“Our employees come from several well known organizations that already use Duo. Since Duo was well recognized in our employee base, we purchased and rolled out Duo in less than a week.”
— Jay Clark, Head of IT Operations and Infrastructure
Bird offers a mobile app allowing users to sign up and check out electric scooters available near them
They needed to protect sensitive information, such as customer data, intellectual property, business plans and more
Bird uses Duo's multi-factor authentication, Unified Device Visibility and adaptive security polices to ensure secure access to data
They were able to consolidate several security products with Duo, reducing total cost of ownership by more than 50 percent
Bird is an electric scooter company based in Santa Monica, Calif. Users can rent self-ride scooters starting at $1. Bird works with cities to make last mile transportation convenient and more environmentally friendly. Bird operates in more than 40 cities around the world, and expects to add several more by the end of the year. Bird was founded in 2017, and grew rapidly to 300 employees. They expect to continue their growth trajectory and expect to reach 1,000 employees by the of 2018.
Bird offers a mobile app allowing users to sign up and check out scooters available near them. Since its inception, Bird has added millions of users to its platform, and plan to add millions more in the next couple of years. One of their challenges is to protect sensitive customer information such as names, email addresses, phone numbers and financial information such as credit card data. In addition, with several similar product clones in the market, Bird wanted to ensure proprietary information such as intellectual property (IP), growth plans and business and vehicle strategies is secure from attackers. To be successful, Bird’s customers and employees need to trust Bird’s platform.
To protect user information, Bird wanted to establish strong access control for applications so only authorized individuals using company issued and secure devices are allowed access to sensitive information.
“My No. 1 priority is to protect user information and company IP. And, we want to do this in a way that isn’t disruptive to our users.” says Jay Clark, Head of IT Operations and Infrastructure at Bird. According to Clark, phishing and compromised devices are the two biggest security risks Bird faces.
Clark adds all Bird employees use their personal devices for work. IT has little or no control over their devices. There is a significant risk from compromised personal devices accessing company applications.
Furthermore, Bird’s IT infrastructure is entirely cloud-based. They want to continue using cloud-based applications and infrastructure to fuel their growth. As a part of their growth strategy, they prefer security tools that users are familiar with, and are easy to deploy, administer and manage. Furthermore, they wanted to execute a project quickly rather than deploy a tool that requires a lot of user training, education and maintenance.
Clark says he’s had little success securing employee-owned devices with mobile device management (MDM) solutions prior to Bird. Clark notes that users will likely not utilize an MDM tool out of concern of exposing personal information they have on their devices to company admins.
Bird deployed Duo Beyond and was immediately able to consolidate several projects, such as multi-factor authentication (MFA) and MDM, which reduced their overall total cost of ownership by more than 50 percent, Clark says.
Bird uses Duo’s:
“Our employees come from several well known organizations that already use Duo. Since Duo was well recognized in our employee base, we purchased and rolled out Duo in less than a week,” Clark says.
On the mobile side, Duo provides a snapshot of all personal and unmanaged mobile devices accessing their environment. Duo’s Unified Device Visibility provides a single pane of glass view into all mobile device platforms and helps them assess the potential security risks associated with each device. Admins are able to identify device vulnerabilities and enforce policies to mitigate risks such as preventing an out of date or jailbroken devices from accessing any applications.
Bird was able to extend a similar security posture to their laptops and desktops. They have hundreds of devices that are managed by JAMF. A device managed by JAMF is considered trusted because they can enforce encryption, add a higher level of password complexity and protect administrative access into the machine. With Duo’s Trusted Endpoints, admins can control access to applications so devices managed by JAMF are allowed access to company applications. If a user tries to use a personal laptop or desktop they are immediately blocked and notified that they need to be on the company managed laptop to access applications.