What is our primary use case?
We were really looking for two-factor authentication to secure our applications. We are basically looking for it to reduce risk.
I am in the retail space at a company with more than 2,500 employees.
It is SaaS. For VPN, we have our on-prem RADIUS servers, and there is an agent on our servers for RDP.
How has it helped my organization?
I definitely had some places where employees had password breaches in other locations, and it saved us there.
It has definitely decreased our security risk.
It does a really good job of helping workers feel safe, secure, supported, and included. In the beginning, it was new to everybody, so there was a little bit of friction with the onboarding. However, after everybody got used to it, they were quickly able to run with it and had very few problems using it. This has definitely been important for us.
Duo has helped us remediate threats more quickly by having one spot to look at. We can see whether a user authenticated it from somewhere or if they were denied a two-factor request.
What is most valuable?
The most valuable feature is just the ease of use. Out-of-the-box, there are so many integrations that are really easy to set up and use in a matter of minutes, depending on what the application is.
It establishes trust with every integration or any sort of application that you are using, whether it is VPNs, Azure AD, or remote desktop.
Duo provides single-pane-of-glass management. This is pretty important, especially if you are trying to respond to a security event. You don't want to look at different places and potentially forget to look at one spot. Now, we can have all our logs in one spot.
The single-pane-of-glass management does a really good job of optimizing the user experience, especially with the updates that they provide. They really take in customer feedback. I have been on several customer feedback panels before, and they do surveys. They are constantly improving the product.
What needs improvement?
They could just continue to add more integrations.
For how long have I used the solution?
I have been using it for about seven years, since 2015.
What do I think about the stability of the solution?
It is pretty stable. They are really proactive. So, if there is an issue with a certain cloud instance or feature, they are proactive. They email you and tell you what is going on, sending updates. Stability-wise, we have hardly had any issues using them. It hasn't affected our production at all.
Maintenance is minimal. There are some agent updates that you need to do every now and then, but for the cloud stuff, that is all taken care of.
What do I think about the scalability of the solution?
It is really scalable. It is easy once you get an application in. You can import users from Active Directory and enroll users really fast.
How are customer service and support?
I have only had to use them a couple of times. Every time, support was pretty easy to use. I would rate them as nine out of 10.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously didn't have any sort of two-factor authentication. We were just looking for more security so people wouldn't be reusing passwords or have data breaches.
Earlier, we had solutions in the cloud and on-prem. So, it just helps having it in one spot. We can make sure any applications that we are using have been secured.
How was the initial setup?
The deployment took two months. We did a proof of concept, which didn't include that time. That time was just for the first application that we did, which was about two months. Then, as we grew into it, we added more applications so time was added as well.
What was our ROI?
We have seen ROI, but I wouldn't know what that metric would be. I don't have an off-hand, hard metric for that. It is for the unseen risk, and how do you measure an unseen risk?
It definitely offers resiliency. If you are managing all your applications in one location, you can lock people out of it. So, it is just a fast way to remediate any sort of security issues. It has been important for reducing all the risk that comes with users having access to internal applications or cloud applications.
What's my experience with pricing, setup cost, and licensing?
It has a fair pricing model. I know they have different tiers, but it would be nice to have different types of licenses for certain groups of users in our organization. That way, we wouldn't have to lump everybody into one group. That would be also one complaint.
Which other solutions did I evaluate?
We did evaluate other options. Since it was so long ago, I can't remember which other ones we looked at, but I do remember they were not as easy to implement.
We chose Duo Security for its ease of implementation and the number of applications that they are integrated with.
What other advice do I have?
Definitely take the end user process or perspective into account when trying to choose something. I feel like that will make or break a product.
We did VPN. Network connectivity was a requirement for VPN. In that regard, it would be easy.
I would rate it as nine out of 10.
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
