How Creative Dock Prepared for ISO 27001 Compliance With GoodAccess’ Zero Trust Architecture

For such a spread-out company as Creative Dock, providing secure access to critical systems from all locations is an essential enabler of a majority of business operations.

Historically, Creative Dock relied on an in-house VPN to secure user connections and protect data in transit during remote access scenarios. Though many midsize enterprises choose the same approach due to budget constraints, IT and security staff at Creative Dock soon felt the solution was becoming inadequate for the company’s purposes.

“After the acquisitions, we ended up with several groups of users, each with a different identity provider,” says Stanislav Podlešák, Head of Operations & Infrastructure, “The best thing to do is just to go with one provider, but while we are figuring out which one, people still need to connect to work systems with the ID they have. That’s very hard to manage.”

But identity management wasn’t the only obstacle. Adam Konopásek, Head of Group Cybersecurity at Creative Dock, explains their original in-house solution stood in their way of expanding their business.

“We didn’t have the kind of observability and security controls to qualify for ISO 27001 certification,” says Adam. “But ISO 27001 compliance is a dealbreaker for us because some of our bigger clients won’t do business with us if we don’t have it.”

This was Stanislav and Adam’s predicament: they had to provision access to a heterogeneous, globally distributed group of users with their own devices (BYOD), while having to implement robust enough security controls and activity monitoring to pass an ISO 27001 security audit.

And, they had a home-spun VPN to do it.

Adam and Stanislav decided to contract a vendor of zero-trust network access solutions to tackle these challenges.

“We needed to deploy something that would centralize our identity and access management, get all employee and contractor devices under control, and help prepare the ground for our ISO 27001 compliance,” says Stanislav.

Creative Dock tested four competitive ZTNA solutions, over the period of several months, all of which offered SaaS-delivered ZTNA. They soon narrowed the pool down to two, both of which were evenly matched in terms of technology and usability.

But we went with GoodAccess in the end,” says Adam.

What does it mean to deploy GoodAccess in its full ZTNA configuration?
‍
Here is what Creative Dock got:

Device posture check
‍Creative Dock has over 400 employees and contractors; they can’t possibly issue everyone with a company device. Some form of BYOD was necessary but was unmanageable.

But with GoodAccess’ device posture check Creative Dock can set up their policy and enforce it centrally. It means that no one can now access critical systems without complying with the policy.

Enforcement is centrally controlled and fully automated. “I was impressed by the amount of control and visibility I got. The configuration in the Control Panel is very quick and I could see the results immediately,” says Adam.

Multiple identity providers
All of Creative Dock’s cloud and on-premises networks are connected to and protected by the GoodAccess secure perimeter, as are all their different groups and teams, regardless of the identity provider. All of them can be integrated with the solution with equal ease.

“Everything is under the zero-trust umbrella,” says Stanislav. “And the ability to integrate the different providers helps us seamlessly cover the interim before we migrate everyone to one provider.”

Identity-based access control
SSO increases account security and streamlines user login process. The only way to access any resource anywhere in the organization is via GoodAccess, and only after the user has been authenticated in keeping with Creative Dock’s security policy.

“This is a big plus, because we can set up micro segmented access control on the network layer, even to apps that don’t normally support it,” says Stanislav.

Threat Blocker and DNS
The built-in DNS filter Threat Blocker protects Creative Dock’s employees from phishing, malware, and other online threats in real-time.

Creative Dock also integrates their local DNS resolver with GoodAccess and uses custom domain translation to optimize network performance.

Low latency, high availability
Creative Dock has three Gateways spread over several locations that users connect to. This improves connection quality to employees in the area.

Since the gateways aren’t exclusive to the region, they also provide a flexible backup in case of local outages due to external circumstances.

Security logs
GoodAccess gathers company-wide access logs to all critical systems.

“This is a must-have for any compliance. We get logs on gateway traffic and activity on every system, all in one place. So much better than managing the Babylon of logs from each individual app,” says Adam.

The solution is ready for SIEM integration to enable early threat detection and event correlation, which will allow Creative Dock to respond to traffic anomalies and intervene before any threat escalates.

GoodAccess enables Creative Dock to significantly boost their security and sets the cybersecurity groundwork for ISO 27001, with similar coverage in the requirements of other standards and regulations, such as SOC2 and NIS2.

Among the main benefits they cite rapid deployment and scalability, which allows them to accommodate future business growth with minimal effort.

Both Adam and Stanislav also have a personal favorite.

“I like centralized control,” says Stanislav. “We can normalize and manage all users and devices in one place, even devices we don’t own.”

“For me, the killer feature was device posture check,” says Adam. “We can get all the BYOD devices under control instantly. Doesn’t matter if we issued them or if they brought their own. Also, logs. We can collect logs on every application, even on applications that don’t support logs by themselves.”