For thousands of companies born in the cloud and SaaS era, bring your own device (BYOD) is just part of doing business. Employees want the flexibility and freedom to use their personal mobile devices to access corporate applications to work from any location. Zenefits is no exception. Zenefits employees —like its customers— want access to company applications with their personal mobile devices.
This creates a dilemma: how do you give employees flexibility to access corporate assets from any device while ensuring data is secure and only authorized users are accessing applications? For Zenefits, their crown jewels are personal identifiable information (PII) and protected healthcare information (PHI), which need to be secured and protected. As a company that works with PII and PHI, Zenefits is required to meet and keep up to date on HIPAA and SOC2 compliance requirements.
When it comes to mobile devices, Zenefits is 100 percent BYOD. Using a mobile device for work is not a requirement, but it’s not discouraged either. So if an employee chooses to use their device for work, Zenefits wants to ensure company data in Google, Slack, Box and their other enterprise applications is protected.
Enter Duo Beyond, which Zenefits deployed to its employees. Zenefits uses Duo to check if a device is trusted before a user is allowed to access an application from that device.
“Duo is always checking the state of the device,” said Dan Regan, Zenefits cloud security engineer. Zenefits can set mobile policies to define and only grant access when devices meet those specific definitions. For example, Zenefits checks for OS version and browser plugins, strong passcode, and encryption to determine if a device can access applications.
An Alternative to Traditional MDM
Duo’s ease of use, transparency and convenience enable users to install Duo on their personal devices without worrying about privacy. Because of Duo’s “light touch” users don’t feel intrusions and admins don’t have to wrestle with the management headaches inherent with traditional mobile device management (MDM) solutions. That’s what lead Zenefits to select Duo Beyond as an alternative to traditional MDM.
A Trusted Device Model
With Duo, Zenefits is able to attest that only trusted devices are able to access corporate applications and data. Duo checks for untrusted devices in their environment every time a user tries to authenticate to a protected application. If at any point, the state of the device changes or a user gets a new device, Duo checks for the device state and blocks the device from accessing the application if the device doesn’t meet the defined corporate security requirements.
Using a trusted device model delivered by Duo Beyond gives Zenefits the power to only grant access to employee devices that meet their trust standards, and restrict access to those that do not. It’s a turnaround on the traditional perimeter security model and is instead based on a zero-trust approach. Regan summed it up this way: “Duo Beyond creates an invisible and open gate that authorized users with trusted devices never have to see, the gate only materializes and closes when the device trust standards are not met.”