“We chose to implement Duo Beyond because it aligns with our own vision of zero-trust security. When integrated with Sophos Mobile control, it helps us securely and confidently provide mobile access to our employees, and provides additional visibility into all assets that are accessing corporate resources.”
— Ross McKerchar, Chief Information Security Officer (CISO)
As a global enterprise, Sophos had a complex mix of SaaS cloud and on-premises applications
With even more complicated access security with VPNs, ADFS, endpoint certs & RSA tokens
With Duo Beyond and Sophos Mobile, Sophos simplified and enabled mobility and BYOD for 3000+ employees & 7000+ devices
Now they rarely use a VPN for application access - a huge win for users and security
Sophos needed to meet the growing challenges of enabling world-wide workforce mobility and enhancing agility through access to cloud applications. To accomplish this, Sophos initiated a global digital transformation to enable its employees to securely work from anywhere, using any device they chose.
As a security technology company that protects company, customer and partner data, information security is a core element of its IT environment. It was important that the solution would extend the mobile protection available through their Sophos Mobile Device Management solution, deployed on every employee’s device.
Like most global companies, Sophos has a complex environment with a mix of software as a service (SaaS) apps (such as Office 365, Salesforce and Amazon Web Services) and on-premises applications accessed through virtual private networks (VPN) and Secure Shell (SSH).
In their bring your own device (BYOD) strategy, they wanted to provide full access to applications from managed devices provided by the organization and allow limited access from unmanaged personal devices.
Sophos had previously implemented an access security system by combining various technologies such as RSA tokens, VPN, endpoint certificates and ADFS-based federation. However, given the system’s cost and complexity, Sophos had to limit BYOD privileges to fewer than 200 of their 3000+ employees, and the only access granted was to internal applications over VPN, using RSA tokens for MFA. This model could not meet their growing business needs.
Sophos deployed Duo Beyond in combination with Sophos Mobile’s endpoint management for its users and partners. This gives Sophos a zero-trust security platform -- the ability to establish trust in user identities, ensure the trustworthiness of devices, and enforce access policies for all of their applications.
“We chose to implement Duo Beyond because it aligns with our own vision of zero-trust security. When integrated with Sophos Mobile control, it helps us securely and confidently provide mobile access to our employees, and provides additional visibility into all assets that are accessing corporate resources.” - Ross McKerchar, Chief Information Security Officer, Sophos
Sophos uses Duo’s Device Insight to check if a mobile, Windows or Mac device is trusted before a user is allowed to access a protected application from that device. For Sophos, part of that trust comes from whether the device is managed through Sophos Mobile’s endpoint management. If so, Duo allows access to sensitive applications. If not, access is more restricted.
Before Duo, fewer than 200 employees had been set up for BYOD. Duo Beyond, integrated with Sophos Mobile, enabled Sophos to confidently expand mobile access privileges to all of their 3000+ employees with 7000+ devices, whether BYOD or company-provided.
Before Duo Beyond, every employee who wanted BYOD access had to interact with the service desk up to three separate times, once for each enrolled device. Now, using Duo’s self-enrollment tools, no help desk involvement is necessary. Moving to Duo Beyond also enabled Sophos to accelerate the decommissioning of their RSA investment.
In the past, any issues with the VPN resulted in waves of help desk tickets from users who could not access applications like email or Salesforce.com. With Duo Beyond protecting application access, Sophos has dramatically scaled back their dependence on VPN.
“Duo helps us to have strong authentication across the enterprise in a low-friction manner,” said McKerchar. Using a VPN to access applications is now “a rare event” at Sophos, delivering “a huge win both for users and for security.”
Sophos is a leader in next-generation endpoint and network security. As the pioneer of synchronized security Sophos develops its innovative portfolio of endpoint, network, encryption, web, email and mobile security solutions to work better together. More than 100 million users in 150 countries rely on Sophos solutions as the best protection against sophisticated threats and data loss. Sophos products are exclusively available through a global channel of more than 39,000 registered partners.