eModeration, a global brand manager that has clients that include HSBC, the BBC and Smirnoff, has deployed a cloud based access management tool to provide its employees with secure login capabilities to its clients' social media pages, applications and systems.
A large part of eModeration's job is making sure that their clients' customers don't post offensive or harmful material on whatever platform they are using, such as Facebook, YouTube etc. However, it is also responsible for protecting the welfare of its clients' young customers, by identifying cases of cyber bullying, or cases of self-harm.
In early 2012 eModeration was using a mixture of passwords known by individual team members to gain access to these platforms, some of which were automated with password management on their machines, as well as an under-performing single sign on solution called MyOneLogin.
Computerworld UK spoke to Paul Elson, IT manager at eModeration, who explained that this created a complex environment for the company, which was made even more difficult by the fact that its staff, all of which require access to client platforms, work from home in different locations across the globe.
"There were a number of issues with MyOneLogin - they weren't responsive to our questions, so our support from them was poor, and it was also harder for us to on-board new applications ourselves, which led us to need their assistance more," said Elson.
"They weren't meeting our needs, which is what led us to OneLogin. It's being used for access to everything we use - both our internal systems, of which there are about eight or nine, but more importantly to the hundreds of different applications used by our clients."
He added: "The majority of platforms involve Facebook, Twitter, YouTube and Google+. However, there are a whole host of bespoke systems for the companies as well, which we have to interface with."
Elson explained that OneLogin operates a useful tool, whereby if the application or platform isn't already part of its archived library of already approved applications, eModeration's users can usually on-board the platform themselves. This can be done with very little technical knowledge.
"Most of the applications that I needed were already there in the library, and it was just about choosing them and filling in the details. Most of the ones that weren't we were able to build with OneLogin's Wizard feature, which pops up when it notices that you have visited a URL that has login opportunities," said Elson.
"You just click on the field that you would like to fill in, then it takes you through the process, where you end up with a custom application, which you can reuse within your account."
However, if the Wizard tool doesn't work, eModeration employees can still build and on-board the application themselves.
"The next step, if this doesn't work, is to build the application yourself. It's easier for someone with a bit of technical background at this point, as it would require you to read the source code of the page. However, if you have a bit of HTML knowledge, that would be enough for you to build an application from scratch," he added.
"Finally, if it was an extremely complex login page, that required Java script for example, we would ask OneLogin to build it for us, which they typically do within a couple of days without any extra charge."
eModeration was able to implement OneLogin in just one week for over 100 employees. It now has almost 500 employees using the tool, 300 of which needed to be added in two weeks when it won a big client that required extra staff to be taken on.
Elson said that there has only been a handful of examples where OneLogin has not been able to build an application for access to a client's platform, and this is often due to Flash based websites. He also explained that the company had no qualms about looking to the cloud for a solution, as it has always fully operated from the cloud due to all its employees working from home.
However, Elson does admit that if OneLogin suffered any significant outage, the aftermath for eModeration would be costly.
"It would be a huge issue for us, there's no argument there. But of course we have considered it and have a contingency plan. We would have to hand out passwords to our employees. The problem with this is that it would require a huge clean-up process afterwards," he said.
"It is important to me that a single moderator does not have direct access to a client tool. We are representing a corporate client and I don't want employees to be able to log into a page without going through OneLogin and leaving an audit trail."
"So if we did have to give them direct access, as soon as possible we would refresh the password. It would cost us a lot in effort mopping up after an event like that."