A Logical Progression: Adding 2FA to SSO for Extra Protection
Time to read: 2 minutes
LogicMonitor’s SaaS-based, fully-automated performance monitoring solution takes in billions of metrics every single day to deliver a single source of data to customers about their IT infrastructure performance. LogicMonitor is compatible with more than 1000 technologies, which they monitor for thousands of customers, from startups to massive commerce sites and internal IT teams at Fortune 500 enterprises.
LogicMonitor was founded by datacenter operations experts, so security is part of their DNA. Twilio's 2FA solution was adopted to help their customers follow security best-practices. "For some of our customers, it's challenging to make the transition to a SaaS-based performance monitoring solution," said product manager Clay Turk. "By providing 2FA for everyone, we're both helping to protect our customers' sensitive data and providing them the peace-of-mind that we've thought of everything on the security front."
Room For Improvement
LogicMonitor had already incorporated single sign-on (SSO) for internal tools and customer accounts, but some customers needed stronger security. Additionally, some large Service Provider customers had separate SSOs for their clients, making it impossible for LogicMonitor to authenticate against both customers and end-users.
Having acknowledged there was room for improvement, LogicMonitor decided to implement additional security layers with two-factor authentication (2FA). As they evaluated other solutions, including Google Authenticator, the team decided that since they were currently using Voice and SMS alert services from Twilio, integrating Twilio 2FA product had clear business benefits.
“The main reason we wanted to use Twilio API was that we just needed to implement a 2FA solution that worked seamlessly with our application,” said Turk. “Historically, we provided solutions like SSO so we could work with any identity provider to login, but some of our larger Service Providers have customers with separate domains, so we needed to improve security beyond just username and password. For customers who don’t have an identity provider, we can offer 2FA to them right out of the box to improve the security in their account.”
“From a cost-benefit perspective, the benefits of buying a 2FA solution far outweigh building one. We never want to reinvent the wheel if we don’t have to.”
LogicMonitor is an agentless-solution, and it only takes about 15 minutes for their customers to download and deploy a Collector in their environment which can automatically detect and start monitoring any device within it. They’ve built their infrastructure on seamless, easy integration and expect the same from their vendors.
From ground up, total implementation took about two months, including the development cycle, planning, implementation and testing. “Every time we had a question, the Account Security team at Twilio responded within the hour,” added Sam Dacanay, LogicMonitor’s lead developer. “I’ve built a ton of integrations here at LogicMonitor, and have never received support like that. It was a huge plus.”
What’s Next for LogicMonitor?
According to Turk, since the majority of LogicMonitor customers rely on their mobile devices for alert delivery, ensuring they have best-in-breed security integrated into that platform is key. “As we move forward,” he concluded, “our commitment to security is made easier by partnering with leaders in the space like Twilio.”