The Punter Southall Group has a highly mobile workforce, many of whom work flexibly from home, including a number of financial advisors using a remote VPN to access corporate data and applications. The business also has offices in eleven different locations around the British Isles, needing to communicate data back and forth with head office and the other companies in the Group.
Richard had prior experience of working with older, first-generation on-premise authentication solutions and was very clear about his requirements when the time came to choose a solution for the company. “I wanted a cloud-based, hosted two-factor authentication service that was flexible enough to offer an array of different authentication methods like SMS passcode, phone call backs, traditional hardware tokens and - although we didn’t realise it at the time, we particularly like Duo’s smart phone app approach to authentication. We wanted a simple solution from an established vendor, which was compliant with Remote Authentication Dial-In User Service (RADIUS) to ensure we weren’t locked into one vendor.”
The decision to seek out a cloud-based solution was driven by the desire to offload the management and maintenance of the system to the service provider. Another prerequisite was the need to have the widest API support to ensure the solution could support the range of third party and in-house solutions in use in the business and manage the onerous task of keeping the system constantly up to date with the latest patches and upgrades without involving any work on their behalf.
“After testing a couple of options, Duo stood out like a Rolls Royce in comparison to a Mini,” says Gough. “It’s a standout product that has the wow factor and - as someone with ten years’ experience of working with dual factor authentication - I knew instantly that I need look no further.”
Along with the obvious benefits of using a cloud platform, such as speed of implementation, lower costs; both in terms of resource and hardware; and the reduced cost of not managing hardware tokens, the clear benefit for the Punter Southall Group was the simplicity of the solution from the user perspective. “One aspect that was particularly impressive was the fact that users were able to enroll themselves on the system with very little support from IT. In fact the whole process from initial contact with Duo, evaluation, selection, to delivery and implementation took less than three months and the roll out was completed in just one week,” enthuses Gough.
“From a support standpoint, the experience has been 100 per cent positive, we’ve had no issues whatsoever,” states Gough. The solution is being used on smart phones, tablets, PCs and Macs. The only challenge they encountered along the way were two employees who didn’t have a smart phone or a phone in their home, which meant that they had to be given a phone to receive a call back as the second method of authentication.
“In the financial sector in which we work, security is of paramount importance and non-negotiable,” says Gough. “It’s a prerequisite by both regulators and to meet our own corporate governance, as well as complying with best industry practice as stipulated by ISO 27001. Security is a differentiator for our business and being open and auditable is key to our very existence.”
He readily admits that in the past he has had painful experiences in deploying two-factor authentication, but declares his experience with Duo to be completely hassle-free, with universal acceptance by both employees, management and the IT support team. As a final thought Gough adds, “Duo’s cloud-based technology was like a smart phone compared to an on premise solution as an old analogue phone - the two are simply worlds apart in simplicity, cost effectiveness and efficiency.”