SBA Communications Case Study

SBA Communications replaces Microsoft AD FS, forgoes Cisco’s Meraki MDM solution for Idaptive

Idaptive saved SBA an estimated $50,000 a year in AD FS costs and negated the need for a separate MDM solution.

“Breaches can be devastating to an organization and the cost can be significant depending upon just the potential exposure. Knowing that Idaptive is helping us to minimize our attack surface to a significant degree is invaluable.” Jorge Grau, Senior Vice President and Chief Information Officer at SBA Communications.

Founded in 1989 and headquartered in Boca Raton, Florida, SBA Communications Corporation is a leading independent owner and operator of wireless communications infrastructure across North, Central and South America. 

THE CHALLENGE

Avoid the build-out of a high-cost disaster recovery co-location for a product that was already difficult to implement and manage. Simplify app integration, address MDM requirements and SOX compliance, and ensure a more robust security stature. 

When SBA Communications began using SaaS-based apps like Innotas, ExpenseWatch, and Yammer, they implemented Microsoft’s Active Directory Federation Service (AD FS) at an approximate total cost of $35,000 for identity management. While implementation and application integration proved challenging, the product met the company’s requirements at the time. As their environment evolved, however, the solution became increasingly difficult to manage. 

“To assist in the implementation we hired a consulting firm with AD FS expertise,” says Jorge Grau, Senior Vice President and Chief Information Officer at SBA Communications. “It took them six weeks to get the initial solution implemented and we continued to engage them over the next several months to do a knowledge transfer and get a handful of other SaaS providers linked into the new system.” 

However, a new version of AD FS was soon released and the company was faced with having to migrate the entire infrastructure. “Integration was so painful the first time around that we dreaded having to migrate those same apps into the new environment,” says Grau. “When resources are scarce, migrating a product that’s already working never becomes a priority.” 

The unfortunate result was two live versions of AD FS — each with its own set of SaaS applications that required significant resources and a coordinated effort to maintain. 

The real issue arose as cloud-based solutions became more pervasive within the company’s environment. While they had previously incorporated only a few, less-critical SaaS apps, the benefits of cloud-based solutions led the company to adopt more until eventually disaster recovery became an issue. “Once we began deploying SaaS products like Ultimate Software and Office 365 — where availability was essential – we either needed to implement an additional, separate AD FS environment in a co-location, or we needed to find a new solution entirely,” says Grau. 

THE SOLUTION

After eliminating AD FS as an option, the company evaluated several IDaaS solutions and selected Idaptive based on product functionality, the ability to easily integrate cloud apps, MDM features for mobile devices and company reputation. 

To meet disaster recovery requirements, SBA Communications first looked at creating an additional AD FS environment. “We took into consideration hardware and licensing costs, the cost of more co-location space, additional consulting expenses and internal resource requirements for maintenance and management.” 

Because SBA Communications was now running two versions of AD FS, to ensure uptime they would either need to finally migrate all the cloud apps on the old AD FS system to the new one, or they’d need to build out two separate additional environments — which would double the costs. 

“Not migrating was cost-prohibitive and migration wasn’t a real option either,” says Grau. “The integration process was extremely difficult with AD FS. I had understood that as long as a cloud app was SAML compliant it would be a straightforward process, but it wasn’t. Each new cloud app seemed to present a unique situation. Some apps took us ten weeks to integrate, and sometimes entire development initiatives were required. Doing that all over again wasn’t an option for us. The ROI on the entire initiative just wasn’t there.” 

SBA Communications decided to look at IDaaS (Identity-as-a-Service) solutions that could solve the problem and minimize management and maintenance overhead. After a preliminary evaluation, the company narrowed its choice down to two providers. “In the end, it wasn’t just about dollars. It came down to product functionality and which provider would best support us in integrating new apps. Company reputation, customer interviews and existing integrations with SaaS providers also played a significant role. MDM (Mobile Device Management) capabilities were the icing on the cake.” 

Simultaneous to addressing its AD FS problem, SBA was also in the process of evaluating Cisco’s Meraki MDM solution for the management of mobile devices. 

“We needed an MDM solution to ensure that we could enforce passwords on devices, that mobile communication would be encrypted, and that we could eliminate proprietary SBA Communications email from any mobile device at a moment’s notice. We needed to accomplish all that without damaging the device or deleting personal information. And last, we needed control and reporting on all mobile devices connecting to our servers. Because those capabilities are inherent to Idaptive, we realized we wouldn’t even need a separate MDM solution.” 

THE RESULTS

Idaptive saved SBA an estimated $50,000 a year in AD FS costs and negated the need for a separate MDM solution. Low maintenance requirements have freed up IT staff. Compliance with SOX regulations has been reinforced. 

Several recent high-profile breaches have made security a hot topic among the executives at SBA Communications and driven significant investments toward their security infrastructure including additional firewalls and intrusion prevention systems. Idaptive has further strengthened the company’s security stature with an identity and mobile device management solution in one. “Security is very high on our radar. We do everything possible to secure our proprietary information,” says Grau. “Now we count on Idaptive to effectively manage who we allow into our environment.” 

Today, Grau says he can integrate new cloud-based services vendors into the environment in a fraction of the time it took with AD FS, and app availability has improved as well. “One issue with a server can result in lost productivity across the organization. With Idaptive there is more redundancy and greater availability than we could ever create on-site.” 

Idaptive helps to protect sensitive information for SBA Communications by allowing the company to remotely wipe proprietary emails when a mobile device is lost or stolen. Leveraging a single set of credentials means passwords can meet any specified configuration and complexity requirements, helping to protect user identities and achieve SOX compliance. 

The Idaptive solution has saved the company money by offsetting the cost of further building out the AD FS environment, which Grau estimates would have cost in the neighborhood of $50,000 to $60,000 each year. But the greatest cost savings may never be known. 

“Breaches can be devastating to an organization and the cost can be significant depending upon just the potential exposure. Knowing that Idaptive is helping us to minimize our attack surface to a significant degree is invaluable.”