As the world’s leading travel search engine, KAYAK has over 40 international sites, processing over 1.5 billion travel searches a year. To promote employee productivity and provide flexibility for their users, KAYAK allows their global workforce to work remotely using their own devices.
This presented a few challenges for KAYAK’s security team - including limited visibility into employee-owned laptops and the task of balancing remote access security and user convenience.
"We weren't satisfied with BYOD management technologies, and had no security technologies for differentiating access from KAYAK-owned and employee-owned devices," Steve Myers, KAYAK Head of Security said.
He also wanted to check the security posture of these devices, including the ability to detect out-of-date operating systems. To address these needs, he tried a combination of mobile device management (MDM), network access control, and client certificate solutions.
This proved too complex to manage and didn’t provide enough coverage while migrating to cloud applications. They also wanted a solution that provided device visibility without forcing users to install MDMs or give up control of their device policies.
Using Duo Beyond, KAYAK was able to differentiate between company and personal laptops, gain insight into the security health of every device accessing KAYAK’s applications and provide secure, convenient remote access for KAYAK employees.
Complete BYOD Visibility & Control
“With Duo, we can clearly identify the hundreds of KAYAK-managed laptops, and differentiate them from the other personal devices that our employees are bringing into our environment. We can even track the health of these devices to make sure that operating systems and browsers are up to date,” Steve said.
KAYAK could also enforce BYOD policies that allowed access to critical third-party administrator accounts only via KAYAK-owned laptops. They allowed personal laptops to access regular accounts, as long as their operating systems and browsers were updated to the latest versions.
“We were previously trying to do this through a combination of five other products; the fact that one product can provide this level of granular access control is really awesome,” Steve said.
Simple, Secure Remote Access
To minimize the necessity of using VPN to connect to internal applications, KAYAK gave their users the option to use Duo Network Gateway instead - a more convenient way to securely log into their applications remotely.
They chose a few of the most commonly used critical applications and made them accessible through Duo’s Trusted Access platform. That way, KAYAK can verify the identities of their users and check the security health of their devices before granting them remote access to their applications.
KAYAK is looking forward to deploying Duo’s secure single sign-on (SSO) solution to give their users login consistency and easy access to applications.
“If our end users can expect one consistent experience for everything, they will automatically learn to be suspicious if something looks or feels different. Our end users can help us stay secure by questioning when something doesn’t look or feel like Duo.”
One Solution for Many Security Needs
KAYAK was able to reduce costs and maintenance overhead by consolidating their security needs into one solution - Duo Beyond.
“This is huge for organizations with limited IT resources as Duo has a multiplier effect, it allows one person to do the work of 10,” Steve said.