Cisco Secures 125K user identities with Duo while advancing passwordless journey
For modern enterprises, identity security is a journey without end. Users, threats, and data privacy laws all keep changing, making a strong security program a question of scale, speed, and adaptability.
Cisco began using Duo to secure its global workforce of nearly 125,000 users and close to 285,000 devices back in 2021. Duo delivered strong identity security out of the gate and has since helped Cisco implement longer-term strategic initiatives like passwordless and end-to-end phishing resistance, all while delivering a frictionless user experience. Read the full case study.
Seamless security and simplicity started on day one
Duo’s speed to security helped Cisco meet its formidable goals for security-first identity and access management (IAM) in short order. In just three months, the IT team successfully rolled out Duo’s powerful multi-factor authentication (MFA) across its entire North American workforce. The rollout progressed quickly with Cisco onboarding the first 100,000 users across 98 countries and only 1% contacting the help desk for support.
Users worldwide were able to self-enroll and choose from a variety of flexible, secure authentication methods like Duo Push, security keys, and biometrics including Windows Hello and Touch ID. Duo also strengthened security for third-party access by contractors with Duo Device Trust evaluating the health and status of unmanaged and personal (BYOD) devices before granting access.
Since the initial worldwide rollout, Cisco’s use of Duo has continued to scale and leverage features that deliver powerful benefits to workers, IT, and security teams. Impressive milestones included:
User authentications reduced by 3.5M per week with Duo Passport extending trust across diverse applications and Risk-Based Authentication (RBA) allowing IT to adjust verification requirements in real time
5 million health checks performed on user devices per month
Savings of $3.4M in employee productivity through Duo’s frictionless MFA and single sign-on (SSO) capabilities, allowing users to spend less time logging in and re-authenticating
Help desk and IT support costs reduced by $500,000 per year as users perform self-service password resets and guided device hygiene updates
Sarabjeet Rana, Principal Engineer at Cisco describes Duo’s growing impact on IT and security operations. "With our rollout of Duo within Cisco, we’ve been able to strike the right balance between user experience and security—it’s rare that these words are used together when it comes to security-related enforcements, but thanks to Duo we can,” he says. “End users don’t even feel when changes have happened in the background. We’re able to do very controlled rollouts so users don’t see the impact and our support team never gets bombarded with cases.”
Equipping Cisco to fortify identity and improve its user experience quickly was a powerful start, but as it turned out, these foundational achievements were only the beginning.
Duo turned stretch goals into success stories
As a provider of critical technology infrastructure, Cisco’s goals for strengthening its security posture continued to evolve since the company first rolled out Duo. Now, along with reducing the overall number and complexity of logins, Duo helps the company advance toward completely passwordless, phishing-resistant access that protects users at every stage.
Passwordless is advancing the zero trust journey
Duo's combination of Risk-Based Authentication and passwordless made 99% of our logins phishing resistant as we made the transition from having passwordless authentication to having a passwordless-only authentication.
Sarabjeet Rana
Principal Engineer, Cisco
Cisco’s most recent successes with Duo include making 99% of its worldwide monthly logins phishing resistant with 90% of authentications requiring no passwords at all—landmark achievements for zero trust authentication.
Unlike traditional IAM solutions, Duo delivers end-to-end passwordless identity verification from the time users first enroll and onboard to MFA. Secure, phishing-resistant coverage even extends to help desk calls and emergency fallback situations.
Modern, end-to-end phishing resistance capabilities now include Duo’s Proximity Verification, session theft protection, and its recent integration with the Persona identity verification service. Persona uses government-issued IDs, selfies, and liveness detection to detect and defend against identity fraud and AI-powered deepfakes.
AI-led identity intelligence saves time
When triage progresses to in-depth investigations, Duo’s integration with Cisco Identity Intelligence equips the team with a set of tools they can use to drill down into specific areas or take a broader view of investigation related to identity.
“When you’re triaging incidents, you’re potentially presented with quite a lot of data and you need to crunch it in a way that is time-efficient,” Incident Response Investigator Marcin Latosiewicz explains. “Cisco Identity Intelligence allows us to triage incidents faster so they don’t progress to something really bad. It’s excellent at providing context across the different data sources we have in a manner that doesn’t require us to check different sources, and it presents everything all in one place.”
Duo and Cisco Identity Intelligence equip Cisco’s IT and security teams with complete visibility across every identity source and advanced insight into who’s accessing organizational resources from where and on what devices so they can prioritize and mitigate threats in real time.
Coming next: A passwordless future powered by AI
Cisco continues to use Duo’s complete IAM solution to strengthen identity security, improve user experience, and streamline operations at the same time. IT and security leaders believe the modern identity security enabled by Duo will propel the company toward complete passwordless and zero trust defenses enhanced by AI.
“If you don’t do identity well, you may as well not start with anything else,” Latosiewicz says. “You can definitely see this inside of Cisco: We went from a world where we had a fragmented authentication and authorization system to one where we’re starting to coalesce around Duo and essentially have one solution for authentication. It’s been a long journey but we’re in a much better place.”