We’ve all heard of the expression “Eating your own dog food” along with its more refined version of “Drinking your own champagne”— both of which are used to show how a company uses their own products or services internally.  

In this blog, I’d like to share how we, at Trusona, use our own solutions to follow this practice.

What are the benefits of using your own products internally? 

There are several benefits: 

  1. Quality assurance
    By using your own software before it ends up in the hands of customers, you are aiming to identify problems, deficiencies, limitations and bugs before your customers do. The last thing a customer wants to do is test your software for you. Of course, the nature of enterprise software is that there will always be bugs, but that’s no excuse for not doing everything possible to pre-empt them first and ensure consistent high quality for the most common “happy paths.”
  2.  To understand the journey a customer has to go through when consuming your software
    When it comes to achieving a “passwordless enterprise,” we have yet to see a company adopt the “Big Bang” approach of deploying a host of integrations across the enterprise in one fell swoop. It’s simply too much work and too much risk. Most companies prefer a pragmatic approach that is more contained, aimed at delivering a series of “quick wins” in order to deliver tangible benefits earlier and spread out over time.
  3.  To practice what you preach
    When you’re touting the flaws and limitations of the current approaches to authentication along with the virtues of your new approach, it’s a common (and legitimate) question for customers to ask if you actually practice what you preach. After all, if you truly believe in what you have built, how can justify not using it yourself? From our experience, showing a customer how you use your own software internally is par for the course — it’s expected. But if you don’t, and without good reason, you’ll actually lose all credibility. 

Our CISO is our “buyer” 

As with most of our customers, the CISO is the primary buyer of our workforce MFA solutions. Although we’d been using our solutions internally with a handful of discrete applications for a few years now, our CISO wanted to deploy our solutions at an enterprise level, like our customers.  

The first step was to perform a detailed audit of the various applications in use across the organization and to map them out according to a set of criteria — including the number of users and their departments, its ability to support open authentication standards like SAML and OIDC and any additional licensing costs for it to support an identity provider (IdP).  

Although we’re a startup, we had over 50 cloud-based applications in use throughout the organization. And, no surprise, every one of them defaulted to the standard username and password as the first factor of authentication. 

We quickly realized that it was time for us to adopt an IAM/SSO, behind which we could put many of these applications to not only better secure them, but to streamline their accessibility via Trusona’s MFA. 

After deploying the IAM/SSO, the CISO and his team then set up our passwordless MFA integration and configured it so that the only way an employee could access it was via Trusona. Over the following weeks, they started to systematically migrate many of the applications behind the SSO. 

Although we were able to migrate a good portion of the cloud-based applications to the SSO, the fact of the matter is that there are always going to be systems and applications that, for one reason or another, can’t be due to technical limitations or cost justification. For some of them, we deployed Trusona directly using our out-of-the-box integrations so we have the same consistent passwordless authentication experience.

Results 

Gone are the passwords needed by each employee for each individual application! From a security perspective, that’s a huge risk that’s been mitigated in addition to the improved end user experience of never having to deal with static credentials again. No more account lockouts and password resets! 

Key systems that are now protected by Trusona MFA include: 

  • Corporate productivity tools including email, collaboration and web conferencing
  • Tools used by Engineering and DevOps for development, QA, and operations including source code repositories, testing software and production performance monitoring
  • The Sales and Marketing CRM and CMS 
  • The systems used by our Customer Success team for managing support issues, our SLA dashboard, and operational usage and analytics
  • The tools used for product lifecycle management as well as UX design and prototyping
  • The IT service desk software for tracking and managing employee issues and trouble-tickets 
  • The laptops and PCs running Windows and macOS used by all the employees  

Going passwordless across the enterprise is an ambitious goal, but with a pragmatic approach, good planning and execution and a great solution, it can be a key part of your risk reduction strategy. Our CISO now sleeps a little better at night, our employees get to use our state-of-the-art MFA software every day for easy access to all our corporate systems and our IT team no longer has to deal with password-related tickets. 

To learn more, check out Trusona’s workforce solutions.

 

Podcast: Reducing the Risk of Social Engineering to Exploit IT Help Desk
Case Study: Trusona ATO Protect at Grand Canyon Education, Inc.
Webinar: Defending the Public Sector