Skip navigation

Duo Security is now a part of Cisco

About Cisco

Sophos

“We chose to implement Duo Beyond because it aligns with our own vision of zero-trust security. When integrated with Sophos Mobile control, it helps us securely and confidently provide mobile access to our employees, and provides additional visibility into all assets that are accessing corporate resources.”
— Ross McKerchar, Chief Information Security Officer (CISO)

Highlights

As a global enterprise, Sophos had a complex mix of SaaS cloud and on-premises applications

With even more complicated access security with VPNs, ADFS, endpoint certs & RSA tokens

With Duo Beyond and Sophos Mobile, Sophos simplified and enabled mobility and BYOD for 3000+ employees & 7000+ devices

Now they rarely use a VPN for application access - a huge win for users and security

The Challenge

Business Challenges:

Sophos needed to meet the growing challenges of enabling world-wide workforce mobility and enhancing agility through access to cloud applications. To accomplish this, Sophos initiated a global digital transformation to enable its employees to securely work from anywhere, using any device they chose.

As a security technology company that protects company, customer and partner data, information security is a core element of its IT environment. It was important that the solution would extend the mobile protection available through their Sophos Mobile Device Management solution, deployed on every employee’s device.

Technical Challenges:

Like most global companies, Sophos has a complex environment with a mix of software as a service (SaaS) apps (such as Office 365, Salesforce and Amazon Web Services) and on-premises applications accessed through virtual private networks (VPN) and Secure Shell (SSH).

In their bring your own device (BYOD) strategy, they wanted to provide full access to applications from managed devices provided by the organization and allow limited access from unmanaged personal devices.

Sophos had previously implemented an access security system by combining various technologies such as RSA tokens, VPN, endpoint certificates and ADFS-based federation. However, given the system’s cost and complexity, Sophos had to limit BYOD privileges to fewer than 200 of their 3000+ employees, and the only access granted was to internal applications over VPN, using RSA tokens for MFA. This model could not meet their growing business needs.

The Solution

Sophos deployed Duo Beyond in combination with Sophos Mobile’s endpoint management for its users and partners. This gives Sophos a zero-trust security platform -- the ability to establish trust in user identities, ensure the trustworthiness of devices, and enforce access policies for all of their applications.

“We chose to implement Duo Beyond because it aligns with our own vision of zero-trust security. When integrated with Sophos Mobile control, it helps us securely and confidently provide mobile access to our employees, and provides additional visibility into all assets that are accessing corporate resources.” - Ross McKerchar, Chief Information Security Officer, Sophos

Sophos uses Duo’s Device Insight to check if a mobile, Windows or Mac device is trusted before a user is allowed to access a protected application from that device. For Sophos, part of that trust comes from whether the device is managed through Sophos Mobile’s endpoint management. If so, Duo allows access to sensitive applications. If not, access is more restricted.

The Results

Fearless and Painless BYOD

Before Duo, fewer than 200 employees had been set up for BYOD. Duo Beyond, integrated with Sophos Mobile, enabled Sophos to confidently expand mobile access privileges to all of their 3000+ employees with 7000+ devices, whether BYOD or company-provided.

Simplification and Cost Reduction

Before Duo Beyond, every employee who wanted BYOD access had to interact with the service desk up to three separate times, once for each enrolled device. Now, using Duo’s self-enrollment tools, no help desk involvement is necessary. Moving to Duo Beyond also enabled Sophos to accelerate the decommissioning of their RSA investment.

Streamlined Access With Perimeter-Less Security

In the past, any issues with the VPN resulted in waves of help desk tickets from users who could not access applications like email or Salesforce.com. With Duo Beyond protecting application access, Sophos has dramatically scaled back their dependence on VPN.

“Duo helps us to have strong authentication across the enterprise in a low-friction manner,” said McKerchar. Using a VPN to access applications is now “a rare event” at Sophos, delivering “a huge win both for users and for security.”

About Sophos

Sophos is a leader in next-generation endpoint and network security. As the pioneer of synchronized security Sophos develops its innovative portfolio of endpoint, network, encryption, web, email and mobile security solutions to work better together. More than 100 million users in 150 countries rely on Sophos solutions as the best protection against sophisticated threats and data loss. Sophos products are exclusively available through a global channel of more than 39,000 registered partners.

Ready to Get Started?

Try out Duo Access for 30 days for the complete Unified Access Security experience.