On March 1 2017, the NYDFS adopted the 23 NYCRR cyber security regulation. All financial institutions regulated by the NYDFS need to comply with this new regulation. In addition, the IT team at Globe Life needed to meet the PCI-DSS requirements. Meeting these regulatory requirements in a quick time frame meant the security solution needed to be easy to deploy and integrate seamlessly with the applications in their existing environment.
In addition, Globe Life wanted to secure remote access. With a geographically distributed workforce, the network security team wanted to reduce its risk surface by adding a layer of security with multi-factor authentication. The team was looking for a modern solution that would support their journey to a zero-trust network architecture. At the same time the solution needed to be easy to use for end-users and should not create overhead for administrators to manage.
Duo improved Globe Life’s security posture by protecting VPN access for remote workers with multi-factor authentication. In addition, Duo helped Globe Life to easily comply with NYDFS regulation and PCI-DSS requirements by providing multi-factor authentication and granular access controls. The network security team has enabled MFA for all remote access users and for users that need to access PCI Zones.
The network security team at Globe Life chose Duo to replace an incumbent solution because it provided additional capabilities such as adaptive authentication, single sign-on, and delivered a better end-user experience and simpler management for administrators.
Globe Life’s network topology consisted of multiple domains that needed to be protected. Administrators performed an analysis to understand the total-cost-of-ownership (TCO) of onboarding a new solution that would secure applications across all the domains, -- so the overall cost of the solution such as licensing, operating, managing of the solution played a key role in selecting the product. “We have deployed Duo across several domains and the product easily scales to all my users without additional overheads. I am able to save my company up to 30,000 USD a year in licensing costs,” said Network Security Administrator Clint McWilliams.
Delivering the best user experience using a reliable service was another important selection criteria for Globe Life. “We have enabled multiple authentication methods so the users can choose the option that is most convenient for them. Using the Duo Mobile App for approving a push or accessing the soft token is the most popular among our users,” Clint reported. “We have the Duo proxy service set-up in a high availability configuration, which also load balances requests so the users are not stuck waiting for access instead of being productive”.
Enabling Zero-Trust Access for the Global Workforce
The network security team at Globe Life has been working towards a Zero-Trust architecture. With office locations around the world, the team wanted to ensure that only legitimate users with the right privileges can access applications and data. “We have employees working not only from North America but also parts of Europe and Asia. With Duo, I could easily set policies to allow access only from specific countries where the organization has a presence and block access from other parts of the world,” said Clint.
Ease of Administration
Network security administrators manage many solutions, typically from multiple vendors, that make up the security stack in their environment. Ease of managing the security solutions becomes critical to streamline operations. “Duo is one of the easiest tools I manage” said Clint. “With Duo, I just have to login once into the administrator portal and check if all the settings look good. A quick look on the dashboard provides all the information I need. And it's great to have the reports emailed to me so I do not have to login every time. It's basically a set-it-and-forget-it kind of tool that allows me to focus on more strategic activities.”