Case Study: BeyondTrust achieves Zero Trust enforcement for privileged accounts with Yubico

BeyondTrust enforces Zero Trust for privileged accounts using YubiKeys

BeyondTrust, a global leader in Privileged Access Management, adopted a Zero Trust posture to protect high-risk privileged accounts across its merged, hybrid workforce. During risk assessments the company found its reliance on mobile push MFA exposed it to SIM-jacking, denial-of-service and phishing risks, and created support burdens — problems that threatened privileged access controls and compliance goals like SOC 2 and ISO 27001.

BeyondTrust piloted and then rolled out YubiKey 5 and 5C Nano devices, delivered via YubiEnterprise Subscription and Delivery, replacing push-based MFA with hardware-backed, passwordless authentication for its 1,500 users. The YubiKey deployment strengthened identity assurance for privileged access, reduced support costs and outage dependencies on carriers, simplified distribution logistics, and reinforced secure user behavior — materially advancing BeyondTrust’s Zero Trust objectives.

BeyondTrust

Morey J. Haber

Chief Security Officer