Day & Zimmermann: Long-Term Usage Case Study + Duo
Day & Zimmermann (D&Z), which specializes in construction, engineering, staffing and defense solutions for governments and leading corporations, has used Duo since 2014. D&Z originally deployed to secure user remote access over Cisco VPN, and Duo now protects many of its systems, including Outlook Web Access, Citrix XenApp, Thycotic, Passwordstate and Windows servers through Remote Desktop Protocol (RDP).
Duo is the most successful end-user facing solution I've ever been involved in deploying.
Business Challenges
As a contractor for the U.S. Department of Defense (DoD), D&Z is required to abide by regulations concerning Controlled Unclassified Information (CUI). Failure to do so would result in the cancellation of D&Z government contracts and the loss of millions of dollars.
Approximately 1,500 D&Z employees travel to work at client sites around the world. Enabling these remotely operating employees to do their jobs while remaining compliant to regulations poses unique challenges.
Technical Challenges
Employees working on U.S. government contracts are required by regulation to complete two-factor authentication (2FA) when accessing CUI. Since CUI may exist on the end user’s machine, the only way to meet this requirement is to perform 2FA at login and unlock. This secures the end user’s machine to access CUI and safely run the applications installed on that machine, or to operate as a safe onramp to the rest of the network.
These regulations are defined within the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and NIST SP 800-171, which mandate “multi-factor authentication for local and network access to privileged accounts.” These rules apply to all organizations that process, store or transmit CUI.
However, D&Z employees can’t always count on internet availability to complete 2FA. They may be temporarily offline (such as on a flight) or restricted from using WiFi at the client site. “It’s also tough to support users getting on to a new, previously unknown WiFi network in a faraway country in order to complete their two-factor authentication,” says Honer.
For D&Z, it is also important to provide a consistent user experience, whether the user is online or offline, working inside the office, from home, or at a remote client site. Otherwise, it would introduce confusion among users and higher support costs for the organization.
The Solution
To support its traveling and remote employees, D&Z is taking advantage of Duo’s offline authentication capabilities. Honer particularly likes the fact that the user experience is exactly the same whether a user is connected or offline. This capability enables D&Z users to seamlessly switch between online and offline environments.
“The ideal situation is a product that supports both online and offline mode transparently to the user. Duo provides this to all our users,” according to Honer.
BELOW IS THE ORIGINAL DAY & ZIMMERMANN CUSTOMER STORY FROM 2015
Highlights
-
Duo Security’s agile two-factor authentication solution was an easy sell to the management team, despite already investing in token-based authentication.
-
Day & Zimmermann chose Duo for its easy enrollment and ease of use across their entire team.
-
D&Z determined that the cost of purchasing, deploying, and integrating Duo with their systems was more cost-effective than continuing forward with the legacy provider they had already invested in.
“It was a very successful deployment. Information provided to support groups and end-users was very clear and well thought out making the registration process a success.” — Phil Long, Director of Enterprise Support and Cybersecurity
The Challenge
Day & Zimmermann (D&Z) is a century-old, family-owned company whose 23,000 employees specialize in construction & engineering, staffing and defense solutions for leading corporations and governments around the world. Operating from more than 150 worldwide locations with 2.5 Billion USD in revenue, Day & Zimmermann is currently ranked as one of the largest private companies in the U.S. by Forbes.
Their focus
Whether it’s running the operations & maintenance at a U.S. power plant or helping to build a new command and control headquarters with sustainable design for the US Air Force, D&Z strives to solve customers’ most complex and technical challenges with dynamic talent, proven industry expertise, and customized outsourcing solutions.
To solve those challenges, D&Z provides customized outsourcing solutions, alleviating their customers’ management and operational load so that they can focus on their core operations. With hundreds of utility, nuclear power and government customers, D&Z knew they needed to find an easy and effective security solution to protect their customers.
Lance Honer, Manager of Cybersecurity at Day & Zimmermann, was tasked with deploying two-factor authentication after he joined the company. His predecessor had started working with a legacy two-factor authentication provider, and had already purchased tokens by the time Lance was hired.
Finding a Better Solution for the Company
Lance became frustrated with the deployment process for the legacy two-factor solution, noting that technical support and documentation were lacking.
In addition to the difficult setup process, the legacy two-factor solution forced users to log into a browser in order to access their VPN, while previously they were used to logging in via the VPN client.
With nearly 1,000 employees using two factor for their Cisco VPN, the change in login behavior would have been disruptive to the company’s workflow.
The legacy solution they purchased didn’t offer the variety of authentication methods Lance needed for his many users’ needs and preferences.
The Solution
Having researched Duo Security in the past, Lance knew the variety of authentication methods Duo offered was a necessary feature for D&Z. Duo’s two-factor authentication solution can be installed on phones as an app using Duo Mobile, and also supports a multitude of additional authentication methods -- Duo Push, SMS, voice and hardware tokens.
Day & Zimmermann chose Duo for its easy enrollment and ease of use across their entire team.
Duo Security’s agile two-factor authentication solution was also an easy sell to the management team, despite already investing in token-based authentication.
They determined that the cost of purchasing, deploying, and integrating Duo with their systems was more cost-effective than continuing forward with the legacy provider.
A Smooth Duo Deployment
The deployment and setup process with Duo went well for D&Z. “I was blown away by how smoothly it went,” said Lance. “For the most part, we haven’t gotten much feedback from our end-users. We haven’t gotten any complaints about using it. It’s not cumbersome or intrusive.”
“It was a very successful deployment,” said Phil Long, Director of Enterprise Support and Cybersecurity for Day & Zimmermann. “The information provided to support groups and end-users was very clear and well thought out making the registration process a success.”
How has it been working with Duo’s two-factor solution to date?
“Overall, it’s been a phenomenal experience from my standpoint,” said Lance.