta collapsed 80 different applications log-ons into one, and in the average user example of five apps a day, Okta reduced this to one. With that one log in, Okta’s AMFA further halved the number of times that an MFA challenge was required by evaluating contextual factors, and when the challenge is issued, an Okta push challenge takes a few seconds to do instead of up to a minute for SMS.  Overall this reduced the time spent on MFA from 130,000 a year down to 1,300 hours, a 99% reduction. 

And Stork’s workforce quickly got to grips with AMFA, developing the solution over time. Stork started with a rolling code, then added Push notifications and now deploys rolling numbers, says Alex. 

“We know there’s always a possibility of an attempted cyber-attack,” he says, “but with Adaptive MFA, we know we have the automation to keep us safe. Once it was up and running, users were prompted with information on how to set it up. Everyone had an email explaining how it worked, and we also have a lot of information about Okta on our Intranet, including some customised screenshots that Okta helpfully provided. It was a very smooth process.” 

Half of the 80 applications Stork uses regularly were already built into the Okta solution, so there was no additional manual integration required to run them through Okta. These include IBM Master, SAP Business by Design, and Microsoft Office 365. 

“This was really beneficial to us,” Alex adds, “as it really accelerates app deployment. When we’re in the process of renewing or assessing a new application, one of the questions we now ask before taking it on is whether it is integrated with Okta. We don’t want to sign up for any new services that can not be easily deployed via Okta.”

Eliminating red tape from the onboarding process

Okta has not only made it easier for Stork to authenticate sign-in and app use, but it also has simplified and sped up its on- and offboarding processes too. Lifecycle Management ensures that Stork no longer has to manually provision and de-provision users as new people join the company and others leave. All four of Stork’s key apps that use this functionality are pre-integrated with Okta Lifecycle Management. That includes Microsoft Office 365, so new users are ready to go as soon as they sign on. Automating the onboarding process saves at least 15 minutes in IT actioning time per user per year for each of the core 4 apps. When typical rates of joining, moving and leaving are considered, this saving could be as high as 1,800 hours a year across all domains. 

Stork is now planning to move towards an HR-as-a-Source strategy to integrate all of its HR-related systems with Okta. The business currently has HR divisions based in each region, and each division uses different processes. Once these are aligned, the planned move to HR-as-a-Source will be a simple process. 

“We use the SAP HR system, SuccessFactors,” Alex reveals, “but at the moment, we only use it to allow employees to monitor their performance and development. Eventually, I’d like to have a global overview of our HR processes integrated with Okta to centrally automate access to cloud applications for incoming and outgoing staff. This would also enable us to align more detailed requests, such as laptop tickets.”

In addition to using multiple regional processes, Stork also has four different domains to contend with. Okta joined up these domains and gave one central place to integrate with. Without this, every admin action would have to be done 4 times if a user existed in all 4 environments. This once meant that people working across multiple domains had to log in to each domain’s directory manually. Thankfully, these repetitive tasks no longer need to be carried out because Okta can read, write, and sync bi-directionally across multiple domains.

Taking flight into new markets 

Okta may soon have other domains to secure and integrate, as Stork is looking to expand into new sectors. Stork is working on producing bespoke apps to sell into new markets and says it is confident Okta will help to keep them secure. 

“To safeguard those apps and their environments, we are looking to integrate them with Okta,” Alex adds, “because why build new software when you know that you can’t beat what is already out there?”

Okta helps secure the Identity and Access Management of Stork’s global team and its customers, and Alex is looking forward to taking it on the next step of Stork’s journey. But he jokes that he is among a handful of people within the company who truly understand and appreciate the full benefits of Okta, with many of its functions now obscured by custom-built front-ends that mask its inner workings.

“Okta is an intuitive identity and access management system that our end-users hardly notice day-to-day,” he explains. “But that’s what Okta is really about, the work that’s done under the hood to secure our systems, and those of our customers. That’s what makes me sleep well at night.”

Continue your Identity journey

Get hands on with the free trial today, or get in touch with our team to discuss your unique needs.