< Back

Zesty.Io delivers a security-first approach with Twilio’s Authy two factor authentication service

Content management leader Zesty.io seamlessly integrates 2FA and OneTouch authentication into enterprise CMS platform.

Watch the video

When Zesty.io, the leading SaaS solution for enterprise digital content management and development, needed extra layers of security built into their cloud platform, they turned to Twilio’s Authy 2FA service.

Backstory

As digital content managers, developers and designers, Zesty.io’s co-founders desperately needed a cloud-based platform that could take the pain points out of content management and website development. When they couldn’t find a solution that delivered agility, flexibility and speed, they built their own solution. And in 2010, Zesty.io was launched.

As the company grew to include co-marketing partners and large brand marketers like Sony, Zesty.io’s platform evolved with expanded capabilities focused on delivering a true content-first approach. Their cloud-solution ensured the reliability, rapid deployment, scalability, and flexibility needed to deliver exceptional digital experiences for their clients and end users.

Mitigating security issues in a complex digital landscape

In a highly security-conscious industry, the Zesty.io platform was built to help mitigate security issues and challenges. Andy Fleming, Zesty.io’s CTO, noted, “Website and interface management security are complicated. For example, Wordpress serves the admin area in the same place as the actual site. We think that’s a security risk for our clients, so we separate and decouple those types of features.”

The Zesty.io platform is also primarily closed source, so that people can’t crawl through their source code seeking out vulnerabilities. “The security of our client sites and how they’re consumed by end users is critically important to us,” said Fleming. “We need to guarantee that sites won’t go down or be defaced or otherwise compromised.”

Keeping security top of mind, they also looked to integrate seamless authentication technology into the platform and interface. With large brand and agency clients, a security-focused approach is an imperative. In fact, Zesty.io went through a stringent review process with Sony, where authentication is a requirement, before they could land the business.

2FA for security and recovery

“We’ve always valued security and wanted to be proactive,” said Fleming. “We were using a two-factor provider early on, but the company actually went out of business.” Zesty.io evaluated two other options before landing on Authy 2FA. They could integrate Google Authenticator, or build their own authentication technology on top of Twilio SMS. “In the end, we realized it would be an easier implementation with Authy,” said Fleming. “Having it pre-built and well-tested would save us a lot of time.”

The other significant benefit for Zesty.io is Authy’s managed recovery process. “It’s secure and validated,” said Fleming. “We won’t have to deal with it—we know Authy’s team will keep the system secure.”

By choosing a modern technology experience like Authy, we’re communicating our security philosophy. We’re able to show our clients that Zesty.io is completely secure and innovative through the tools we’re using.

Andy Fleming, CTO, Zesty.io

Authy 2FA and One Touch integration

Zesty.io uses both Authy 2FA and OneTouch authentication. According to Fleming, both implementations were quick. They spent a couple of days on the first initial 2FA implementation and, about a year later, integrated OneTouch implementation to upgrade the login experience.

“We were familiar with Authy before we rolled it out—but I wish we would have known how easy it ended up being,” said Fleming.

Fleming said that with Authy’s authentication built into their platform, the company is able to drive home the critical importance of security for their clients. “We go beyond just providing authentication, we provide tools to enforce 2FA,” said Fleming. “For anyone who wants to access the site, even if they’re granted access, they can’t until they’ve enabled and set up two-factor.”

What’s Next for Zesty

Right now, our big initiative is continued growth. The true platform nature of Zesty is sinking in, getting Zesty.io’s customers to understand why they are a better option than the other solutions out there. “Our company has really started to take off, we’re building awareness, and people are seeing that we’re a secure, powerful platform,” said Fleming.