True Religion is a premium denim brand based in California. As a retail company with an extensive online store, True Religion needed to employ two-factor authentication in order to comply with PCI DSS standards that regulate the information security of customer payment data.
Small security team, major compliance needs
With only one employee focused primarily on security at True Religion, the brand needed a lightweight, cloud-based two-factor solution that didn’t require another server to manage.
In addition, they needed their two-factor to integrate seamlessly with Microsoft Active Directory. They were also seeking a solution that was both easy to manage and deploy for an administrator, and user-friendly for their employees.
Balancing their administrator and users’ different needs with a secure, effective and trustworthy provider and solution proved challenging.
In search of a two-factor provider who would solve their compliance needs, True Religion was looking for a flexible solution for all of their users -- those with company-owned smartphones, those who needed hardware tokens, and users based in their international offices in China, Switzerland, and the United Kingdom.
Solving PCI DSS gaps quickly
True Religion needed a two-factor authentication solution that could quickly satisfy their compliance needs. After briefly assessing other two-factor vendors, True Religion trusted Duo Security with their access security and PCI DSS needs.
“Once I saw that Duo could easily integrate with our VPN services and several cloud applications that we use, the decision was easy,” said John Kennedy, Senior Network Engineer at True Religion.
Quick deployment and easy management
Duo provided a quick time-to-security solution, meaning True Religion was able to configure a trial in a matter of minutes and rolled out two-factor solution to his IT team that same day. Kennedy confirms that his team was immediately “very, very comfortable using Duo.”
Kennedy was able to deploy and implement Duo’s two-factor solution throughout his global organization in two weeks, but insists that the process could have gone a lot quicker, if his users had self-enrolled immediately.
True Religion is protecting their finance teams, design, retail operations: district and regional managers, as well as any users that need to access corporate data remotely via their Cisco VPN.
Part of the reason the deployment process was so quick was due to the extensive documentation Duo offers on their website and through the administrative dashboard. “The documentation that Duo has on the site for each integration is pretty awesome,” Kennedy said.
As a cloud-based solution, Duo’s two factor requires no extra servers, hardware or software to purchase, install and configure. Duo’s free authentication app, Duo Mobile, can be quickly downloaded by users. With automatic software updates and patch management handled by Duo’s team, True Religion doesn’t need to employ an entire full-time security team to manage their two-factor solution.
In the end, Kennedy says, “I’m really really happy with Duo overall.”