PayWith develops mobile-centric payment and rewards solutions for businesses, which they can use to improve customers’ commerce experiences.
Todd Wade, head of information security and compliance, helped PayWith search for and introduce its first directory three years ago, as well as transition to remote work when the COVID-19 pandemic forced businesses worldwide to reassess their operations.
- Organization: PayWith
- Size: ~25 employees
- Location: Vancouver, British Columbia
- Problem: Needed a directory and wanted to achieve SOC 2 compliance
- Goal: Implement centralized identity and access management (IAM)
Background: Access Control & Compliance Goals
Three years ago, PayWith operated without a directory — the company’s developers took a “go-your-own-way” approach. The need for centralized IT management became clearer as the company grew, and the team wanted to achieve SOC 2 compliance, which also required formalized access control.
Todd previously spent more than a decade running IT operations for a credit union, which had a much more traditional and entrenched on-premises system. At PayWith, he knew he needed to find a directory solution that better suited its cloud-forward approach.
“I figured it would be too long of a conversation to try to introduce a traditional setup like Active Directory®,” he said. “That’s when I started looking around to try to find something that would fit in with how they want to do things.”
Challenges: Introduce a Directory without Adding Hardware
Todd began searching for a cloud directory service that he could use to introduce centralized IAM. PayWith works heavily in AWS® and GCP®, and it has since its founding. He wanted the directory he selected to reflect that.
“In the beginning, using cloud service providers was a cost-saving measure because there wasn’t a huge outlay of cost to get a platform up and running,” Todd said. “Once that happened, then it became a question of: Why have anything on-site?”
He also wanted to implement security controls to lock down the company’s systems — macOS®, Windows®, and Linux® machines — but in a way that was lightweight enough to satisfy the developers.
“The main thing I wanted to accomplish was to check all the boxes that SOC 2 required,” he said. “The other thing was — coming from an IT management perspective — I wanted to slip in a bunch of controls that I needed to be able to manage the system.”
The Solution: JumpCloud
Todd ultimately selected JumpCloud® because its Directory-as-a-Service® satisfied all his requirements and allowed him to execute IT management from a single platform, rather than cobbling together and managing separate vendors for each individual need.
“Knowing that I needed access management, knowing that I needed to support Windows, Mac, and Linux, and knowing that it was only me doing IT management, I wasn’t looking seriously at solutions that couldn’t support everything,” he said.
PayWith achieved SOC 2 compliance with JumpCloud, and the team is now preparing for a PCI audit as well. When he rolled out JumpCloud, Todd also took the opportunity to roll out other security policies to PayWith’s users. He implemented password controls and security configurations, such as a policy to lock screens after a certain period of inactivity and policies to enforce full disk encryption.
“JumpCloud was easy to put in place and get done what I needed to get done without anybody complaining about it,” he said.
Todd recently rolled out JumpCloud’s premium System InsightsTM, which returns key telemetry about machine fleets. He’s already used the feature to get the serial numbers on machines, which he wasn’t always able to access previously. He’s also used it to monitor network information and see where individual machines are located. He plans to incorporate other data points to monitor patch status, Chrome extensions and Firefox add-ons, and user SSH keys.
“Rolling out System Insights was as easy as it possibly could be. All of a sudden, I had a whole bunch of extra information coming into the system. It was great.”
Three years in, Todd continues to find and implement new features. They’re easy to use and have enabled his use of JumpCloud to grow with PayWith.
“Through regular conversations with our JumpCloud account rep, I’ll find out there are all these new services that are really easy to roll out, and it’s just a matter of clicking them,” he said.
Transition to Remote Work
In March 2020, Todd needed to transition the company to a work-from-home model, and the process was seamless. He went remote several days before the rest of the company, and he spent about half an hour getting everybody settled in the day the office officially went remote. He didn’t have to do much other than help people get familiarized with new conditions.
“I wish there was something more to talk about in terms of how easy it was for everyone to go remote,” he said. “I didn’t have to worry about how they were going to connect to the directory server or how the firewalls needed to be set up so people were able to access everything. It was really just a matter of, ‘OK, well, just pick up your laptop and go home.’”
The Result: ‘Going to the Cloud’
JumpCloud has helped PayWith maintain a lean but secure IT operation, and it’s been able to run in the background so Todd has more time for other tasks. With a directory that he’s able to “set and forget,” he can now focus on essential tasks like working with AWS and GCP.
“IT is all going to the cloud, at least for a lot of businesses,” he said. “It doesn’t make sense to spend 90% of your time in those areas but then have to come back and deal with on-prem systems. It wouldn’t fit with how we run things.”
Learn more about how PayWith helps organizations develop innovative payment and rewards programs.
Whether you’re looking for an IAM tool to help you achieve regulatory compliance or transition to remote work, JumpCloud is here to help. Click here to learn more about securely connecting user identities to systems, apps, files, and networks from the cloud.