With nearly 500 consultants spread across as many locations, Clarity Insights needed a way to provide secure access to big data applications running in AWS, Azure and Google Cloud Platform environments while getting insight into which devices are accessing these applications.
The goal was to enable client and consultant laptops to access resources needed to complete work, while maintaining strong security and access policies, including compliance with ISO 27001:2013 and HITRUST regulations. Clarity needed a solution through which it can lock down all devices and establish trusted access that is easier to deploy, use and manage than traditional VPNs, mobile device management (MDM) solutions and endpoint agents.
A traditional VPN was out of the question, because on-premises solutions aren’t in line with the company’s modern approach to IT. Plus, with consultants spread out across the country, VPNs tend to be prone to latency. VPN access in Clarity Insights’ case, is challenging for both the users and admins. For example, for users, the experience can be confusing when they have to remember which application to access from which client. And for admins, it requires more work to set up VPN connections.
“We don’t have on-premises solutions. We want to stay away from them,” says John Bates, Clarity Insights’ Chief Security Information Officer and General Counsel, noting that the consultancy leverages cloud and SaaS-based solutions and a zero-trust security model.
According to Bates, roughly 40 percent of devices accessing Clarity Insights’ clients’ IT systems are corporate-owned and the company had reservations about users leveraging personal machines to access Google applications, which can contain sensitive client data. On corporate-owned and managed devices Clarity Insights has more control.
Meanwhile, using several MDM solutions on personal devices can create an environment where they conflict with each other, meaning Clarity Insights couldn’t have a company agent and a client agent on Mac devices.
This left Clarity Insights seeking a consistent way to enable remote access from trusted laptops and desktops while also getting a handle on the growing fleet of user-owned bring your own device (BYOD) mobile devices that access applications and data both on-premises and in the cloud.
“Because we are BYOD, I can’t control that device, but I can have insight into versions, apps, etc., which is very important for us,” says Eric Kluthe, IT infrastructure and security operations engineer at Clarity Insights.
To secure mobile and remote access and gain visibility into which devices were accessing their applications and data, Clarity Insights deployed Duo's trusted access solution. Now, Clarity Insights’ fleet of laptops, desktops and mobile devices in the field can establish secure and trusted access to critical business apps. And users - the consultants - find security to be enabling, not blocking or limiting. Duo provides an easy way to secure access to applications from trusted devices without the need for a VPN, MDM or endpoint agent.
As an added bonus, Clarity Insights is able to lock down access to the continental U.S. and crafted a custom security policy through which its consultants can request access from outside of the country.
“It gave us greater control in ways we couldn’t imagine. I don’t think a lot of organizations have thought about that,” Kluthe says.
With Duo, Clarity Insights can tie access to an endpoint, which was something they couldn’t find with alternate solutions. For example, Duo supports both Windows and Mac devices and offers the ability to customize access on a per-application basis. And devices are checked based on Clarity Insights’ compliance requirements - if it meets the criterion, access to the application is granted.
“Our consultants are able to do work without issue,” Bates says. “We never see a use case where consultants feel it’s prohibitive. It’s one of the few IT controls that makes life better.”
And from a deployment standpoint, Duo was quick and efficient. Clarity Insights started with a handful of users – roughly 5 percent – for a week and then quickly deployed it to its full cadre of consultants and received few questions along the way.
Single sign-on (SSO) and Trusted Endpoints quickly rose to the top as key features available in Duo, Bates says. The logging in Trusted Endpoint is incredibly helpful, Kluthe says. He can see data on what devices are accessing which applications. It’s a new level of visibility.
And on the mobile side, because Clarity Insights is a BYOD environment they need insight into the security posture of consultants’ personal devices. Duo provides a single pane of glass for visibility and management of Clarity Insights’ mobile device inventory, security policies and the health and trustworthiness of the devices used to access applications. Clarity Insights uses Duo as the source of truth for mobile device security.
“Before this, it was wide open. Phones could do anything unencrypted. It gives us the confidence we’re more secure on mobile. It gives us peace of mind,” Kluthe says.
For Clarity Insights, it’s all about visibility. Whether it’s getting more control over the hundreds of devices consultants are using in the field or getting a handle on its BYOD environment to ensure ISO 27001:2013 and HITRUST compliance, Clarity Insights went from having very little visibility into the devices accessing applications to having tighter control without interfering on consultants’ ability to do to work from myriad locations throughout the U.S.
“We’ve gone from an unknown space to quantifying what we have and what the risk is - and we can button it all up,” Kluthe says.