Tanium maintains a team of IT and security professionals that are responsible for managing Tanium’s own internal devices. This team is constantly balancing corporate security initiatives with providing a seamless and productive experience for their employees.
“At Tanium, we use our own Core Platform to provide visibility and control over internal devices my teams manage – ensuring our employees’ devices are secure and performant. However, we had no way to ensure that specific applications could be accessed only from approved devices without expending considerable effort or incurring significant costs,” David Damato, Tanium Chief Security Officer said.
Previously, Tanium consolidated access logs from various corporate applications to paint a complete picture of their access security posture, but this required custom collectors to gather information, plus significant costs associated with storage of centralized data, resources to review logs, and additional licenses for their cloud applications in order to obtain the proper logging levels.
“We did not want to pay for multiple, disparate add-on licenses for each individual application just to find out who was accessing them. We needed an easier and more effective way to get this information and actually enforce access where required,” David continued, “Tanium has a balanced workforce of remote and local users that rely on a growing list of cloud applications; this prevented us from relying on network access control (NAC) or cloud access security broker (CASB) solutions, both of which solved only part of our challenge and introduced security and performance concerns.”
With Duo Beyond, Tanium was able to easily differentiate between Tanium-managed devices and unapproved devices. They were also able to consolidate access information into a single security platform.
Best of all, Tanium’s security team was able to deploy Duo certificates and start differentiating between corporate and personal devices in minutes.
Visibility and Control over BYOD
Tanium requires visibility into access logs for all of its applications and the ability to ensure that users access only certain applications from Tanium-managed devices. They have already identified a few select workloads that would require a higher level of device trust.
David expanded, “We plan to use Duo’s Trusted Endpoints feature to monitor for a device certificate each time access is requested for any application, so that we can better understand our users’ requirements. For more sensitive applications like email, CRM, and ERP, we can ensure user access is initiated from a Tanium-managed device with a Duo certificate. This significantly increases the confidence and flexibility we have in our BYOD strategy and security posture, on an application and user level.”
Addressing Compliance Requirements
The Tanium security team takes asset management and access controls seriously, as they seek to be ISO 27001 certified in the future. Using Duo Beyond alongside the existing asset management capabilities provided by the Tanium Core Platform, the security team has positioned itself to add certificate-based asset tracking that will help the team satisfy current requirements for ISO certification and future regulatory requirements, such as SOX.
A Seamless Security Partnership
With Duo Beyond, Tanium has been able to consolidate multiple security requirements into one platform. This allows them to maintain a simple experience for employees, while improving their overall BYOD security posture.
“This partnership has been a success for my team and for Tanium’s internal users. Our IT and security teams are exceptionally happy with our Duo deployment and the flexibility it provides. The deployment was invisible and undisruptive to our employees,” David concluded.
DISCLAIMER: This case study is not an endorsement of Duo Security's products or services by Tanium and each organization should perform its own research to determine whether Duo Security's products or services are sufficient for its purposes.