Automated email authentication: keeping dormakaba ahead of the security curve

Challenge

Maintain a highly effective security posture and achieve 360-degree visibility and protection for its expansive email environment—including domains acquired through multiple global mergers and acquisitions.

Solution

The team at dormakaba layered Valimail with Microsoft 365 to automatically implement and enforce key email authentication standards, gaining inbound and outbound visibility of all email activity.

Results

Suspicious emails blocked: 5 Million+
Emails authenticated: 29 Million+
Domains protected: 65+

The business

The 2015 merger of DORMA and Kaba created a trusted source for security and access control solutions with over 150 years of experience and millions of installations worldwide.

As an industry leader, dormakaba develops seamless access solutions and services that make buildings smarter and more secure. Those values extend to its own corporate security. The dormakaba team knew that email authentication with SPF, DKIM, and DMARC was a necessary step for continuing their evolution into the cloud while maintaining their leadership as a security company.

The challenge

The merger of two large corporations and multiple acquisitions resulted in the need for centralized cloud solution management. Out of that need, the Hybrid Cloud Solutions team was created, led by company veteran Geoff Stone. Geoff and his team are responsible for supporting a secure cloud environment for all global employees. This includes centralized management and security for email sending services including Microsoft 365. With such a widespread ecosystem, and over 65 corporate domains, it wouldn’t be an easy task — but it was critical.

For dormakaba, it was a question of “how” not “if” they were going to implement email authentication. Geoff says, “We were aware of the need to increase the level of protection for the environment. Adding DKIM and DMARC to existing SPF capabilities would make our corporate identity across the internet more secure.” The team at dormakaba was already taking advantage of the security controls available as part of Microsoft 365, but through their research, they learned that an additional layer was needed.

This layer would manage the email standards that Microsoft 365 enforces on inbound messages. It would also provide full visibility into senders using dormakaba domains, including traffic that was happening outside of its network. Additionally, the company needed a solution to overcome the SPF 10-lookup limit, since that was problematic for an organization of its size. Geoff and his team were actively searching for a solution when they found Valimail — the only company that uses patented, automated technology to overcome the technical limitations inherent in the standards (such as the SPF 10-lookup limit) while providing both inbound and outbound visibility.

The solution

After looking for a solution, the choice was clear.“When looking to the marketplace for a solution, it was not possible to identify any other key players that covered the scope of our requirements — from visibility to automated record management — across all of our identities.” Geoff recalls. The initial monitoring phase allowed them to see what their footprint really looked like on the internet. Geoff says, “Being able to see all senders, both internally and externally, communicating under our identity in one place changed the game.”

Geoff and his team deployed Valimail as a security layer to enhance the Microsoft 365 instance. There were two immediate benefits to the Valimail solution: First, Valimail provided instant visibility into senders using dormakaba domains to send mail to internal employees from outside of the organization. It also provides visibility into senders (authorized, unauthorized, and legacy solutions) using a dormakaba domain to send outbound mail to customers and partners. Second, Valimail overcame the SPF 10-lookup limit. With Valimail, senders are authorized and configured with a single click as needed — no limits apply. Having one platform to consolidate all of this control and information in one place allowed Geoff and his
team to easily provide support for business units that were previously operating in isolation.

In addition to the immediate product benefits, dormakaba benefited from the technical knowledge of the Valimail team, helping to identify owners internally and work with sending services to configure their products to support proper authentication mechanisms.

The results

“We were able to drill into the detail of what really was happening and bring our identities out of monitoring and into enforcement,” says Geoff. In partnership with Valimail, dormakaba has been able to put controls in place that allow the team to move quickly across a highly distributed organization. Geoff and his team can maintain the security of dormakaba’s corporate domains without interrupting day-to-day business operations of the teams they support. They have the ability to view and lock down senders on over 65 sending and non-sending domains.

The team credits its successful email authentication program to the visibility and automated control that the Valimail solution provides. “If we didn’t have Valimail, we wouldn’t be where we are today,” says Geoff. “We now have the ability to see, control, and convey to our executive team exactly what is happening under all of our corporate domains.”

With this system in place, dormakaba can easily maintain its strong security posture for cloud solutions and scale the process as it continues to acquire and expand its business.