While 95 percent of data breaches last year involved compromised end user credentials, according to the 2015 Verizon Data Breach Report, two-factor authentication is one security solution that can mitigate the risk of a data breach.
But as technology has evolved over time, old two-factor solutions have not - that’s why so many large enterprise organizations are switching from RSA SecurID (notorious for adding friction, cost and complexity) to Duo Security’s two factor solution (much easier to use and lower total cost of ownership).
To explain more about why so many companies have switched over, we hosted a webinar with Ash Devata, our Director of Product and Gary Brinkerhoff, a Corporate Security Analyst from a large North American specialty retailer that made the switch to Duo’s two-factor.
The Big Picture
Ash explained that the majority of organizations made the switch because they feel that RSA SecurID is outdated, and they’re looking for a different two-factor authentication solution that is more relevant.
Security Drivers for Adopting Two-Factor Authentication
In the 1980s-90s, the client-server computing model reigned supreme. RSA SecurID was built for this era. But IT has evolved over the past 20-30 years, which means the threats have evolved, too. Duo’s two-factor was designed to protect a new era.
In the client-server era, compliance was the main reason why organizations adopted security solutions like two-factor authentication, as they needed to fulfill regulations for protecting financial, healthcare, customer cardholder data, etc.
But nowadays, security and risk management are the main drivers that push companies to implement two factor. Data breaches are real and affecting millions of users - and there are real repercussions to the bottom line, reputation, customer loyalty and more.
Protect Everyone and Everything
In the client-server era, securing only a set of privileged employee accounts was enough for security. But in a modern IT environment, every user needs to be protected, as they all have access to web-based applications, allowing for remote access to company data.
In the past, only a few applications needed to be protected. Now, access to dozens to hundreds of applications also needs to be secured. A two-factor solution needs to be scalable so it can be deployed across all apps and employees, since sensitive information is everywhere.
As the number of applications and users increase, shorter deployment times are in demand. Back then, it took months and even years to deploy legacy two-factor authentication solutions. Today, organizations need to be more agile and light, and deployment times must follow. A cloud-based solution can be deployed in just days or weeks.
Securing Bring Your Own Everything (BYOE)
End users are different, too - back in the old days, they were expected to comply with IT’s policies and standards. With the advent of BYOE (Bring Your Own Everything), employees now use their own devices for both work and personal purposes. They don’t want to comply with restrictions - they want to get their job done in the easiest way possible.
Shrinking Costs of Two Factor in the Cloud
When it comes to costs, it used to be very capital-intensive. That means, it took a large investment upfront to get a two-factor solution up and running, requiring the costs of maintaining or hosting your servers at a data center.
But new two-factor solutions have taken on a SaaS (Software as a Service) model, meaning along with low-touch deployment and lower capital investments, your company also pays as you go, per user and on an annual basis.
So why are so many big organizations switching from RSA’s solution to Duo Security’s cloud-based two-factor authentication solution?
RSA SecurID may have worked well for the client-server era, but it’s not working well for the modern IT era.
The Top 5 Reasons for the Switch
#1 - Lower Total Cost of Ownership
The top reason why organizations are making the switch is based on TCO, that is, the total cost of ownership of the two-factor solution. Duo’s TCO is nearly 60 percent lower than that of RSA’s, which organizations have found to be true in four different areas:
As can be seen above, in initial deployment, administrative costs with RSA are much, much higher than Duo’s - Duo accounts for just a tiny fraction (.58 percent). Those costs include management, hardware and host OS licensing costs; high availability hardware and software; backup hardware and software; professional services and the cost of IT administrative time.
Eliminating the need to support any data center infrastructure costs for high availability or backup is one major benefit of using a cloud-based solution like Duo’s two factor. Similarly, cutting hardware, software, and data center costs also brings ongoing administrative maintenance costs down quite a bit. Duo’s patches and upgrades, and support is rolled into one initial price. Duo accounts for only 5 percent of the costs associated with RSA’s ongoing admin maintenance costs.
Using RSA’s token-based SecurID requires a lot of overhead, from buying and licensing tokens for each user, to exorbitant shipping costs and hits to your productivity, end user training and help desk costs. Duo saves you both time and money when it comes to end user deployment costs.
Ongoing maintenance costs also include the cost of replacing lost or damaged RSA tokens, and renewing token licenses. Help desk costs also factor into overall end user maintenance costs, in addition to the lost productivity time per authentication, which can add up over time. If you choose Duo’s phone-based authentication methods, you can effectively eliminate any token support costs and cut down on the time it takes to authenticate.
All of these costs add up, and they can add up even further, if you’re using RSA’s SecurID. RSA also charges companies for additional tools, including administrative, strategy and planning services, server and appliances, remote administration, training videos, API support, and business continuity.
Duo’s pricing is simple and transparent - no hidden costs or additional services you need to tack on past the initial deployment and support costs, which are bundled into our per-user, monthly or annual pricing:
Aside from TCO, Those Other 4 Reasons…
Total cost of ownership is a pretty big reason to make the switch, but there’s many other reasons to consider.
#2 - Easier for End Users
For end users, there’s no training on how to use tokens or 50-page guide to use Duo. Users only have to download Duo’s free mobile app and quickly self-enroll in a few easy steps. Two-factor authentication is one of the few security solutions that involves end user interaction - which, obviously, makes usability crucial to its success.
With RSA’s SecurID, you’re asking a lot from your users, when it comes to using a token. Duo’s context-rich push notifications make it easier on your users, requiring a tap of one button to approve an authentication request. Duo also supports modern devices and functionality, including Apple Touch ID and Apple Watch, so your users can use any of their devices to authenticate.
#3 - Easier to Administer
Duo offers the fastest enterprise-scale deployment of two-factor authentication. In a real case study of a large tech company with 15,000 end users, they replaced their RSA partial deployment with Duo’s solution in just two days - integrating with 12 different applications.
Duo provides a self-service model without any overhead, and we roll out automatic software updates on a two-week cycle, requiring no support from your team. Our unlimited app support means you don’t have to pay for additional integrations.
Everything’s in the cloud with Duo - no need to worry about supporting in-house infrastructure. That saves your administrators time when they deploy Duo.
#4 - Better Security
With Duo, there are no “shared secrets.” SecurID is a one-time password (OTP) two-factor solution. Each user is given a token that is programmed with the network’s shared secret, which is integrated with the date and time to create a OTP.
That’s validated against the authentication server, which also knows the shared secret. The server generates its own OTP, which, if it matches the user’s OTP, the user is granted access. But back in 2011, attackers breached RSA and stole those shared secrets, and used the information to attack Lockheed Martin, a RSA customer.
Duo is designed with asymmetric cryptography to sign and verify communications between Duo’s servers and a user’s smartphone. A private key stays on the mobile device, and is used to sign all authentication responses, while the public key is used to verify the signature on the server side. That means an attacker can’t access your accounts even if they breached our servers. Learn more in RSA-Proofing our Duo Push Two-Factor Authentication.
Additionally, Duo rolls out security updates every two weeks automatically to customers, with no support needed. RSA’s on-premises software is updated and patched only once every six months or so, and requires work from your IT team. An estimated more than half are vulnerable, as they’re not using the latest version of RSA’s solution.
#5 - Duo Does More
Companies are turning to Duo because we do more than just two-factor authentication, offering more security value - we also provide endpoint security and visibility.
Duo’s Device Insight gives you information about your mobile and PC inventory, letting you find devices with outdated Flash or Java plugins, rooted or jailbroken status, or old versions of your mobile devices in your environment. All of this is available without installing any agents or MDM profiles.
Administrators can also create controls, enable policies and enforce them to address specific threats. For example, you can set up a rule to prevent users from a certain location from accessing your financial apps, during a certain timeframe. Or, only let users log into certain apps if they’re on the VPN. Or, block login attempts coming from Tor or other anonymous networks. Learn more about Policy and Controls.
Webinar Speaker Biographies
Ash Devata
Duo Security’s Ash Devata, Director of Product has 15 years of experience in the security and tech industries working at RSA, EMC and Cisco.
Gary Brinkerhoff
Gary Brinkerhoff is a Corporate Security Analyst from a large North American specialty retailer and has 25 years experience in the security industry, working at United Space Alliance, NASA and Exxon.
To hear Gary’s personal story about making the switch from RSA SecurID to Duo’s two-factor solution:
View the Webinar Recording
Or try Duo for free:
Sign Up Free
Two-Factor Authentication Evaluation Guide
Modern two-factor solutions have evolved to support new, complex technology models that change how we use data, including cloud computing and BYOD (Bring Your Own Device).
Download this guide to learn more about the five criteria you should use to evaluate a two-factor authentication solution.
In this guide, you will learn how to evaluate a solution based on:
Security - Does your solution reduce risks, and can it provide visibility into your environment?
Strategic Business Initiatives - Does your solution support cloud, mobile and BYOD initiatives? And can it fulfill compliance?
Total Cost of Ownership (TCO) - Does your solution provide more upfront value, or more hidden costs?
Resources Required - Determine what kind of resources it’ll take to deploy and provision your users.
Download the guide today.