Datadog leads in authentication best practices, deploys YubiKeys to all employees enterprise-wide
About our customer Datadog
Datadog is the monitoring and security platform for cloud applications. Their SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of customers’ entire technology stack.
When Daniel Jacobson, Senior Director of IT at Datadog, joined the company in 2017, one of his responsibilities was to ensure the business was leveraging strong authentication. Given the security-minded nature of leadership, multi-factor authentication (MFA) was already implemented across the company in the forms of SMS and authenticator apps. Datadog’s CTO and CISO, however, used hardware security keys called YubiKeys, which were much more resistant to phishing.
Datadog runs it’s business on Google Workspace (formerly G-Suite), and employees use the Single Sign-On (SSO) feature to access apps and services. This means that when an employee receives their Google Workspace account, by default, they have a lot of access to company information. Daniel Jacobson decided to view every employee as a privileged user that required MFA.
“Any form of MFA is better than just a username and password, but most MFA can still be phished. It didn’t take long to realize we needed stronger authentication for all employees that couldn’t be phished.”
Due to the remote nature of most phishing attacks, Datadog realized that YubiKeys would strengthen their position against phishing. YubiKeys also had a simple user experience that didn’t require a network connection or client software, and came in a variety of form factors to support most devices.
“Our biggest threats are remote attacks, not nation state actors breaking in and stealing our workstations. YubiKeys made the most sense. And when I first used a YubiKey Nano, I loved the experience — I left it in my computer and simply touched it to authenticate.”
Once Daniel Jacobson saw that YubiKeys mitigated a SIM swap attack on a senior executive’s smartphone and protected the code of a breached Github account, he instituted a corporate policy that required all employees to authenticate with YubiKeys.
Starting in 2019, a phased rollout of YubiKeys began, prioritizing administrators and high profile employees. All new hire employees were also given YubiKeys.
“Datadog believes in giving their employees everything they need to do their jobs and be safe. We encourage every employee to use their YubiKeys even for accounts outside of work, and if an employee ever leaves the company they keep their YubiKeys.”
In March of 2020, the global COVID-19 pandemic shut down Datadogs offices and the company shifted to remote work. But unlike so many companies that cut back during the pandemic, Datadog doubled down.
Datadog hired over 1,100 people in 2020, with 1000 of them joining after the COVID-19 shutdown — doubling their total employee count to over 2,200. Onboarding employees in a completely remote setting was a challenge, but Datadog remained committed to ensuring that all employees had what they needed to do their job and be safe.
Datadog partnered with Yubico and became an early adopter of YubiEnterprise Delivery (YED). This service uses APIs to programmatically order and ship YubiKeys to employees all across the globe. YED streamlined the logistics so Datadog could continue to operate securely at scale.
Datadog’s company-wide rollout of strong authentication through YubiKeys helps protect access to data, applications, and services. While usernames and passwords may at times be compromised, the YubiKey has ensured that no information has been improperly accessed.
The pandemic has hastened the development of a remote, distributed environment in which valuable information is largely decentralized. That means that making sure privileged access is ironclad becomes not just important, but essential to doing business. If someone breaches Google Workspace, they gain access to other applications, like Slack, where they can impersonate employees to gain further access and information.
“Attackers see value in gaining access to any Datadog account. Deploying YubiKeys at scale gives us the trust and peace of mind that only our employees are able to access our systems.”
Security has always been part of the culture at Datadog, and now YubiKeys have been added into the mix. Datdog even uses its own monitoring platform to track and celebrate YubiKey enrollment, and they have created custom stickers of the Datadog logo with a YubiKey OTP code.
Benefits of using YubiKeys and YED at Datadog
Efficient: Saved time and hassle in distributing keys to a growing remote worker staff.
Secure: Protected Google Workspace and associated apps with strong MFA, to protect against phishing and account takeovers.
Scaleable: Privileged access given to 100 percent of employees by using YubiKey.
Usable: Established a workplace culture that embraces strong security as routine.