Bird offers a mobile app allowing users to sign up and check out scooters available near them. Since its inception, Bird has added millions of users to its platform, and plan to add millions more in the next couple of years. One of their challenges is to protect sensitive customer information such as names, email addresses, phone numbers and financial information such as credit card data. In addition, with several similar product clones in the market, Bird wanted to ensure proprietary information such as intellectual property (IP), growth plans and business and vehicle strategies is secure from attackers. To be successful, Bird’s customers and employees need to trust Bird’s platform.
To protect user information, Bird wanted to establish strong access control for applications so only authorized individuals using company issued and secure devices are allowed access to sensitive information.
“My No. 1 priority is to protect user information and company IP. And, we want to do this in a way that isn’t disruptive to our users.” says Jay Clark, Head of IT Operations and Infrastructure at Bird. According to Clark, phishing and compromised devices are the two biggest security risks Bird faces.
Clark adds all Bird employees use their personal devices for work. IT has little or no control over their devices. There is a significant risk from compromised personal devices accessing company applications.
Furthermore, Bird’s IT infrastructure is entirely cloud-based. They want to continue using cloud-based applications and infrastructure to fuel their growth. As a part of their growth strategy, they prefer security tools that users are familiar with, and are easy to deploy, administer and manage. Furthermore, they wanted to execute a project quickly rather than deploy a tool that requires a lot of user training, education and maintenance.
Clark says he’s had little success securing employee-owned devices with mobile device management (MDM) solutions prior to Bird. Clark notes that users will likely not utilize an MDM tool out of concern of exposing personal information they have on their devices to company admins.
Bird deployed Duo Beyond and was immediately able to consolidate several projects, such as multi-factor authentication (MFA) and MDM, which reduced their overall total cost of ownership by more than 50 percent, Clark says.
Bird uses Duo’s:
- Multi-factor authentication (MFA) to mitigate the risk of compromised passwords and phishing attacks in the organization
- Unified Device Visibility to gather mobile device inventory and assess device risks without using agent-based or intrusive MDM tools
- Adaptive security policies based on user location and device security posture to ensure only known and trusted devices are able to access applications
“Our employees come from several well known organizations that already use Duo. Since Duo was well recognized in our employee base, we purchased and rolled out Duo in less than a week,” Clark says.
On the mobile side, Duo provides a snapshot of all personal and unmanaged mobile devices accessing their environment. Duo’s Unified Device Visibility provides a single pane of glass view into all mobile device platforms and helps them assess the potential security risks associated with each device. Admins are able to identify device vulnerabilities and enforce policies to mitigate risks such as preventing an out of date or jailbroken devices from accessing any applications.
Bird was able to extend a similar security posture to their laptops and desktops. They have hundreds of devices that are managed by JAMF. A device managed by JAMF is considered trusted because they can enforce encryption, add a higher level of password complexity and protect administrative access into the machine. With Duo’s Trusted Endpoints, admins can control access to applications so devices managed by JAMF are allowed access to company applications. If a user tries to use a personal laptop or desktop they are immediately blocked and notified that they need to be on the company managed laptop to access applications.