A leading VC firm based in Silicon Valley, which manages several multi-billion dollar funds, is cognizant of the security risks and threats that must be mitigated in order to protect their data, their portfolio companies, their limited partners and their institutional investors.
The constant barrage of breaches over the last decade has made it abundantly clear that usernames and passwords — which were invented back in 1964 — are simply no longer secure enough. According to the 2019 Verizon Breach Investigations Report, compromised credentials are responsible for over 80% of all breaches.
Over the last several years, the industry has delivered solutions that attempt to make static credentials more secure, which led organizations to adopt two-factor authentication (2FA) utilizing SMS, OTPs or hardware tokens. These added layers are burdensome to the user and only deal with superficial security symptoms — not the root cause of the problem — leaving organizations vulnerable to phishing attacks, keylogging, malware, SIM swapping and more.
To better secure their organization’s data, the client required a passwordless authentication solution that was designed to fit seamlessly into their existing infrastructure, most importantly for their employee single-sign on (SSO) solution — in this case, Okta.
“Cybersecurity is critically important to us,” said the firm’s head of information security. “Every year, we significantly invest in cybersecurity projects to make sure we’re protected. Investment is a trust business and trust is core to what we’re doing. As VC becomes more competitive, giving somebody a reason not to trust you means they won’t give you their money — they’ll just go elsewhere.”
To improve their security posture, the client selected Trusona’s passwordless authentication solution. Removing the reliance on usernames and passwords from their employees’ user experience now enables them to eliminate the largest threat vector of compromised credentials. This led to a significant reduction in overall risk.
“Trusona effortlessly augments our Okta experience,” said their head of information security. “All of our corporate applications are behind Okta, and we wanted to make sure that logging in was a more secure, unified experience across both desktop and mobile devices. Trusona gives us the ability to verify who people say they are without having to type any credentials.”
Beyond the streamlined integration with their existing SSO, the firm was also impressed with the combination of strong security and simple user experience built into the authentication solution. After only a few weeks of utilizing Trusona in a pilot program, they procured an enterprise-wide license for every employee.
“The security problem is highly relevant and difficult to solve,” said their head of information security. “We selected Trusona because they are solving that technology problem elegantly. It’s demonstrating to my users how usernames and passwords are obsolete — and they are obsolete. We’ve never seen anything like Trusona. They’ve made this look easy.”
Preventing costly data breaches
By implementing Trusona’s dynamic passwordless authentication, the VC firm can rest easy knowing their sensitive assets are well-protected from the most prominent cyber threats. For example, while other 2FA solutions utilizing SS7/SMS are prime targets for SIM swap attacks, using Trusona has made them inherently immune to any such breach attempts.
“If you’ve tied your security to a mobile SMS, that’s a bad security model and one that NIST no longer recommends for multi-factor authentication,” said their head of information security.
“Criminals will have a much easier time trying to steal your phone number, then requesting a password reset. By moving to an authorized app/device combination and removing passwords altogether we’re preventing any of those attacks.”
Enabling — not impeding — their employees
With no usernames, passwords, OTPs or typing of any kind, Trusona offers the simplest login experience for the VC firm’s users. Their employees receive a fast, simple and consistent authentication experience across desktop and mobile devices, whether on-premise or remote.
“Our employees love it,” said their head of information security. “With one touch, they log in and go. Trusona lowers the overall friction of the authentication process and makes it lightweight. Security may be a tough problem to solve, but it shouldn’t be pushed onto the user.”
Rapid deployment and time-to-value
The firm’s ability to simply and swiftly deploy Trusona with their existing Okta platform has helped them derive value in a matter of a few weeks. Trusona’s cloud-based solution ensures there are no extraneous components to manage and user onboarding is completely self-service, requiring no IT provisioning. Together, that means enabling a frictionless and secure login across their entire employee base.
“I talk Trusona up to all of my colleagues and peers,” said their head of information security. “One thing I share with other IT practitioners is that when I need to access a file I’ve put in a secure place, I just use Trusona to log in and download the file without exposing any credentials or passwords. In other words, I can get my job done quickly and easily.”