“I would absolutely recommend Duo Security. Their documentation is killer, their pre-sales support is killer...It’s been a really easy implementation for us, and we’ll continue to use it for our two-factor needs.”
— Perry Straw, Director of Infrastructure and Security
onPeak provides a web application for attendees to book group room reservations, providing the best rates and a simplified interface
Needed an easier, cloud-based two-factor solution that worked with technology they already had - their smartphones
Also needed to meet PCI DSS compliance to process online transactions
Chose Duo to replace Phonefactor; motivated by cost, ease of use and advanced admin capabilities
onPeak’s proprietary web application simplifies the group booking experience, allowing attendees to easily search and find the best rates to book hotel rooms for trade shows, associations and large meetings.
As an online service processing credit card transactions, onPeak is governed by PCI DSS compliance to protect their customers’ information. Their primary goal is to keep this data secure using a simple and effective two-factor authentication solution.
They needed to replace their existing clunky and old-school two-factor solution, Phonefactor, which was acquired by Microsoft while they were using the solution. “It just wasn’t a feel-good purchase for us to go and hand over even more money to Microsoft,” said Perry Straw, onPeak’s Director of Infrastructure and Security.
While initial research brought them to RSA, they found their two-factor solution involved an expensive upfront commitment with required hardware. onPeak was looking for a solution that could utilize their users’ smartphones with already-existing technology.
As a cloud-based service, onPeak was able to easily test out Duo’s solution without much of a commitment - there was no hardware to buy and install. They needed something easy and painless that would also get quickly adopted by their remote IT team that worked odd hours.
They chose Duo Security for the ease of integration with their existing VPN technology, which they were able to research and review with the help of Duo’s white papers and documentation that outlined the steps for several different implementation scenarios.
Duo Security’s pricing model was also a deciding factor. With a very low cost of entry, Duo’s two-factor provided a cost-effective solution that enabled onPeak to use the Duo Mobile smartphone app.
onPeak integrated two-factor authentication with their Cisco ASA VPN and LDAPS infrastructure, leveraging Duo’s Active Directory Sync app to allow for AD authentication. The main goal was to protect their IT workforce comprised of systems, developers, QA and product teams that regularly accessed their networks to write code.
Although they initially started using Duo Security’s phone callback authentication method, Perry eventually switched his entire IT team over to the smartphone app, using push notifications, which proved to be much faster. Plus, the push app shows the originating IP address, as well as a geoIP lookup in order to ensure the user’s identity.
As an administrator, Perry liked that two-factor authentication was a requirement for all administrators that logged into the admin panel. He also leverages Duo Security’s web administration interface to view transaction logs. If a user reports that their VPN or two-factor isn’t working, he can log into the interface, pull up access logs and check out the problem.
Shortly after signing up with Duo, Perry got a call from an engineer to help him through the integration. He had his questions about the technical requirements for onPeak’s Cisco implementation answered as a Duo engineer walked him through the entire process.
“It was one of those few occurrences where it was a positive pre-sales experience with engineering,” said Perry. “Getting those answers immediately really saved me a lot of time implementing in my environment.”
“In this day and age, you always hear about data breaches. No one wants to wind up on a headline somewhere with their customers’ data sitting out on the Internet,” said Perry. “Even if you aren’t required to meet PCI or HIPAA compliance, if you’re a small company and need two-factor, Duo Security’s the way to go.”