Having implemented 2FA across its entire operation, King gained in terms of its security policy compliance without having to use aggressive password management. Collini hasn't revealed how often passwords had to be changed to maintain compliance but this requirement had been relaxed by using authentication.
Cost is more difficult to quantify because, in effect, King has added a new layer of security it did not previously have. How can the cost effectiveness of a security system ever be quantified?
Collini believes that using 2FA as a cloud service has saved in headcount not to mention that "the hidden costs would have been all over the place." The company is now also able to grant and rescind access to third-party partners with an ease that would have been tricky using old-style credentials.
Candy Crush maker King - life of a startup
"We took a startup and transformed it into an enterprise," points out Collini, which is an important point. It's an extreme version of the journey every company has had to make in terms of security design and investment but that startups uniquely must tackle almost immediately if they have any ambitions to scale.
King's adoption of Duo Security's cloud authentication started out as a need to secure the perimeter to a higher standard of certainty but has ended up with something that allows that perimeter to be anywhere and for any of its employees.
An intriguing added dimension of the Duo Security design is the potential it offers for analytics, which Collini is keen to make use of. This is an authentication system for sure but one that can also examine the endpoint to see, for example, whether it is running out-of-date or vulnerable software. It can also be used to block access to applications from certain locations.
"The job is not done," concludes Collini.
Source: Computerworld UK
Sign up for CIO Asia eNewsletters.