Risk Management

CFO’s Tech Companies to Watch: Duo Security

Duo Security is at the forefront of deploying security measures and control at the access layer instead of the network layer or on the end points.
Keith ButtonMay 11, 2018
CFO’s Tech Companies to Watch: Duo Security

We combed through websites, interviewed tech experts, and researched a host of product categories to assemble, once again, the roster of 20 companies that make up our annual “Tech Companies to Watch.” We uncovered a wide range of technologies and products that would be valuable to finance chiefs, and we also discovered a wealth of innovation going on in “traditional” finance-related tech categories.

The entirety of the list appears in the April/May 2018 edition of CFO magazine. We are revealing the first 10 companies on CFO.com, one per day. Our first eight tech companies to watch were Pymetrics, PrattleTipalti, UiPathExabeam, x.ai, Emagia, and Adaptive Insights.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

Duo Security

Duo Security, a cloud-based cybersecurity company, dispenses with the traditional points of access control: at the network level and on users’ devices. Instead, it places tools between the user and the corporate application to verify users’ identities.

For example, with Duo’s multi-factor authentication product, when a user logs in he or she must approve push notifications to their smartphone or enter a time-based, one-time passcode. That means Duo’s corporate clients have less of a need for bolt-on security products for wired networks, Wi-Fi, laptops, or mobile devices, says Jon Oberheide, co-founder and chief technology officer of Duo.

Duo Security info boxThe company, which surpassed $100 million in annualized customer subscription revenue in 2017, is capitalizing on a changing focus in the cybersecurity market, from bolted-on to built-in security tools.

The trend — deploying security measures and control at the access layer instead of the network layer or on the end points — will have a dramatic effect on the cybersecurity market, customer budgets, and tools deployed and retired over the next 5 to 10 years, Oberheide says.

“The traditional data center and corporate network are becoming less and less relevant,” he explains. Access is happening directly on mobile devices, sometimes over public Wi-Fi, to a cloud application, he points out. “Your corporate network doesn’t play a big role in security anymore.”

The end points are changing cybersecurity’s focus also. “The devices we have in our hands, our iOS and Android devices, are more secure than the end devices [the National Security Agency] had four years ago,” says Oberheide.

Duo is able to check the “security health” of a mobile device attempting to sign on to an application and block the device (and tell the user to update the device) if it’s deemed risky. It can also designate some devices as “trusted” so they can get faster access. In addition, customers can see a dashboard that shows whether the device has unapproved software on it, if a passcode is set, and other attributes.

With more than 10,000 customers — including Altegra Health, Bolton NHS Foundation Trust, Etsy, Facebook, the University of Michigan, and Yelp — Duo handles more than 300 million user authentications per month.

Duo’s pitch to chief financial officers: its product is easy to deploy, can replace several other security tools at once, and is hospitable to employees or contractors who bring their own devices to work, says Sydney Carey, Duo’s CFO. The company boasts a Net Promoter Score  —a measure of customer loyalty — of 68. (An NPS above 50 is considered excellent.)

It’s not uncommon for Duo to deploy its tool for a client with 7,000 to 10,000 users over a weekend, Carey says, and easy deployment means faster return on investment due to fewer requests for help-desk support and the potential displacement of other security measures.

Some clients have replaced several of their point products — such as mobile device management tools, strong authentication, single sign-ons, and network access control software — by implementing Duo.

Duo customers commonly buy the application when they’re upgrading or moving their IT systems, or parts of them, to the cloud.

“We’re kind of riding that wave of cloud transformation to help drive our business,” CFO Carey says. News of data breaches, especially when the breach happens at a peer company, is also a big motivator for new Duo customers.

To continue growing, Duo is taking a “land and expand” approach: get a customer that buys a Duo app for a limited number of users to like it so much that it deploys the app company-wide. Duo is also focusing on enterprise customers —  those with more than 5,000 employees. They make up about half of Duo’s business currently.

“Companies used to essentially build castles for their security programs — build really high walls and hope that nobody ever got inside,” Oberheide says. “They made lots of investments in security products, built really strong castles. But many of those existing security investments don’t bridge to the new world.”

Other 2018 Tech Companies to Watch