To be successful, it is critical for Withers Worldwide to maintain the confidence of clients and the information placed in their trust, as well as meeting privacy and compliance requirements across their jurisdictions. The major businesses challenges they faced were gaps and inconsistencies in how their employees logged in to access various cloud and on-premises applications.
RSA was the incumbent multi-factor authentication (MFA) product for 600 of the Withers’ 1.000 employees. RSA was not able to integrate with all of their applications, leaving their cloud-based email archive, Mimecast, and their Cisco ASA VPN with no MFA. To access these apps, a user only needed a login and password.
Meanwhile, other apps in their Citrix, HighQ and Azure environments each used their own version of MFA. This inconsistency created security risks and a poor end-user experience. It was a nightmare to manage and was the cause of nearly a quarter of all remote access based service desk tickets. As a company headquartered in the European Union (EU) that conducts business with European customers, Withers Worldwide must also adhere to the General Data Protection Regulation (GDPR).
At the same time, Withers was planning an office space transformation. In London, the firm wanted to move away from a traditional office space and create a more agile workforce that enabled employees to work remotely while offering hot seats for employees who wanted to work in the office.
“I knew our current processes would jeopardize this transformation,” said Craig Good, Global Systems Manager. To further complicate things, Good said he had to overcome budget constraints and the status quo of others not seeing the need to make a change.
“The first step was to look at where we didn’t have MFA in place to access applications and find a solution that would protect them while making our authentication much more streamlined,” said Good. For the applications that were using two-factor authentication (2FA), they had to “get away from the hodgepodge of clunky, MFA solutions that were making it difficult on users, were hard to manage and generated a lot of service desk tickets.”
For the applications that were using MFA, there was a sense that incumbent solutions were good enough – despite access login issues representing 25 percent of remote access tickets. Good said he was the first to see that their current methods would jeopardize the transformation to an agile, remote workforce. “I just knew that people having to carry around tokens or inputting codes were going to kill the transformation,” he said. Most employees were already working from home and there were a lot of complaints about the inconsistencies in accessing different applications.
Good sought a solution that would streamline the authentication process by integrating with all of Withers’ critical applications, especially Mimecast, and provide the best end-user experience. During this search, Duo’s name kept coming up.
“During the demo, I knew instantly that our users were going to love it. I saw that it was going to reduce a lot of service desk tickets from users having trouble authenticating, and I knew it was going to help us harden up our external security posture,” said Good.
Good said he knew it would provide a great end-user experience because it was easy for users to enroll. “We did look at other vendors, but Duo’s push approval was the hands-down winner and nobody came close to Duo’s ability to integrate with Mimecast.”
Duo Access provided application access control and MFA across all of Withers’ cloud and on-premises applications. Duo Access, along with Duo’s single sign-on (SSO) reduced remote access service tickets by 21 percent and allowed IT to overcome budget constraints by protecting all 1,000 employees at a net-neutral cost to what they were paying for 600 users on RSA. Duo’s simple workflow, ease of setup and deployment, and the added functionality in Unified Endpoint Visibility and granular policy engine also differentiated Duo over RSA.
“When we were enrolling people, we thought that was going to be a real challenge. IT’s service delivery team had just completed a huge project for our cell phone fleet and shuddered at the thought of having to call all the users back in to enroll them in a new MFA. There was a sense that the team didn’t have the time or capacity to do it and were skeptical when I told them with a one-page guide most users could self-enroll,” added Good. In the end, over 90 percent of Withers’ employees self-enrolled with no IT assistance.
Feedback from partners has been extremely positive. “It seems like a small change, pressing a button on your phone to authenticate instead of having to put in a code, but it is such a huge improvement. Duo Access also gave them better insight into the different devices that were accessing apps. This is a win that enables us to show IT as an innovative function of the business and not just operational.”