Duo Security's CEO explains what his company is doing with the new funding and where two-factor authentication is headed.
One of the most common pieces of advice given by security experts in the wake of the recent rash of high-profile data breaches is for users to deploy two-factor authentication. It's a message that is helping to grow Duo Security's
business, which is all about two-factor authentication.
Duo Security announced on Sept. 22 that it has raised a $12 million Series B round of funding led by Benchmark
. In total, Duo Security has now raised $20 million in venture funding.
Dug Song, co-founder and CEO of Duo Security, told eWEEK
that the new funding will be used to help grow the business and the company's engineering team. Song commented that the funding was a pre-emptive round and that he was not actually looking for funding. Interest in the market for two-factor authentication technology has driven interest in Duo Security—from users as well as investors.
Song is no stranger to the security world. Prior to co-founding Duo Security, he was the principal security architect at Arbor Networks. Song noted that Duo Security's focus is very different from Arbor Networks' focus. At Arbor, the focus was on global carriers and large organizations; in contrast, Duo Security has a much larger target audience, he said.
"We believe that security is now a much broader problem that affects many more people than it ever has before," Song said. "These days, even your corner coffee shop is an IT operation, and when IT is pervasive, security is now everybody's concern."
The goal at Duo Security is to democratize security solutions for underserved segments of the IT-using community, according to Song.
The recent Apple celebrity photo hacking incident
earlier this month was perhaps one of the most dramatic security events in recent years that highlighted the need for two-factor authentication. While the Apple incident generated a lot of headlines, there have been many breaches in the last year, including ones at Home Depot, Target and others, that prove that attackers have shifted their focus, Song said. Attackers now largely go after users as a way to gain access to environments and information.
"Attackers no longer bang their heads on the front door of organizations to get in; they go after users and ride that legitimate access in," he said.
What two-factor authentication provides is an additional layer of protection beyond just a simple username and a password. While major online Internet properties including Google and Apple have now deployed two-factor authentication for end users, there is a need for broader deployment to protect organizations of all sizes.
Song explained that the Duo Security platform is a cloud-based service that can integrate with an organization's existing systems. Two-factor authentication can be enabled for multiple forms of remote access, whether that access is a Web log-in, a virtual private network (VPN) or even a virtual desktop.
Duo Security's own back-end infrastructure is a distributed one, with operations in 100 countries. Song noted that his company also uses multiple cloud vendors, including Amazon, Verizon Terremark and Rackspace.
Looking forward, Song's goal is to continue to broaden the IT security landscape that his company can address.
"As a company our biggest challenge and opportunity is to think about security more broadly," he said. "While we are a two-factor authentication vendor today, we have always had ambitions to leverage two-factor authentication as the foundation of a much broader platform."
Sean Michael Kerner is a senior editor at
InternetNews.com. Follow him on Twitter @TechJournalist.