New Zealand-based Ballance Agri-Nutrients manufactures and distributes a wide range of farming fertilizer products. They also provide farm systems software to help farmers with business management decision-making.
Their primary concern is protecting the integrity of customer data and systems - with information security paramount to ensuring that protection.
Ensuring Security Everywhere
The Ballance corporate family contains multiple divisions, each with different facilities, products and services. The products and facilities range from manufacturing plants to IT environments supporting software.
As a result, there were many unknowns, according to Ballance's Operations Manager Tim Lloyd. Those included a lack of control and visibility over new, remote users with new IT projects. They lacked insight into how these users were logging in, as well as the sharing of user accounts (a major security concern) and credentials.
According to visibility gained through firewall reporting and Office 365, Lloyd's team could see that things were getting riskier for the corporation, and more vulnerable as a result.
Protecting Against User-Centric Threats
Through their Active Directory Federation Services (ADFS), they could see many more login attempts from different global locations, brute-force attacks that were blocked, and an increase in attack attempts, after re-registering domain names.
Protecting the users and making it harder for users to share credentials was the impetus to implement multi-factor authentication (MFA).
Ballance looked to Gartner's Magic Quadrant for who the market leader was for MFA, and took their advice, according to Lloyd. They evaluated and passed up RSA's MFA solution as they had concerns around the ease of implementing and support, key in any product selection.
After a trial of both solutions, they found that Duo was far easier to implement. They needed an adaptable and flexible solution that users were comfortable interacting with, and could also meet security requirements.
Why Did They Choose Duo Beyond?
- They knew that their business would require the ability to create granular policy and controls
- They wanted a product that would help them build their future roadmap and align with it strategically
- They needed to support BYOD by gaining visibility into users and endpoints
- They also wanted the ability to assess their security posture and enforce user group-based policies
Additionally, Duo's ability to be used to protect many different solutions (such as NetScaler, Palo Alto, etc.) was a positive differentiator.
Closing Security Gaps & BYOD Visibility
Ballance started their Duo deployment by rolling it out in one afternoon for their external contractors - the user group identified as the highest risk to the corporation. Then to finance, IT, and lower-risk users.
They were able to identify users that didn't need the amount of privileged access that they had after deployment, and reduce the amount of users accessing systems remotely. They also were able to close user workarounds to accessing systems insecurely.
Duo also allowed them to control user group access based on phone type and BYOD or personally-owned devices for contractors. One key use case included allowing contractors to use different device types (than those required for corporate-issued devices) to log in securely.
"While achieving zero trust may seem unachievable, Duo has given us a huge leg up on our zero-trust journey," said Lloyd.