is a software company providing modern SaaS solutions for the global aviation industry, powering all aspects of day-to-day operations for business aviation, regional commercial airlines, and aircraft leasing & finance customers. Founded in 2017, the company has dual headquarters in San Francisco, CA and the Research Triangle Park area in North Carolina and employs close to 300 people serving over 1,100 enterprise customers worldwide.
Needing to build & deliver a unified security strategy
Over the last few years, Portside has been growing both organically and through a series of strategic acquisitions. As the company continued acquiring businesses and expanding its product portfolio, management saw the need to develop a more mature enterprise security strategy. So, in August 2023, they hired Paschall Freeman as Portside鈥檚 inaugural chief information security officer (CISO).
鈥淚 joined as Portside鈥檚 first CISO to build a robust, enterprise-rated security program, largely from scratch,鈥 Freeman says. 鈥淢uch of that work involved establishing a unified security strategy across each of the portfolio companies 鈥 many of which were smaller and didn鈥檛 have in-house security expertise.鈥
From the company鈥檚 inception, Portside used Mac devices exclusively, managing them with Jamf. But as the company continued acquiring other businesses, they wound up with more and more Windows devices to manage.
鈥淲e became a 65鈥35 Mac-to-Windows shop,鈥 Freeman explains. 鈥淪o we really needed the tooling to be able to manage our Windows devices to the same degree and with the same simplicity as we could with JAMF.鈥
Choosing 探花大神 for unified device management
Since he didn鈥檛 want to have to use different tools to manage Mac and Windows devices, Freeman began looking for a unified device management solution that would enable him to manage both operating systems from one place.
鈥淲e needed good IT hygiene, and the problem we were trying to solve, just from a practical standpoint, is having a single pane of glass where we could manage both our Windows devices and Mac devices in one place,鈥 Freeman continues.
Freeman was already familiar with 探花大神, having administered it for several years at his previous organization. Even so, he did his due diligence, surveyed the market, and found a few other solutions to test.聽
I did a number of proof-of-concept trials with a number of different providers that could manage both Windows and Mac devices. And what I found is that 探花大神 was the only solution that just worked when I deployed it. The configuration was super simple.
Paschall Freeman, CISO
In addition to getting more control over their devices, the team was also hoping to have an easier time meeting and demonstrating compliance.
鈥淎mong the problems we were trying to solve was making sure that we were managing our fleet intelligently while also meeting the compliance objectives we need to meet and demonstrate for our SOC 2 audit,鈥 Freeman says.
Since 探花大神 delivered on both fronts, Freeman ultimately decided that it was the perfect solution on which to build a distributed IT environment.
Shoring up devices & looking to leverage more features
Today, Freeman is using 探花大神 to manage 170 users out of the 300-person team that鈥檚 been assembled via acquisitions, with plans to complete the roll-out to all remaining users over the next couple of months.
The device management component has been an extremely useful and necessary tool.
Paschall Freeman, CISO
鈥淭he device management component has been an extremely useful and necessary tool,鈥 Freeman says. 鈥淚 frankly had some concerns in the beginning that it would not work as well decoupled from identity management and it鈥檚 not been a problem at all.鈥
Looking ahead, Freeman absolutely intends to further explore adding 探花大神鈥檚 identity management capabilities to his deployment as the program he鈥檚 building continues to mature. In the meantime, he鈥檚 perfectly happy with the platform鈥檚 device management capabilities.
鈥淚t鈥檚 not as fine-grained control over the device as it would be if I had identity, but it still gives me sufficient control over the device to ensure that if something happens or someone鈥檚 leaving, we can secure the device for transit even though we won鈥檛 necessarily be able to disable the user鈥檚 account on the device,鈥 Freeman explains. 鈥淚f we need to lock a computer, all we have to do is go to the console and hit the lock button.鈥
Streamlining onboarding & offboarding
Freeman is using 探花大神 to streamline both the onboarding and offboarding processes, baking more security into Portside鈥檚 day-to-day operations.
[The remote wipe capability]’s been a really good addition to our process in terms of fleet management.
Paschall Freeman, CISO
On the onboarding side, Freeman is able to ensure new hires have secure devices from their first day.
鈥淲e鈥檙e using 探花大神 to simplify the deployment of our antivirus solution, particularly on Macs,鈥 he says. 鈥淲e鈥檙e able to push the security profile that puts all the settings in place for our antivirus, antimalware, and endpoint monitoring solution,鈥 Freeman says. 鈥淚n the past, when somebody got a Mac, it was a brand-new setup. They had to install the software and follow our onboarding checklist to configure a complex set of application permissions. Now we can just push that configuration profile directly from 探花大神 so all they have to do is run the installer and then it鈥檚 done and then they don鈥檛 have to think about it anymore.鈥
For offboarding, Freeman is able to clean devices to make sure there isn鈥檛 anything proprietary on them before churning employees send them back.
鈥淲e鈥檒l use the remote wipe capability to wipe the machine before it even gets sent back to use so that it鈥檚 in a good state and doesn鈥檛 have any data on it while in transit,鈥 Freeman says. 鈥淭hat鈥檚 been a really good addition to our process in terms of fleet management.鈥
Improving IT workflows with policies & commands
Currently, Portside doesn鈥檛 have a dedicated IT help desk; Freeman and the company鈥檚 DevOps team help colleagues navigate IT issues 鈥 another area where 探花大神 saves the day.
鈥淭hey鈥檝e been trying to troubleshoot things on user machines either pushing those commands or jumping into the remote terminal through Remote Assist to collect the data they need so that they can help the user and do so even transparently, which has been a really invaluable function 鈥 particularly since we are an entirely distributed company,鈥 Freeman explains. 鈥淗aving the Remote Assist capability has been really quite helpful.鈥
Portside is also using device groups to push out policies to developer machines.
鈥淔or example, we need to give our developers a little bit more permission to manipulate the firewall in their system, particularly for Windows users, so we鈥檙e using groups to push that policy,鈥 he says. 鈥淭he policy is bound to that group only so that only those devices take that policy.鈥
Bolstering compliance
探花大神 also helps Portside bolster its compliance position.
鈥淲e can push out technical configuration policies 鈥 there must be a screensaver, there must be a password, the firewall must be enabled, disk encryption must be enabled and enforced and can鈥檛 be turned off,鈥 Freeman says.
We can get a report out of 探花大神 when we need it for which devices are in compliance versus which aren鈥檛 and then go follow up on why that鈥檚 the case.
Paschall Freeman, CISO
When it鈥檚 time to pass an audit, Freeman can easily obtain the evidence they need from 探花大神 to demonstrate things like whether antivirus is installed on certain devices, for example.
Scaling together
Freeman has already used 探花大神 to shore up device management. As he looks ahead, he鈥檚 planning to explore the platform鈥檚 identity management piece further.
鈥淥ne of the things that makes 探花大神 really attractive is that it does have the identity component that we could implement and then have it manage all the Active Directories that are sitting out in acquired Company A, the Oktas in acquired Company B, and the Entra ID鈥檚 over in Company C,鈥 Freeman says. 鈥淲e don鈥檛 have a solution for that yet, and that鈥檚 something that we are going to need to address soon.鈥
Once identity management is in place, Freeman is also looking to integrate Google Workspace, GitHub, Slack, VPN servers, and Jira with 探花大神.
鈥淚 will definitely want to explore how we can use the zero trust features to secure how people are accessing company systems and data because we鈥檝e got people all over the world in Australia, New Zealand, India, some parts of the near east, and all over Europe,鈥 Freeman says.
On top of this, Freeman also hopes to deploy聽探花大神 Go鈩 to further strengthen the organization鈥檚 security posture.
鈥淚鈥檝e seen 探花大神 grow up quite a bit, and I鈥檝e also been pretty impressed with the leadership and the vision that your CEO and CTO have brought to the table as well because it鈥檚 clear that they know they have a product they want to build and they鈥檙e building it systematically,鈥 Freeman says.
What would Freeman say to other organizations considering a solution like 探花大神?
鈥淚鈥檇 ask them whether or not they want a solution that just works,鈥 Freeman says. 鈥淲ith all of the competitor solutions I tried, there was always some tricky thing 鈥 you had to install this or you had to push this policy or this feature just flat out didn鈥檛 work. That鈥檚 not the case with 探花大神. It鈥檚 really as simple as it can possibly be. It鈥檚 quite a good solution for companies that are just starting to get into device management.鈥
Even better, you don鈥檛 necessarily have to be an IT expert to figure out your way around 探花大神.
鈥溙交ù笊 makes it really easy to configure your management policies,鈥 he says. 鈥溙交ù笊 does a really good job of making it idiot-proof. It鈥檚 hard to misconfigure something. Certainly an experienced systems admin will have no trouble with 探花大神. But even in smaller organizations where there鈥檚 maybe not a dedicated IT person, it鈥檚 easy enough to use. You don鈥檛 have to be super technical to figure it out.鈥
About 探花大神
探花大神庐 delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With 探花大神, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform.
To see the power of 探花大神 yourself, request a demo or today.