Podium aims to simplify messaging between customers and businesses. It built a multi-product platform that helps businesses manage customer interactions, enabling them to get more reviews, collect payments, and leverage text messaging marketing campaigns. By choosing StrongDM, Podium simplified its own access management while improving its security posture and auditing practices.
"Access is automatically assigned, and it’s easy to get new engineers up and running. From the access control perspective, that is ultimately the area that has helped us out the most. And just being able to see everybody’s queries against the database, with that granular auditing–I can’t stress enough that it was a big win." -Tim Milliron, CTO
Inconsistency, Lack of Visibility Hinder Access Management
Podium’s platform has modernized how its customers do business, but its own access management needed updating. The company used a collection of homegrown tools to manage access to resources. There was no way to integrate these tools with a single sign-on (SSO) or multi-factor authentication (MFA). Admins had to review logs that didn’t always capture every detail, not only making them difficult to interpret but also prevented effective alerting. This lack of visibility meant evidence-gathering for compliance took a lot of time and effort. Security, SRE, compliance, and management teams all felt the pain.
Elasticsearch auditing queries motivated Podium to seek a new access management solution. A Podium employee had used StrongDM at a previous job, and it proved to be the first solution that could meet all of Podium’s access needs. Podium could finally let go of its hand-rolled solutions in favor of a more straightforward way to manage access.
StrongDM Increases Security and Improves Employee Experience
Podium uses StrongDM to manage database and Elasticsearch credentials and replace bastion for SSH. “It’s just a better experience to go through StrongDM for everyone–engineers, security, and compliance. It also helped us create a single access request flow for all resources and teams instead of having different ad-hoc mechanisms,” said Tim Milliron, CTO. “We’re currently in the process of deprecating more and more tools in favor of StrongDM.”
Podium now has a more secure access flow into its production resources, along with better auditing, ease of access for engineers, and better compliance tools. Due to the security improvements from StrongDM, the company can now safely grant access to resources that it previously couldn’t out of concern for risk.
Usually, usability and security are at odds with each other, StrongDM is the one tool that increases security and is actually easier to use.
Podium Saves Time and Gains Access Control
Time savings top the list of benefits realized by Podium, particularly when onboarding new users. The company leverages the integration between StrongDM and their identity provider. Once someone is added to a group, they receive access to StrongDM automatically. An admin can easily drag and drop a new user into a role making it quick and easy to grant a new engineer access to what they need. By integrating with their identity provider for authentication, Podium no longer needs to distribute database credentials to staff. As a result, Podium has also reduced its attack surface.
“From the access control perspective, that is ultimately the area that helped us out the most. With audit logging, it’s very easy for the auditors to come in and show that these are the queries being run by this person at this time,” Milliron said. “In particular, the SSH replay sessions that show what a user typed and what commands they executed help immensely.”
Podium uses StrongDM to increase employee happiness across technical departments—simplifying compliance and improving security without disrupting day-to-day operations. In Milliron’s words: “If we’re paying for StrongDM, let’s get the most out of it!”