As the software partner to critical industries in 100 countries, including nuclear power, water systems, pharmaceutical manufacturing and data centers, Inductive Automation deeply values security.
Over the past decade, Inductive has built a security team that prioritizes nimble solutions to complex problems while supporting a business that has scaled rapidly, with 30 percent growth year-over-year for multiple years. Inductive’s workforce is also highly skilled, with about 70 percent of the company in technical roles.
To secure identities and apps in the cloud, Inductive needed an approach that would not disrupt their velocity while also closing the security gaps for a long tail of powerful apps and integrations.
With a strong strategy around centralizing identity via SSO, Inductive’s security team were paying close attention to the explosion of third-party apps and integrations that could access critical business systems and data while flying under the radar.
I was always worried about the gaps, like what about the apps that don’t have SSO or don’t have MFA?” Jason said. “Everything, every major breach you read of, goes back to identity in some way. So protecting those identities is just like a foundational component of a modern security program. You can’t protect what you don’t know. So if you have people spinning up apps with weak passwords and no MFA, and you don’t even know that app exists. I mean, it’s just a massive potential issue for you."
With Inductive’s culture of experimentation and innovation, the security team embraces a “guardrails, not gates” approach. So legacy cloud access security broker (CASB) solutions were a poor fit for multiple reasons.
“So we really wanted to wrap our heads around what people were doing in a way that wasn’t heavy and draconian,” Jason said. “We didn’t want to proxy all traffic and decrypt it all and break sessions. And, you know, weaken some of the fundamental security of internet browsing so we could get that visibility and then cause performance impacts as a result.”
Other market solutions were so niche, they only tackled part of the problem, and for a while, Waits’ team used two tools in order to manage OAuth apps and to find and secure shadow SaaS and accounts.
But the solutions didn’t “spark joy,” he said. They relied on data sources like email that were prone to false positives — what Jason calls “chasing ghosts.”
They started looking for a modern solution that could validate their security controls across a portfolio of managed apps while finding and fixing issues on the unmanaged ones, too.
“We were trying to look at the lightest way we could get that visibility, and wrap our heads around this problem in a way that's very user-friendly,” he said.
Inductive chose Push after a competitive vendor review. With Push, the Inductive team was able to get rid of two other security tools, saving budget and time. With high-fidelity data from Push’s browser activity detection approach, they now confidently rely on Push as the source of truth for their cloud app portfolio.
“We’re not mandated to do a bunch of bogus compliance stuff. So we don’t buy tools to check boxes. Everything we do, we do it to solve a problem,” Jason said. “But the whole ‘Does it spark joy?’ is my benchmark. So with Push, we loved the UI/UX and we loved the founders’ vision. We got a tool that was better quality and we reduced another vendor, so that’s always a win.”
By providing broader visibility with more accurate data across cloud identity, third-party cloud apps, and OAuth integrations, Push helps Inductive get a complete picture of their ecosystem.
Push helped Inductive find and secure apps used only in pockets of the organization and get them managed centrally.
“Automation is in our name,” said Jason, so Push’s automated remediation workflows were a huge draw.
Push’s use of a Slackbot to directly engage end-users to help them make simple but meaningful security improvements was a perfect fit for Inductive’s culture. This approach offloads Inductive’s security team while also being more effective: “It’s not someone from the security team reaching out and saying, ‘Hey, what are you doing?!’ It feels less accusatory if it’s a Slackbot,” Jason said. It’s also a much more scalable solution for their 4-person team.
With Inductive’s managed Chrome browser program, they were able to deploy the Push browser extension to 99 percent of their devices in 5 minutes in the middle of a regular workday. The deployment was so seamless that they received no help desk requests, Jason said.
Push also helps Inductive improve their return on investment in a recent migration to a new enterprise password manager and an ongoing emphasis on centrally managing apps via SSO. They use Push’s detection of shadow apps and accounts, as well as its password manager detection capabilities, to close the gaps they find.
Push has become a trusted source of truth for Inductive’s cloud portfolio, providing the foundation for their vendor risk management program.
