Keeper Security has published a case study on how DrillDocs uses its privileged access management software in offshore operations, focusing on access controls for a globally distributed engineering workforce.
DrillDocs, which develops computer vision software for the offshore oil and gas sector, adopted the system as its operating model became more complex. The company expanded internationally and brought in an external engineering services firm to provide round-the-clock production support.
That shift changed the security challenge from managing machine-to-machine access to supervising interactive access by internal staff and third-party workers. It also raised questions about how to control privileged sessions when some users were working on personal devices.
Before adopting the broader access platform, DrillDocs was already using Keeper Secrets Manager in its DevOps setup. In that arrangement, credentials were retrieved programmatically during automated deployments and injected directly into memory rather than stored in plain text on production systems.
The newer deployment was designed for human access to production environments. According to the case study, engineers and external partners connect through browser-based sessions, with access assigned by role and sessions recorded for audit purposes.
DrillDocs management wanted more visibility into privileged activity, tighter control over how access was granted and removed, and a setup that could support a larger international operation. Those requirements became more pressing as the company relied on a mix of in-house engineers and external support teams across time zones.
Francois Ruel, Co-founder and Chief Science Officer at DrillDocs, said the use of personal devices was a turning point in the company's thinking.
"We were getting worried about how to best manage security when work is done from personal machines. We trust our partners, but we needed to switch to a trust-but-verify culture."
Access oversight
The case study describes the rollout as a way to replace informal access processes with a more structured approach. Provisioning and revocation could be handled quickly, giving DrillDocs a clearer way to change permissions as staff or contractors moved in and out of projects.
The setup also supported audit requirements linked to SOC 2 compliance. That reflected a broader need among software and industrial technology companies to document who accessed systems, when access took place, and what happened during privileged sessions.
For energy and utility businesses, the issue has become more acute as operational support is spread across internal teams, contractors, and service providers in different regions. Bring-your-own-device practices can add another layer of risk when companies do not fully control the endpoint used to reach production systems.
Keeper said the deployment at DrillDocs was completed quickly. Ruel said the company moved from trial to live use on the same day.
"The day we decided to start our trial, we were able to get everything set up in a two-hour session. From there, we started using Keeper right away."
Wider market
Privileged access management tools are used to control and monitor high-level system access, particularly for administrators, engineers, and external suppliers. Demand has increased as companies adopt cloud services, outsource specialist support, and face tighter scrutiny over cybersecurity controls.
Keeper framed the DrillDocs deployment as an example of a wider problem facing organisations that extend access beyond permanent employees. Businesses with distributed workforces and external partners face similar exposure when privileged accounts are not closely governed.
Darren Guccione, Chief Executive Officer and Co-founder of Keeper Security, said the security problem DrillDocs addressed is not unique to offshore drilling.
"Any organisation extending privileged access to external partners, multi-cloud environments or a distributed workforce faces the same exposure. Implicit trust is not a security model. KeeperPAM enforces verified, session-level access control from day one across all human and non-human identities - and in the case of DrillDocs was implemented at scale."
DrillDocs' use of the software offers a snapshot of a broader shift in industrial technology, where cyber risk increasingly centres on identity, access, and oversight rather than only perimeter defence. In this case, the company used recorded sessions, role-based permissions, and faster access changes to oversee 24/7 engineering support across internal teams and third-party partners.