Skip to content
owkin

How Owkin rearchitected endpoint security across seven countries with 20% of one person's time

The challenge

Owkin is a generative biology AI company headquartered in Paris, with roughly 260 people working across seven countries: France, the United Kingdom, the United States, Germany, the Netherlands, Spain, and Italy. Leo Cunningham, the CISO, owns InfoSec end-to-end: cloud security, DevSecOps, AppSec, compliance, and risk. Endpoint management sits inside that scope, operated day-to-day by an IT ops team member, Adrian Vasile-Ciorba.

Leo had spent considerable time rebuilding what security looked like at Owkin, and he held every layer of the stack to the same bar. He says, "We have spent a lot of time and effort completely re-architecting what security looks like and making it as best in class as we possibly can."

The existing device management tooling could not hold that bar. Preparing for an ISO 27001 audit made the gap explicit. For a company that set a high standard for itself across every compliance program it pursued, that was not an acceptable position to stay in.

The team running endpoint operations was small, which made tool fit as important as feature depth. A solution that created overhead or required constant operator attention would not work in Owkin's model.

As Leo puts it, "We cannot afford to make mistakes with having a small team. It's imperative that anything that we bring into the organization works with us and not against us."

The solution

Owkin needed a device control and reporting layer that could carry the same re-architecture discipline Leo was applying across the rest of his stack: compliance evidence available on demand, security benchmarks built in from day one, and an operating model that a lean team could actually sustain across seven countries.

A platform that cleared the compliance bar from the start

One of the immediate requirements coming out of the ISO 27001 audit was a tool that could demonstrate compliance, not just claim it. Iru ships with industry-standard security benchmarks built into the platform, so Owkin did not have to configure compliance posture from scratch or maintain a separate evidence trail for auditors.

Iru has that out of the box, which one, makes life a hell of a lot easier. Two, it guides us. Three, ticks the box when it comes to the compliance requirements. And we can evidence that quite clearly.

Leo Cunningham
CISO

Enrollment and configuration at scale

With employees joining across seven countries, Owkin could not run device provisioning through a central IT queue. Iru's zero-touch enrollment, integrated with Apple Business Manager, provisions Mac computers the moment a new hire boots up the machine. Leo describes the process simply: When new users join the company, those Mac computers are ready to go almost instantaneously, to be auto enrolled through Iru or the Apple business manager, the minute a person boots a machine up.

Blueprints define the standard configuration for the fleet: security settings, restrictions, and application configuration. When a new Blueprint is pushed, it applies across the relevant devices without manual rebuilds, giving the IT ops team a consistent, repeatable baseline at scale.

The blueprint rolls out a full config across apps. It's got security settings, restrictions. It saves us doing a whole host of manual work.

Leo Cunningham
CISO

Fleet compliance and application maintenance

Owkin runs more than 120 library items (the apps, settings, scripts, and profiles Iru manages on each device) y across its 225-Mac-computer fleet, and the platform tracks compliance across all of them. At last count, the fleet was running at 99.9% compliance with security controls without dedicated daily effort from the IT ops team.

Application updates, which had previously required manual intervention, now run automatically. Patch cycles that once generated recurring IT ops work happen in the background.

When questions about device state surface, the team uses Iru AI to get answers. According to Leo, "Our IT ops really enjoy using the AI assistant. That really helps for answering various different questions or which devices don't have FileVault enabled."

Integration with the broader security stack

Iru connects into Owkin's wider security tooling. For example, device status and compliance state flow into Vanta, which Owkin uses for compliance monitoring.

Results

Before the re-architecture, Owkin's endpoint layer was the weakest point in a security program that held itself to a high standard everywhere else. The ISO 27001 audit had surfaced the gap in writing. A small team was managing a multi-country fleet with a tool that required more manual effort than the team had capacity to absorb.

Today the endpoint layer runs at the same standard as the rest of the stack. ISO 27001 evidence is available on demand rather than assembled before each audit. Application updates run without operator involvement.

The team profile did not expand to achieve this. Adrian handles day-to-day endpoint operations at roughly 20% of their time, a ratio that holds across seven countries.

I need that bar-raiser behavior when it comes from the IT ops, in full credit to them.

Leo Cunningham
CISO

Looking ahead

The endpoint layer is now a stable foundation for the broader InfoSec re-architecture Leo is running across Owkin. With device configuration, patch cycles, compliance evidence, and enrollment all operating without daily oversight, the security team's attention is free to move across cloud security, DevSecOps, AppSec, and risk across the full scope of what Leo is building. For a company applying AI to drug discovery and precision medicine, keeping the security team focused on that broader mandate rather than endpoint maintenance is what the rebuild was designed to enable.

About Owkin

Owkin is a generative biology AI company headquartered in Paris with roughly 260 employees across seven countries. The company applies AI to drug discovery and precision medicine, working with biopharma companies and academic medical institutions.

 

Stay up to date

Iru's bi-weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.