With a large footprint, Sonic needed to meet the growing challenges of enabling business and workforce mobility, and enhancing agility through access to cloud applications. Sonic wanted to allow this growth without compromising either usability or security.
The company aimed to strengthen security protection for their mission-critical applications and valuable intellectual property. They wanted to enable easy and secure access for all stakeholders, empowering effective collaboration and limiting the attack surface.
Sonic Automotive deployed Duo and was able to reduce the risk of breach and improve productivity at the same time. “We looked at various vendors, but Duo was an easy choice for us. It can help us to achieve our vision of zero-trust security. The deployment was effortless and smooth. We opted for a phased roll-out starting with critical applications and expanding to all the applications and users,” said Jeff Smith, Senior Information Security Engineer, Sonic Automotive.
Sonic was able to roll out Duo with minimal effort and without additional resources or a lot of support calls. Duo gave Sonic a zero-trust security platform - the ability to establish trust in user identities, ensure the trustworthiness of devices and enforce access policies for all of their applications. “We were able to enroll almost 10,000 users in less than two months, using 12,000 access devices with 99 percent successful authentications, accounting for a total of 64,000 authentications daily,” said Smith.
Integration for All Critical Applications
Sonic needed a solution that could easily integrate with its existing infrastructure, consisting of a wide variety of different technology platforms and custom applications. Duo's cloud-based solution meant Duo could be easily layered onto the Sonic’s existing custom web applications. Most of our user population is focused on our business, which is primarily selling and servicing vehicles, and we needed a solution that was easy to enroll and use. We got that from Duo,” said Smith. With flexible policies, IT accelerated the deployment of cloud applications considerably, allowing them to classify applications based on risks and re-apply application policies when they roll them out to users.
Minimizing Risk Exposure
With Duo, Sonic got visibility into all devices connecting to the network externally and the location of the devices. They were able to see a full device inventory through a single pane of glass and enforce policies, such as blocking access to applications from unknown locations or out-of-date risky devices. Sonic was able to check the security posture of the devices accessing their applications and enforce conditional access policies. This, in conjunction with their implementation of multi-factor authentication (MFA), has reduced their attack surface effectively and efficiently.
Improved Productivity with Less Resources
With Duo, Sonic was able to gain deep insight into the details of failed authentication attempts and learn more about the reasons behind the failures. This insight has dramatically reduced the investigation work for the Sonic Information Security Team. Documentation around support is effective and super easy to follow, added Smith.
“The Duo Care team helped us with a customized end-user communication plan and technical resources to guide us through our deployment. We want to adopt a zero-trust security framework, and we started our journey with Duo. It is a long journey, but I know we have a trusted partner to help us get there,” said Smith.