Security Challenges in the Industry
Media and entertainment firms are uniquely vulnerable to cybercrime. High-profile products and complex production processes, coupled with the media and entertainment industry’s extensive use of outside vendors, create a broad threat surface that needs to be protected. Media organizations are required to comply with data protection regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes-Oxley Act (SOX). Failure to comply could result in financial penalties.
With all of this in mind, TI Media’s Head of Infrastructure Tsvetomir Dachev was looking for a modern authentication solution that could help his organization reduce their threat surface and maintain their compliance, and could also support their transition to being a cloud-first company while setting the building blocks for a zero-trust security strategy. For TI Media, being cloud-first meant transitioning much of their infrastructure to AWS. AWS provided both the flexibility in cost and development feature functionality required for TI Media’s move up to the cloud.
Being familiar with legacy, hardware-focused authentication solutions, it was critical to Dachev to find a solution that would quickly protect high-profile PCI systems, would help reduce their investment in on-premises infrastructure and would be effortless for administrators and their user community.
Streamlined Solution to Support Infosec Priorities
TI Media had an urgent need to secure several high-profile PCI systems. This prompted them to look into implementing a multi-factor authentication (MFA) solution. According to Dachev, “Duo came to the rescue and allowed us to secure the systems in a quick and efficient way without a huge overhead and the complexity normally associated with PCI remediations.”
Duo’s ability to add strong MFA as a security layer for their remote connections gave the organization the ability to rapidly address a security gap auditors uncovered for their PCI systems. This enabled them to resolve the identified issues with ease and satisfy the auditor requirements.
TI Media views Duo as a critical building block for their overall infosec priorities, supporting their cloud-first strategy and assisting with adopting a zero-trust approach to security. Duo’s relationship with Cisco products provided an easy adoption path to protecting existing Cisco solutions they had already deployed, and also supporting the future adoption of other Cisco security solution products.
TI Media deployed Duo to protect their users, devices and applications, and were able to layer on Cisco’s Umbrella security solutions for web and phishing protection. This defense in depth approach helped them, “implement a streamlined security solution that doesn’t impact users day to day workflows.”
Fast Deployment for Cloud-First Organizations
Through a phased approach, the team at TI Media was able to execute a complete rollout based on application usage; they started with PCI applications; then high-profile cloud applications and user groups, establishing protection on the most critical assets like the AWS Management Console; then expanding to broader business applications like VPN and their cloud-based productivity applications.
Dachev said what was most appealing about Duo was that it was delivered from the cloud and there would be minimal infrastructure investment for his team while supporting their transition to a cloud-first organization. With the deployment, they were able to phase out their legacy authentication system and reduce their infrastructure investment from six dedicated servers to one multi-purpose server.
Duo’s cloud-based service alongside the support TI Media received through the Duo Care program reduced their deployment time by 50 percent. “Past projects would have taken six to nine months with our old solution. With Duo we were able to complete our roll out within three months. The Duo Care team was instrumental in helping us with our implementation from architecture design down to communication with the user base,” said Dachev.
Easily Adopted by Diverse Users
Within the first week, TI Media saw half of their entire user base migrate from their legacy authentication solution to Duo Mobile. After a phased three-month deployment, 93 percent of their users authenticated using the push notifications, while the remaining leveraged other authentication options that Duo supports. Dachev added that now “100 percent of our users are protected by Duo and all our Tier 1 applications have been included as part of Duo’s cloud single sign-on (SSO) offering. This has significantly increased our security and hasn’t disrupted user workflows by providing a streamlined SSO experience. The fact that there are flexible authentication options really contributed to the success of the adoption of this solution.”
A Zero-Trust Approach for the Future
Staying ahead of security threats doesn’t have to keep infosec teams up at night. Dachev shared that “for us, the key advantage has always been Duo’s approach, in terms of how we work together and the partnership we form. We can get on with the work and get things done together, executing the planning, change, implementation and reviews as an ongoing process.”
Through regular touch points with the dedicated Duo Care team that works with TI Media, they have been able to tap into new tools and functionalities Duo offers. They are able to stay at the forefront of implementing security best practices and leveraging tools to improve security awareness and their overall security posture. They have plans to leverage Duo’s ability to protect SSH logins and migrate their remaining applications from their legacy solution to Duo’s modern solution.
Dachev is leading TI Media’s infosec priorities by adopting a zero-trust model to protect the organization and support its cloud-first approach for a modern, diverse workforce. By leveraging the trusted access solutions Duo and Cisco offer, TI Media has peace of mind that they have the best in class protection against cyber threats.