Skip navigation
Product & Engineering

Amazon + Duo Continue to Provide Zero-Trust Access in the Cloud

It is a truth universally acknowledged, that a single organization in possession of a good many applications, end users, and devices, must be in want of secure zero-trust access.

A look at the challenges we face today - Organizations are using an average of 100+ workforce applications, according to research by Productiv. In addition to the volume of applications, disparate applications create tremendous complexity in IT environments. Securing access to the myriad of applications in your network and from a variety of end users and devices is imperative. While the workforce needs to access a variety of applications to stay productive, the security team must build and enforce strong security policies for every user requesting access to those applications.

image of a monitor

Adding to that complexity, we still have many organizations using the old method of a VPN to check a user’s identity before providing access to all applications regardless of who the user is, what device they are using and what permissions they SHOULD have based on their role. VPNs weren’t designed to serve the increasingly remote workforce of today. They weren’t built with the application-specific security controls nor for the enormous scale (users and sessions) required today. This is especially true for where employees are increasingly dependent on highly available, secure connectivity from anywhere, such as IT, education, and healthcare.

VPNs traditionally lack modern security features needed to protect the workforce and data in our hybrid reality. Let us not forget that while VPNs do not provide secure trusted access, they also slow down productivity. It can take minutes for a user to connect to the network. Sometimes you even have to restart your laptop and the fear of losing all your open tabs is real.

How do we then get around these challenges to provide secure access AND a great user experience?

Duo SSO + AWS Verified Access

About Duo SSO = Log in once, work everywhere

Single sign-on (SSO) from Duo provides users with an easy and consistent login experience for any and every application, whether in the cloud or on-premises. Cloud-based SSO is hosted by Duo, which makes it easy to set up and manage. It also features:

  • User-friendly dashboard to manage all access policies and applications

  • Customize granular access policies per-application to enforce security rules based on criteria like user, device health, location, and more

  • Vendor agnostic works across cloud platforms and all applications regardless of cloud-based or on-prem

  • Built with modern security features SAML and OIDC

About AWS Verified Access

AWS Verified Access delivers secure access to private, corporate applications in AWS, without a VPN. Through continuous evaluation for each access request in real-time, AWS Verified Access evaluates contextual security signals like identity, device security status, and location and then grants access based on the configured security policy for each application. Built on zero-trust principles, AWS Verified Access enables the networking team to create, configure, and manage a fine-grained set of policies for private application access in AWS.

Together, Admins can utilize Duo SSO + AWS Verified Access to protect applications, users and data while removing password fatigue. Employees will have one place to log in that supports multiple multi-factor options including biometrics, security keys, and also passwordless. Duo integrates with AWS Verified Access to check the user’s identity, location, device security posture and more before sending the user through AWS Verified Access to access the organization's private applications on AWS. The integration builds on Zero-Trust principles, ensuring only the right user at the right time has the right amount of access.

Both Duo SSO and AWS Verified Access are cloud-delivered services, making it very easy to set up and begin testing immediately.

Top use cases for Duo Single Sign-On (SSO) + AWS Verified Access

"Organizations are calling for security simplification and integration. With Cisco providing the data and signals needed for trust assessment with every authentication, AWS Verified Access can provide the consolidated, lightweight, secure access without needing an additional VPN. It’s ‘zero trust’ applied to the cloud environment from two strong security partners." - Wendy Nather, Head of Advisory CISOs, CISCO

Secure distributed users

No matter where a user is located, their access to private applications in AWS is based on zero-trust principles. Using AWS Verified Access, IT administrators can define policies and onboard new applications within minutes. AWS Verified Access integrates with Duo SSO to provide a single access dashboard with security contextual data like identity, location, and device security status that gives it the ability to set appropriate controls for granting application access. Go VPN-less!

Seamless user experience

Provide a simple and friendly access experience for users. Prevent password fatigue as AWS Verified Access and private applications are behind Duo SSO. Login once for all applications, making the experience easy and consistent, no matter which application users need to access.

Accelerate time to troubleshoot

AWS Verified Access evaluates each access request and logs all the requested data, including security signal input, using the information to authorize or deny requests. This provides visibility to the networking team into private application access requests, thereby enabling the team to quickly gather data and intelligence to direct a faster response.

Excited to learn more or get started with Duo SSO and AWS Verified Access? Here are a few resources: