As one of the fastest growing global organizations in the accounting and auditing industry, BDO operates in more than 160 countries, with over 44,000 people delivering tax, audit, and assurance services.
Each of BDO’s 160+ independent member firms operate independently with their own IT environment, HR department, accounting teams, and more. “Our vision is to be the leader for exceptional client service and, as such, our people and our firms are set up to serve and help our clients—at every level, day-in, day-out,” said Russ Phillips, BDO’s Global IT Director of Infrastructure and Services.
This business model has allowed BDO to leverage its global network of partners who excel at getting to know client needs and fulfilling them on an individual level. The organization’s approach to innovation has also influenced key areas of its strategy, including IT. BDO administers some IT services worldwide, such as global website hosting, auditing applications, member firm annual reporting tools, and more with Microsoft Azure.
Seamless access to the services was key to driving usage, and it was clear that single sign-on would be essential for the independent member firms to adopt BDO’s global IT services. After evaluating other solutions in the market, Azure Active Directory (AD) served as the best solution to BDO because it was cloud-based, helped firms maintain independence, and was delivered at a low cost.
By working with Microsoft Gold Partner, MOQdigital, BDO was able to deploy Azure AD worldwide and is now seeing widespread adoption.
Keeping member firms independent was essential to BDO’s strategy but having over 160 different IT environments posed an immense challenge to BDO’s global IT team. “We don’t have one AD, identity piece, or Office 365 environment; we don’t have one anything,” said Phillips.
If an employee at a German member firm, for example, had an idea for a new application, there was no way to share it with the network in a secure and compliant way.
As company digital resources continued to expand outside the corporate network, in the cloud, and on devices, a great cloud-based identity access management (IAM) solution was a necessity. Cloud-based identities allow IT departments to maintain control over, and visibility into, how and when users access corporate applications and data. With these considerations in mind, Phillips connected with one of its technology partners of over 12 years, MOQdigital, to evaluate alternatives.
There were many key considerations in choosing a solution. The most important factor was that the IAM solution had to be cloud-based, because global IT needed to ensure that it could deliver services into all the compliancy regions of its member firms throughout the world.
A second major consideration was the need for global IT to maintain its member firms’ independence. “All of the firms managed their own Office 365 environments including Microsoft Exchange, and they control their own identities. I didn’t want to interfere with this, and I wanted to connect all 160 member firms to a single IAM environment that they could manually update or sync with,” said Phillips.
Another consideration was that the member firms required single sign-on to gain access to globally managed services including audit tools, an accounting app, and an annual reporting tool. A final, but large consideration, was cost.
MOQdigital helped BDO evaluate Okta, Ping Identity, and Azure AD. Phillips recognized that Azure AD removes all the management overhead. Global IT doesn’t need to manage the identities of its member firms; they would manage the onboarding and the exit process independently. He also valued Azure AD’s B2B service for its ability to automate user authentication.
In the end, the choice was simple. Neither Okta nor Ping Identity met all BDO’s requirements, specifically the most important one: the ability to deliver services into the compliancy regions of its member firms. BDO’s global IT was already using Azure, and it could build their solution on top of a greenfield environment.
Finally, cost was a deal breaker. The competitor solutions costed almost 10X more than Azure AD B2B.
Because BDO was new to cloud, MOQdigital provided support with top-notch onsite resources to get BDO up and running quickly and smoothly.
BDO has been steadily moving much of its on-premises data to Microsoft Azure and is taking a hybrid approach to the cloud because of its large investment in infrastructure. With Microsoft Azure’s storage and ability to scale services as needed, BDO no longer has a need to upgrade or expand its infrastructure. BDO can start moving additional workloads directly to Azure, which will extend the lifecycle and reduce the total cost of ownership of its current infrastructure – delivering better value for itself and its customers.
The Microsoft Azure global presence was a key consideration of BDO in its cloud choice. With 50 Azure regions across the globe and plans for the addition of 12 more regions, BDO can specify the region where its customer data will be stored, meeting local data residency regulatory requirements. Azure enables BDO to deliver services at the scale it needs to reach its customers and partners, wherever they are.
There are many other services Phillips wants to build into the global IT project, and Azure AD B2B allows them to do that. "Imagine if we weren't in the cloud, we were on a traditional datacenter, and all of a sudden we needed to connect with all 160 member firms. We would have had to manage 160 trust relationships, and we would be counting on all members to trust one another... Azure AD takes all of that away. Having a good cloud provider with this product, we can connect 160 ADs into our NFS environment. Without Azure AD B2B, it would have been impossible,” said Philips.