Client data security is of critical importance to service companies like CSC, especially in light of an industry-wide rise in data breaches from phishing attacks. Two-factor authentication adds a welcome, extra layer of protection over CSC’s data and customer information, said Norman Bower, the company’s Information Security Engineer. “As our IT group has gone to more cloud services, we were sure that we wanted to expand two-factor authentication on our cloud solution,” Norman said. He had no trouble increasing the use of two-factor authentication within the CSC organization. “With all the breaches reported in the news lately, it was a no brainer,” he said.
Still, CSC’s existing two-factor token solution was no longer acceptable in a customer service-driven community. “We had RSA,” said Norman. “But when our CISO polled our users, he’d ask, “Who has their RSA token on them?” And very few people raised their hands. Then he’d say, “Who has their phone on them?” Everyone raised their hands. We needed a better, more approachable solution as we moved to extend our two-factor coverage. Duo was the clear choice.”
With Duo, CSC found it could provide better security and an enhanced user experience. “CSC is all about excellent customer experience, both internal and external, and we needed an improved user experience for our customers,” Norman said. “We found the solution so usable and easy to integrate that we expanded the scope beyond cloud protection to fully replace our existing physical token solution for off-network access.”
CSC uses Duo’s authentication solution to protect access to its employees’ VPNs and OWA accounts. In addition, the CSC sales team logs in securely to the company’s Salesforce database using Duo’s two-factor authentication. Duo’s solution is also integrated with CSC’s Ping DesktopOne solution, LastPass, and Active Directory.
“We’ve tried a few different approaches for our multiple active directory forests,” said Norman. “Since we have an unusual setup, we relied on Duo’s support team and they’ve been there every step of the way. The support has been great.”
In 2014, CSC deployed Duo to 2,000 users in five countries and 41 offices. “The setup was very easy and the web portal is really simple to use as well,” said Norman. CSC’s IT team created step-by-step instructions on their internal wiki for the phone setup and had their user experience team take a short, 15-minute training class on how to use Duo.
And what does Norman think of Duo’s product and his experience so far? “The transition away from RSA has been very simple,” he said. “We’ve actually had people proactively shipping back their tokens. Duo is a great product with great service. That’s hard to come by these days.”
Scott Plichta, CSC’s Chief Information Security Officer, agrees. “How often do you get requests from users for a security product before implementation?” he said. “People were begging to be part of the beta rollout. That was our experience with Duo.”