Challenge

‍

Red Cup IT employees need to log into multiple environments a day. Each environment was protected by multi-factor authentication (MFA), and once into the environment, the user would then have to log into and manage individual resources, which also have MFA from various providers. On average, each employee was going through this process 50 times a day which was reducing employee productivity. 

Additionally, Red Cup IT employed contractors who were able to access critical SaaS applications and Red Cup had zero visibility or control into the device security posture of those endpoints. This gap in visibility introduced risk, and as an MSSP, it could have led to downstream impacts on customers who trust Red Cup to secure their environments. 

‍

‍

Solution

‍

Beyond Identity added additional layers of security to the existing infrastructure, and according to Red Cup IT Founder and CEO Dan Le, “The continuous device posture checks and the conditional access policies were a huge part of why we picked Beyond Identity.” 

‍

Because they are an MSSP, the products Red Cup IT uses must benefit both Red Cup IT and their clients. Le stated ease of use and ease of deployment, both in house and for clients, was one of the primary benefits of Beyond Identity. 

‍

“At this point, if you want to be a Red Cup IT customer, you need to be a Beyond Identity customer. We won’t sign contracts for any customers that don’t want to use that because it’s too much of a high risk for us,” Le explains. 

‍

‍

Results

‍

Deploying Beyond Identity resulted in time savings, increased third-party device security, increased device trust, and a reduced attack surface.

‍

‍

“Too difficult to hack”

‍

Red Cup IT brought a laptop secured with Beyond Identity and other security tools to DEFCON with a sign that said, “Hack Me”. The goal was to discover the tactics, techniques, and procedures (TTPs) that a bad actor could potentially use to circumvent their defense. 

‍

Once explained that the environment is protected by a phishing-resistant MFA that uses device bound credentials, evaluates real-time endpoint security posture, and continuously evaluates risk every 15 minutes, DEFCON attendees walked away citing the fact that “it’s too difficult, we’d get locked out immediately”. 

‍

‍

Ease of use leads to massive time savings

‍‍

Le estimates they save approximately 8 hours each day logging in to the complex environments they manage. In the course of a year, that’s over 2,000 working hours Red Cup employees have reclaimed

‍

‍

Not only is Beyond Identity easy to use, the frictionless authentication process has led to significant time savings for both Red Cup IT and for the company’s clients and their end users. For the internal team alone, Le estimates they save approximately 8 hours each day logging in to the complex environments they manage. In the course of a year, that’s over 2,000 working hours Red Cup employees have reclaimed and now use to benefit the company’s bottom line.

The reduction in help desk tickets related to lost passwords and account lockouts benefit both Red Cup IT and their clients. End users spend less time waiting for IT help and Red Cup IT’s staff can spend more time on building IT automation workflows, quality of life enhancements, policy management, and other services.

‍

‍

Increased security for third-party devices

‍

A major benefit for Red Cup IT’s clients is the added level of security Beyond Identity provides for third-party devices used by contractors. New contractors who use their own device introduce new areas of risk. One gap Red Cup IT faced in the past was ensuring new devices met security policies. “​​Beyond Identity is great for helping to discover that, since it extends device trust to SaaS apps that don't typically support it,” said Le. This added level of security and ease of use has become one of Red Cup IT’s selling points when onboarding new clients.

‍

‍

Benefits to Red Cup IT

‍

• Ease of use and ease of deployment
• Faster, frictionless login for end users
• Ensure policy compliance of BYOD devices for employees and third parties
• Significant reduction in internal and customer help desk requests
• Red Cup IT staff save over 8 hours a day with passwordless login

‍

Device trustRed Cup IT, as an MSSP, manages a large number of endpoints. They are responsible for numerous logins, tenants they manage for their customers, and an architecture built of an array of IT and security tools. They regularly push out policies to the MDM software, and there wasn’t a proactive way to track that with Okta or other typical MSP RMM tools. Beyond Identity allows them to ensure the MDM is on the endpoint, active, and that the policy is active.  Device trust and ensuring endpoint devices are verified before allowing access is a priority for Red Cup IT and for their clients. Beyond Identity notifies administrators if device security has been tampered with, if someone removes or disables antivirus or encryption, or if there is a malware issue.Reducing attack surface took attacks from non-stop to nonexistentMany of Red Cup IT’s clients are in the financial space, which are the most frequently attacked. According to Le, Beyond Identity has reduced the attack surface dramatically.

‍

He said their client's "Microsoft accounts were getting attacked 24/7. So we turned on conditional access- still getting attacked. So we put Okta in and Okta kept getting attacked. Then we put Beyond Identity in front of that, and now it's just non-existent. You can't attack Beyond Identity, because it's a credential on your computer."