For thousands of companies born in the cloud and SaaS era, bring your own device (BYOD) is just part of doing business. Employees want the flexibility and freedom to use their personal mobile devices to access corporate applications to work from any location. Zenefits is no exception. Zenefits employees —like its customers— want access to company applications with their personal mobile devices.
This creates a dilemma: how do you give employees flexibility to access corporate assets from any device while ensuring data is secure and only authorized users are accessing applications? For Zenefits, their crown jewels are personal identifiable information (PII) and protected healthcare information (PHI), which need to be secured and protected. As a company that works with PII and PHI, Zenefits is required to meet and keep up to date on HIPAA, SOC2 compliance requirements, and on data privacy laws such as CCPA.
When it comes to mobile devices, Zenefits is 100 percent BYOD. Using a mobile device for work is not a requirement, but it’s not discouraged either. So if an employee chooses to use their device for work, Zenefits wants to ensure company data in Google, Slack, Box and their other enterprise applications is protected.
Enter Duo Beyond, which Zenefits deployed to its employees. Zenefits uses Duo to check if a device is trusted before a user is allowed to access an application from that device.
“Duo is always checking the state of the device,” said Dan Regan, Zenefits cloud security engineer. Zenefits can set mobile policies to define and only grant access when devices meet those specific definitions. For example, Zenefits checks for OS version and browser plugins, strong passcode, and encryption to determine if a device can access applications.
Duo’s ease of use, transparency and convenience enable users to install Duo on their personal devices without worrying about privacy. Because of Duo’s “light touch” users don’t feel intrusions and admins don’t have to wrestle with the management headaches inherent with traditional mobile device management (MDM) solutions. That’s what led Zenefits to select Duo Beyond as a critical component of their endpoint security program.
With Duo, Zenefits is able to attest that only trusted devices are able to access corporate applications and data. Duo checks for untrusted devices in their environment every time a user tries to authenticate to a protected application. If at any point, the state of the device changes or a user gets a new device, Duo checks for the device state and blocks the device from accessing the application if the device doesn’t meet the defined corporate security requirements.
In addition, Duo helps Zenefits achieve a perfect balance between security and productivity. Using Duo’s granular access control policies, Zenefits provides employees and contractors access to corporate applications for work from any trusted device. While elevating security for sensitive data such as customer PII and PHI by identifying and granting access only to corporate issued devices while blocking access from personal and mobile devices.
Using a trusted device model delivered by Duo Beyond gives Zenefits the power to only grant access to employee devices that meet their trust standards, and restrict access to those that do not. It’s a turnaround on the traditional perimeter security model and is instead based on a zero-trust approach. Regan summed it up this way: “Duo Beyond creates an invisible and open gate that authorized users with trusted devices never have to see, the gate only materializes and closes when the device trust standards are not met.”