Because trust is central to its mission, Inflection emphasizes security inside its organization.
In the company’s early days, internal corporate applications were secured behind a firewall, and employees used devices locked down with tools like antivirus protection and a host-based firewall.
As the company grew, Inflection took advantage of new tech options, including cloud applications. Despite the efficiencies those applications allow, they posed a significant challenge for the IT team: User identities began to sprawl.
Access management became challenging because IT had to keep up with several user directories to assign and revoke access, monitor and reconcile access privileges, audit and report user access, and more.
Given the constant drumbeat of news about corporate data breaches, IT wanted to strengthen users’ secure access into applications whether on-premises or in the cloud. They knew they had to accommodate an increasingly mobile workforce that wanted applications accessible from anywhere, on any device.
Duo’s secure single sign-on (SSO) let Inflection consolidate user directories and consistently apply multi-factor authentication (MFA) for access into all cloud applications. Duo SSO also provided a flexible and granular policy framework, allowing IT to determine which users and devices should be granted access to applications based on risk.
With Duo, Inflection was able to significantly reduce time required to deploy cloud applications, often by weeks.
Easy Win for Inflection
Inflection started by consolidating user identity sprawl from several directories to a single on-premises directory service. With a single location to manage identities, they reduced time spent on user provisioning, deprovisioning and access audit processes from several days to just hours per quarter.
However, a single identity increases the security risk of end-user credentials getting compromised. To mitigate the security impact of compromised user credentials used for data breaches, IT deployed Duo’s secure SSO with MFA to provide users consistent, secure access into any cloud application.
“Duo’s secure SSO provides us confidence that users can get secure access to cloud applications from any device,” said Matt Muller, Inflection’s Director of Trust & Identity. “We can ensure user productivity while improving our overall security.”
Flexible BYOD Policies
Before Duo, securely deploying new cloud applications' identity and access management took up more and more time. Inflection’s IT and Security teams had to evaluate applications, set access policies, collect logs, and generate reports for compliance, among other tasks.
Even with this careful effort, Inflection experienced the same growing pain that affected all companies with the rise of smartphones: Employees wanted to access applications and data from their own devices.
That left a potential gap in the carefully laid access policies and security controls, which could have left the company exposed to emerging risks like spear phishing and drive-by downloads that can install malware, even with limited user intervention.
Matt quickly realized that Duo’s secure SSO could manage the risk of users accessing cloud applications from any device. Duo's secure SSO lets IT set and enforce security policies based on deep insights gathered from devices. For example, when users access documents stored in Google, IT can check whether the device is running current versions of browsers and Flash. If they detect outdated versions, IT can alert the user to update the device, or block users from accessing cloud applications.
IT enhanced Inflection’s security posture by applying policies based on the risks of each application, with consistent MFA usage and audit trails, while blocking risky devices and logins. A user with admin privileges might only be able to access Salesforce, for example, from a corporate-owned device or trusted network, but could access an application without sensitive data, like Google, from any device (including a personal one).
With flexible policies, IT accelerated the deployment of cloud applications considerably, allowing them to classify applications based on risks, and re-apply application policies when they roll them out to users.
Increased User Productivity
Duo's secure SSO also helps Inflection employees get things done. Inflection users previously needed to enter credentials for multiple applications several times a day. With Duo’s SSO, they can log in just once to gain access to cloud applications from a single dashboard, using their existing credentials and strong MFA.