Think of an app you love, and you’re not likely to think of a two-factor authentication service. By making their software simple and easy to use while still being secure, however, the founders of Duo Security have created a fan base of clients--so much so that the company’s account has almost 50 thousand
In 2010, Duo Security got its start far from San Francisco in Ann Arbor, Michigan, where the startup is still headquartered today. On Christmas Day 2011, Karim Faris, general partner at
In addition to the funding, Duo Security announced Tuesday that it is launching a new enterprise platform. “This has been a goal of ours since we started the company in 2010,” says Song. “We really wanted to build a security platform to help companies protect themselves against more than stolen passwords. It represents a very big expansion in terms of the market and the problems we’ll be solving for our customers.”
The company’s current two-factor authentication solution capitalizes on the $2.4 billion authentication market, but they're hoping for a piece of the much larger $67 billion security market. The new platform will give companies a view into their clients’ behavior, while hoping to maintain the ease of use that has made their two-factor authentication successful.
“We’re really looking to move beyond strong user authentication, and look at what devices, applications, and networks are being used to access corporate systems and provide those IT administrators the policies and control to see what good and bad access looks like,” says Oberheide, who is a former Forbes 30 Under 30 member.
The new platform will allow administrators to see who is logging in to an enterprise network and where they are logging in from. Administrators will be able to shut down log-ins that look suspicious---a 2am log-in attempt from China for a US-based company, for example. Clients will also be able to customize who gets access to the network, shutting off access from unsecured wireless networks or devices that have not been updated, Oberheide explains. Song and Oberheide say they built the new platform at the request of their customers who wanted more insight into their systems through Duo Security.
As Duo expands, the company's focus is still on a simple, seamless product that gets out of their customers' way. For example, at
Chicago-based e-commerce site Threadless has been a Duo Security client for three years. After failing an audit, the site had to quickly set up two-factor authentication, explains Threadless’ IT Infrastructure Manager Triston Hammond. After looking into Duo but being wary of the fact that startup was still fairly new, Threadless signed a contract with one of the established two-factor authentication services. After a few months and many frustrating technical issues, Threadless went back to Duo, and found that they received better service and security for a third of the price of the other service (which Hammond declined to name on the record).
“Previously people contacted me being like ‘hey this doesn’t work’ or ‘hey I can’t get in,'” Hammond said. “Now literally the only time I hear from people about it is someone’s device is loss or stolen. I’ve never had anyone come to me and say this isn’t working. No news is good news.”
Duo’s customers range from small businesses like Threadless to large corporations, including NASA, Toyota, and Facebook. As they expand and attempt to bring their enterprise platform to the market, Duo's challenge will be continuing to break into a market dominated by large, established companies, like Symantec and RSA.
“In think of the next couple years, the largest competitor [for Duo] is actually time. There are so many enterprises that haven’t deployed two-factor authentication--greenfield opportunities,” Faris says. "We live in an increasingly insecure world because of cloud and mobility. People want the convenience of being able to access everything from anywhere, with that comes more ways for the bad guys to get in.”