Duo Security: the company you need to protect your Mobile users

If you read my last post about how I integrated Redis, PostgreSQL and Neo4j, you should have noted that I use CentOS with SELinux activated in all my servers, because I know the costs behind a massive data theft, and all we have learnt this in a hard way.

If you are in tech, you should remember the hacks at Target, Sony Entertainment, Home Depot; the recently discovered vulnerabilities like VENOM, FREAK and the Logjam bug; or the news from Google shutting down its Chrome platform;

or the news about the massive security risks in Lenovo’s PCs; or the three vulnerabilities discovered in Internet Explorer and the Trapwot Marlware by Palo Alto Networks’s Unit 42 Threat Intelligence team (BTW: incredible newsletter focused in Security alerts) and the list grows exponentially with time.

It´s not just in U.S; in the APAC region, the cyber battle is ruthless too. FireEye released an amazing research report in April describing how a cyber threat group (they called APT30) exploited governments and commercial entities across Southeast Asia and India for almost a decade, and more recently they worked with Microsoft in a new report, where they exposed a new Obfuscation tactic used on Microsoft TechNet, where they determinated that APT17, a China-based advanced persistent threat group was behind the attempt. This battle is getting more serious every second in every corner of the world, and there is one particular area where attacks are more sophisticated and common: targeting Mobile users and apps.

If you are one of my loyal readers, you should know that I’m a Statistics fan, and precisely, the numbers about Cybersecurity in the well known Mary Meeker´s 2015 Internet Trends Report are simply shocking (Slides 88 and 89):

And there are many companies which are Mobile-First companies that are vulnerable to all this. But, my friend, still there are people out there which is working very hard to help you to secure your Mobile apps.

FireEye for example, made a strategic partnership with Samsung Knox to protect Galaxy S6 users, based in their mobile threat protection products; already I’ve talked about Lookout and Palo Alto Networks, Red Hat’s approach to make the best Enterprise Linux distribution with a big thinking in security, OpenDNS with its Umbrella platform for protecting user from many forms of attacks in your corporate network, and more vendors.

But, I will talk here about a new competitor in the space which is redefining how Mobile-First companies like Facebook, Uber, Etsy, are securing their respective apps with Two-Factor Authentication (2FA), and it seems they are doing a very good job on it, because every day, many organizations are more interested in the services they provide. Surprisingly for me, they are not based in California, their HQs are in Ann Arbor, Michigan and its name is: Duo.

Why Duo?

But you should wonder to yourself this question, if there are a lot of companies doing this. There is a particular word that describes this perfectly: Simplicity. Like I said before, the services that Duo provides are simple, secure and affordable two-factor authentication methods for many kinds of businesses and organizations. In less of 15 minutes, you could deploy a 2FA solution for your web server, for your Mobile apps and more.

But, how they do this? They have a cloud-based authentication service you could easily integrate to your system, depending of the case. If you are a Mobile app developer, you can use Duo Mobile and Duo Push for it.

The first on is focused in a SDK ready to use with iOS and Android apps to make Mobile logins fast and easy; and the second one is focused in the chance to use Push notifications to your Mobile apps users to improve authentication process. You should note that usability plays a key role here, and Duo’s team knows this issue very well, so they have worked very hard to make 2FA experience easily and without restrictions.

This simple but powerful approach by Duo is the main reason why more and more organizations are interested to implement and use their services every day. One great example of this is Facebook, which has more than 1.4 Billion of user personal data to protect, and they trust in Duo to make their security approach not just agile and fast, but powerful too.

You can read the entire use case in their whitepaper. John “Four” Flynn (former Information Security Manager at Facebook, now working at Uber as Chief Information Security Officer) said:

“Facebook is a very fast-paced environment and we needed technologies that would allow to maintain that pace. Because of the ease of use of Duo Security and Yubico authentication technologies, we have seen minimal support and overhead costs. Other technologies, such as traditional OTP-based hardware tokens, smart cards, and biometrics didn’t fully support our need to allow multiple and rapid logins to SSH sessions.”

If you want to see more about how Facebook uses Duo and Yubico for their security, you must see the video presentation that a Facebook’s team gave at Purdue University called: Protecting a billion identities without losing (much) sleep.

I encourage you to see it, because after that, you will want to make contracts with Duo thinking in your security too.

Another great example is Eventbrite, where they chose Duo’s services to satisfy PCI DSS compliance and for remote SSH logins for its production servers. Paul Pieralde, Principal Product Security Engineer at Eventbrite said about Duo:

Like all great security products — they should silently fall away into the background. You shouldn’t ever see a good security product, and that’s what we see with Duo.

Like a proud Linux user, I’ve had to deal myself with the problems that carry remote SSH logins to productions servers; for that reason, I’m more interested in Duo’s services for Unix servers. You can check out all documentation about it here.

Potential clients for Duo’s services

Like I always do when I talk about any company, I give tips to them for free, because I see the power of its services can be the skyrocket to gather new clients, and Duo is not an exception of this rule.

So, I let here some companies from different industries and verticals (in this case: Personal Finance, Mobile ecommerce, Transportation and Entertainment) that could be clients of Duo:

Wealthfront | A Data-Driven Guy

The company is in an amazing position today, and they are paranoiac with the security of its assets (2 Billion right now), but they are focused in the good design and good user experience; because this is good business too.

Recently, they hired to @katearonowitz like VP of Design, so this is important for them; and when you see that all they are focused in innovation, Duo could be part of it, and like they are beting hard to make beautiful and useful Mobile apps, particularly iOS-based apps; with the Duo Mobile app and with the SDK focused in iOS, they could raise the bar in the Wealth Management industry with simple but strongly secure apps. The person to contact there: Adam Nash, CEO

Flikart | A Data-Driven Guy

Like many people call it: “The Amazon of India”, has million of users which need protection too, and they are in a very complicated country according to recent studies about Cybersecurity, where phishing and card scams are everywhere. Using 2FA services provided by Duo, they could grow steadily thinking seriously in the protection of its users, without compromise user experience.

Flipkart could be a very good bet for Duo, because it’s one of the most recognized Mobile ecommerce companies in the Asian region, and it has a strong presence in the Venture Capital world with the recent investment from Accel Partners, Tiger Global Management, Digital Sky Technologies and more; which could be a very good example to use for other companies in their portfolio.

So, if Duo could make a deal with Flipkart; this could become in big hit for it. Person to contact: Sachin Bansal, CEO

GrabTaxi | A Data-Driven Guy

This is another company which have changed the transportation business in Asia, particularly in the Southeast region, and its more than 620,000 Monthly Active Users and more than 60,000 registered taxi drivers who want to be protected too. Grabtaxi is expanding rapidly in the region, and with its recent fund raising (Series D) by Softbank; they have enough cash to spend for good of its users; and security could be a very good point to revamp for the company. Its HQs is in Malaysia, and its CEO is Anthony Tan.

iflix | A Data-Driven Guy

it’s called the Netflix of Asia, and its growth is being massive. Right now, they are in Malaysia and Philippines, but with the recent investment of 30 Million by Catcha Group, they are working very hard to be in every country of the Southeast region, particularly Indonesia, Thailand and Vietnam in the fall of 2015; and with Duo, they could make a safe landing in these countries where Mobile users are in attack too by cyber-criminals.

They are another great innovative company, and with Azran Osman-Rani like its new Malaysian CEO and COO of iFlix Group, I think that they will be more interested to make key bets for the upcoming growth of its user base thinking in three critical fronts: security, Mobile analytics and infrastructure; and Duo could play a key role in the first one. Person to contact: Ash Crick,CTO

But, How to market Duo’s services around the world?

Well, when I talk about a particular company, I love to give away some interesting ideas how to improve their services; and one of the issues that Security-focused company have, is precisely how to communicate to the world that they are in business with serious platforms, in a simple and fast way?

Duo is doing this in a great way with blog posts (I love Adam and Joe posts in the Weekly Ink section ), whitepapers and cool videos; but what about face-to-face meetings? I love this because it allows you to establish engaging conversations with potential clients who could expose you their problems, and you could provide a quick feedback how Duo could help them. That’s why I love tech events, and I will let you three great events you could use to promote Duo’s services and show the magic behind them:

  • Mobile Future Forward, Sept 29th, Seattle, WA: When you see a line of speakers that comes from Orange, Nokia, Neustar, Mastercard, Ericsson, you will have a remarkable opportunity to let them to know about your services, and this event is perfect for it. So, a Duo’s team should be there.
  • Enterprise Mobile Forum: if you read Kevin Spain blog, a partner at Emergence Capital, focused in the opportunities behind the impact of Mobile in the Enterprise, you could see that many of Duo’s clients are there, exposing their ideas about all this, and you could meet more potential clients like Augmedix, Expensify, Buffer, Asana, PlanGrid, and Shyp; so, you need to be there for the next event. BTW, you should listen the podcast from Emergence Capital; it’s simple awesome.
  • AWS re:Invent 2015: this is the most important tech conference focused on Amazon Web Services (AWS), and that’s the main reason why Duo should be there. It could be an unique chance to expose how Duo is changing the security business for good, and how AWS’s customers could take advantage of this. I think that Jon should participate in this conference.

Conclusions

So, the conclusions are simple: if you want to revamp your security for your Mobile apps, your productions servers, with a strong partner, you need to talk with Duo´s team. I will finish the post differently with a Tweet I sent some days ago: