“Utilizing Duo Security highlights to our clients that we care - that we care about their data and we care about the security of their data.”
— Jason Thomas, Chief Information Officer (CIO)
Cole, Scott & Kissane (CSK) is a civil defense firm specializing in insurance defense
They needed to protect their clients’ sensitive data and meet HIPAA compliance
Chose Duo for its cloud-friendliness and ease of use for both admins and users
CSK used Duo’s Device Insight to support its BYOD policy and gain visibility into user behavior and device health
Cole, Scott & Kissane (CSK) is a civil defense firm that specializes in insurance defense. They believe there is no substitute for thorough research, preparation and management of information. They encourage innovative ideas and perspectives, which help them approach services for their clients more creatively. Due to the sensitive nature of their clients’ data and to meet compliance requirements, such as HIPAA, they are always seeking the best ways to secure their data.
The team at CSK highly values their security program, with a strategy that focuses on defense-in-depth technologies and ensuring real-time security event monitoring. As a proactive organization, they explored additional avenues to mature their security program. They knew that passwords were the weakest link in their environment and two-factor authentication was a great way to mitigate the risks associated with credential theft.
CSK spans eleven offices and employs over 800 staff members. Their user population is skittish around any new technology that could impact their daily lives. Because of this, they wanted to avoid selecting a security technology that would require extensive training or potentially cause user hardships.
Upper management at CSK was fully on board with finding a solution. Their leadership team is very in tune with the current state of cyber threats and how these threats could cause harm to the firm. They also wanted a technology that had limited user impact.
CSK took a brief look at RSA, the obvious player in the industry. What attracted them to Duo Security was not needing to deploy any infrastructure inside the building. Being a cloud-friendly firm, they valued the cloud-based nature of the product. They just needed to install a mobile app and were ready to go.
Their deployment started with a small IT test group. They quickly found out it was easy to install, use and understand. It was then successfully deployed to a small group of attorneys. Again, they found it easy to use. From there, CSK rolled it out fairly quickly across their entire firm.
“The push feature is really easy to use and understand. With Duo, it was literally a one-pager on how to use it and as soon as people installed it and got it going, they understood the system and were off to the races,” said Jason. CSK felt the implementation was probably one of the easiest that they’ve ever encountered.
CSK administrators like the limited amount of administrative issues and how hands-off maintaining the solutions is. In addition, they deal with very minimal support issues associated with Duo’s solution.
“The nice thing about Duo is, if we decide to move to other systems, it integrates with pretty much any platform we are looking at.”
CSK has a Bring Your Own Device (BYOD) policy. Employees are allowed to use their own phones and mobile devices to access email as well as for remote access.
CSK was able to understand user behavior and how users are accessing their systems remotely with Duo’s reporting feature. With Device Insight, CSK was able to get an overview of the security health of the devices accessing their applications.
Having all that information within one click, and then having the ability to drill down allows them to nudge the user. “Hey, you know your phone’s out of date. It’s probably time to update;” or if their phone is jailbroken, telling the user, “Hey, we don’t allow your jailbroken phone to access our applications.”
“I would definitely recommend Duo...absolutely the best solution on the market.”