Gorilla Logic Case Study: ISO 27001 Compliance & Centralized Control

Gorilla Logic™ provides software consulting and development services, utilizing Agile teams to deliver web, mobile, and enterprise applications.

The company’s IT leaders wanted to identify a solution that would help them achieve ISO 27001 compliance and centrally manage their users, resource access, and devices across offices in three countries and for their remote workforce.

  • Organization: Gorilla Logic
  • Size: 700 consultants
  • Location: Broomfield, Colorado; San José, Costa Rica; Medellín, Colombia 
  • Problem: Needed better remote management of devices
  • Goal: ISO 27001 compliance & centralized IT control

Background

Jay Wallingford, Gorilla Logic’s Chief Technology Officer, and Cristina Hernandez, IT Director, led the effort to identify a solution that would serve as the company’s centralized source of identity and access management. They worked on an accelerated timeline for ISO 27001 compliance as the company was scaling quickly.

They used Google as a stopgap user management database but needed to find a more robust solution. 

Challenges

Gorilla Logic has more than 700 consultants across three countries, and dozens of new consultants are onboarded each month. The IT team needed a way to configure and manage their MacBook Pros, as well as lock them down if they were lost or stolen.

“One of the gaps was that we had no centralized system for managing our laptops — we had subpar remote device management over those laptops, where they were being used, what they could connect to, or what they could do,” Wallingford said. “In the event that a consultant stopped communicating with us, we had no ability to shut it down and wipe the disk.”

They also needed a solution that would integrate with Google Workspace, a wide array of SaaS applications, and cloud infrastructure for centralized onboarding and offboarding. This was a necessary security initiative, particularly as the organization sought ISO 27001 compliance — a high bar to meet.

“One of the reasons we went with ISO is that, while it’s a difficult security standard to implement, it covers GDPR, which we saw more and more with our global clients,” Wallingford said. “We wanted to be able to provide our clients assurances that we had world class security controls in place and that they could trust our consultants with their valuable data.”

Solution

Although the IT team also evaluated Okta and Google Cloud Identity, among other solutions, they ultimately selected JumpCloud. The cloud directory platform offers device management for macOS (and Windows and Linux) devices and includes Apple MDM.

“When we first started, what we found was quite a challenge: having hundreds of computers across several countries with little control,” Hernandez said. “Now that we have JumpCloud, it’s a new world.”

The team can enforce password complexity requirements and screen lock policies, manage installed software, and remotely wipe laptops. They also integrated JumpCloud with Google Workspace and are planning a RADIUS deployment to secure office WiFi networks.

“We were initially going in very excited about the single sign-on, which was great. But the MDM was the thing that really blew us away,” Wallingford said.

Wallingford estimates that the company will more than double in the next three years — so they need a tool that can scale with them. 

“The secure connection and control that JumpCloud provides with its MDM capabilities give us a programming language to control those computers,” he said.

“Not only did JumpCloud address many of the issues that we identified during our gap analysis, but it also gave us the assurances that down the road we would be able to implement pretty much any security measure.”

With JumpCloud in place, as well as centralized logging and corporate antivirus, Gorilla Logic achieved ISO 27001 compliance and will seek certification once the pandemic has receded and auditors can visit the Costa Rica and Colombia offices. 

Implementation

The Gorilla Logic team met with groups of consultants to install both the JumpCloud system agent and the corporate antivirus, Sophos, on each device. They also standardized email aliases and usernames on each computer, as well as created a consistent administrator account on each device.

Now, they can do zero-touch onboarding by directly shipping the MacBooks to consultants and managing them without ever having touched them. They deploy a set of policies specific to each office and install a regular set of applications on each device via JumpCloud. In the past, clients would sometimes provide laptops for the Gorilla Logic teams, but with the new security measures in place consultants can continue to use their Gorilla Logic laptops, which saves the clients money.

“It’s a lot easier for us to get consultants going with our own laptops, and we’re able to save clients a lot of money and give them awareness around our security posture and what JumpCloud’s MDM capabilities provide,” Wallingford said.  

The Result

Before the Gorilla Logic team installed JumpCloud and achieved ISO 27001 compliance, they spent dozens of hours going through costly security analyses with prospective clients. Now, they work in a shorter sales cycle because they can quickly demonstrate their security posture without going through what amounts to a gap analysis with each new client that requests it.

“Sometimes it took months of negotiations,” Wallingford said. “It’s been huge in terms of our ability to quickly land a client because our security posture is so world class.”

Time Spent in the Sales Cycle Demonstrating Security Posture

Before: 40-80 hours

After: 2-4 Hours

He added that the Gorilla Logic team has been able to work with clients they previously might not have.

“JumpCloud and ISO 27001 have been a windfall for us in terms of sales. Now we’re in a position to land nearly any client out there from a security point of view. It helps move business, in addition to saving us time.”

Learn More

The JumpCloud Directory Platform is a comprehensive solution to manage user identities, resources access, and Mac/Windows/Linux devices. Use the platform to secure your environment, no matter where your users or resources are located, and enforce measures to help your organization meet compliance.

Read more about the JumpCloud platform, or get started with JumpCloud today. 

About JumpCloud

The JumpCloud Directory Platform provides secure, frictionless user access from any device to any resource, regardless of location. Get started, or contact us at 855.212.3122.