Finally! Zero-Trust Security That Users Actually Like to Use

Duo Blog Image 051821

Everyone agrees that the best way to combat rising cybersecurity attacks is by implementing better security, but users will circumvent the defenses if it’s too cumbersome.

It’s a well-known fact that passwords are the Achilles’ heel of security. According to the 2019 Verizon Data Breach Investigation Report, more than 80% of data breaches result from an attacker logging into a customer’s applications using stolen passwords—often initiated by an email phishing attack.

The problem with passwords is that to be effective, they need to be hard to guess, but to be usable, they need to be easy to remember. Even when IT admins attempt to implement best practices, like requiring users to update their passwords regularly, the effects are nullified by easy-to-remember passwords. For example, if someone’s password is ‘BigTimeStuff2020!’ when required to update their password, they’re most likely to choose ‘BigTimeStuff2021!’

 

(User Friendly) Zero-Trust Security is the Answer

Weak passwords are a critical issue that businesses can’t afford to permit. But what other options do they have? Security experts agree that the best way to combat today’s cyber threats is by adopting a zero-trust model. Zero trust is an information security architecture that encourages organizations not to trust any entity outside or inside their perimeters. It focuses on securing small groups of resources rather than network segments.

A zero-trust network also adheres to the principle of least-privilege access: giving users only as much access as they need and minimizing their exposure to sensitive network resources.

Zero-trust network architecture is not associated with any specific network technology. It incorporates several different principles and technologies, including:

  • Microsegmentation—involves dividing security perimeters into small zones to maintain separate access for different parts of the network. That way, a user who has access to one zone can’t access another zone without separate authorization.
  • Multi-factor authentication (MFA)—requires more than one piece of evidence to authenticate a user’s identity.

One of the critical requirements to implement a successful zero-trust network architecture is ensuring that it’s user-friendly. In other words, it can’t put a burden on users to remember complex passwords or jump through several hoops to log in to the network, and it can’t slow down their performance. This is where Cisco Secure Access by Duo has a distinct advantage over other zero-trust offerings.

 

What Makes Cisco Secure Access by Duo a Better Choice?

Cisco Secure Access by Duo is a trust-driven, unified access security and MFA solution that provides reliable, secure application access. Its MFA capabilities allow it to verify users’ identities—not just their credentials, which is a crucial factor for zero trust. While admins will appreciate Duo’s security features, users will like its ease of use, especially passwordless authentication capabilities.

Passwordless authentication removes the shared secret (i.e., something you know) factor from MFA and relies on something you have and something you are. Face recognition is one example of passwordless authentication. Having the phone is one factor and performing FaceID is the second.

One of the primary benefits of passwordless is that it often feels like it’s just one step, even though it’s still MFA. So, you’re getting the security of two factors in one gesture—and without remembering and typing a password.

 

Zero Trust Security Options

Implementing a Cisco zero-trust network can be done all at once or in phases. Here are a few options users can consider:

  1. Duo MFA ($3/user/month)—provides users with several authentication methods, such as Duo Push through a mobile app, universal second factor (U2F) and phone call back, making authentication easy for admins and users. Duo’s user self-enrollment method is intuitive enough for anyone to do on their own. Users can also enroll additional authentication devices, reducing burdens on help desk resources. Duo offers multiple ways to deploy and manage MFA quickly, even in large organizations. Admins can leverage automatic enrollment options, integrations with Active Directory and Azure AD or input users from a .csv file.
  2. Duo Access ($6/user/month)—enables BYOD (bring your own device) and enforces adaptive success policies. Duo Access builds on Duo MFA, establishing device visibility in managed and unmanaged devices. This edition empowers customers to gain detailed visibility into the security hygiene of every device. It also helps companies reduce risk by enforcing specific policies and controls without compromising the end-user experience. And with Duo’s phishing simulator, admins can conduct phishing vulnerability assessments and quickly identify vulnerable users.
  3. Duo Beyond ($9/user/month)—encompasses all the benefits of MFA and Access while also establishing user-device trust and remote access alternatives to private apps. This edition empowers companies and encourages BYOD by enforcing policies for corporate vs. personal devices and allowing users to work from anywhere. Duo’s endpoint visibility dashboard shows a breakdown of all corporate and personal devices on the network, allowing admins to enforce policies accordingly. Duo also enables users to integrate with their current enterprise device management platform to control application access at the device or user level. This allows admins to apply policy to specific user groups or devices accessing an application. Duo also makes it easier for companies to identify and block unauthorized devices from accessing the network and applications.

 

One final benefit admins and users will appreciate about Duo is that they can try it out for free before making any financial commitments. To learn more about how it works or to sign up for a free trial, visit signup.duo.com

Leave a comment

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.