Ironclad Shrinks Attack Surface and Onboarding Time with strongDM

Ironclad is leading the charge to free up legal professionals from administrative work. It focuses on turning contracts into business assets, allowing teams to extract valuable information to drive business decisions. By choosing strongDM, Ironclad freed up its own professionals to focus on improving its product, rather than manually managing infrastructure and user access.

Reducing Costs and Improving Compliance

Ironclad struggled with two main issues: managing endpoint access and auditing activity.

VPNs were expensive from both a budget and maintenance perspective. They required significant effort to maintain, but didn’t provide the evidence auditors required to fulfill SOC 2 compliance requirements. Specifically, VPNs were not sufficient to prove that Ironclad prevented unauthorized access to its databases.

As Ironclad evaluated options, they needed a solution that could fulfill SOC 2 requirements and support its entire backend stack, including the DBMS from a recent acquisition.

Granular Level Auditing Tops the List

A few employees at Ironclad had used strongDM at previous companies. They recommended it because it was easy to set up – particularly on the Kubernetes side. Ironclad did its due diligence, and its decision-making team of five made a unanimous choice. They chose strongDM for its ability to conduct granular level auditing and grant temporary access to resources. And they liked that strongDM integrates with G Suite and allows the team to forward logs to Datadog and set up Slack alerts.

Query logging and SSH replay sessions are some of the most useful features, according to Nate Schlitt, Software Engineer. The team can see what the user typed and the commands executed.

“Just being able to see everybody’s queries against the database – that granular level auditing, I can’t stress enough how big of a win that was,” Schlitt said. “Being able to see every user’s query, connection access, and network access is fantastic.”

Onboarding Time Dramatically Slashed

The most significant benefit for Ironclad has been the time saved onboarding new users. Ironclad uses Google Groups, and when a user is added to the Google Group, they also get automatic access to resources via strongDM. The team can drag and drop a new user into a role that matches the Google Group, automatically assigning access. This ensures least privilege permissions are assigned by default for all new hires. Before strongDM, any new accounts and local provisioning had to be manually configured.

With strongDM, Ironclad reduced the attack surface in two ways. First, the company no longer distributes database credentials to staff. Instead, staff authenticate using Google. As a result, the underlying credentials can’t be compromised because they are never stored locally on staff workstations. Ironclad also restricts access to isolated subnets by leveraging strongDM’s egress-only proxy that ensures traffic only communicates with the proxy. This protects the back end systems from unauthorized access.

Best of all, by reducing its administrative overhead with strongDM, Ironclad now has more time and energy to help legal professionals streamline their own work.