Duo Feature Update: Helping Users Update Endpoints
Welcome to the future of endpoint management (well, almost): Every endpoint is up-to-date, users patch vulnerabilities on their own, and when a 0-day patch is available, users know what to do in order to fix their endpoints.
Today, we’re excited at Duo to announce the availability of end user Self-Remediation. This new policy enables administrators to show users what browsers and plugins are out of date and likely vulnerable, without using an agent. Our goal is to help you keep endpoints as up-to-date as possible by making security part of your end users’ daily life.
When Self-Remediation is enabled, Duo informs end users about how to keep their device secure and up-to-date when authenticating via our web-based authentication prompt, while continuing to provide a frictionless experience. Users have the option to continue with the authentication process or optionally update their device.
Self-Remediation also provides an opportunity to help the end user understand why security is important. We interviewed numerous individuals to understand what incentivizes end users to update their devices, and it boils down to two items:
- Make security personal.
- Remove the notion that updates take a long time.
Making security personal for all users can be difficult, because it means different things to different people in different organizations. For example, some users need protection from the infamous Nigerian Prince scam, while other users have fallen prey to social engineers claiming to be from Microsoft, only to be extortionists. Do you have a credit card? Statistics show that 1 in 10 of Americans have dealt with credit card theft, which accounts for 40 percent of all financial theft.
We interviewed many of our customers’ end users, and quickly discovered that users think of this as one thing: “Bad guys.” Users want to know how the organization and its security policies are protecting users from those bad guys. We used this to inform our Self-Remediation feature, so the end user can participate in protecting themselves from bad guys in a clear and understandable way.
That brings us to our next hurdle: It’s no mystery that users loathe updating. Regardless of the update, they often believe any update will take upwards of 20 minutes. Our data shows users are more likely to update if they believe it won’t take very long.
Our analysis shows most browser and plugin updates take less than a minute, and this includes download times. Our user testing showed 70 percent of users were willing to update their device once they understood it wouldn’t take very long, and it would protect them from the elusive bad guy.
Ease of use for the end user is one of our top priorities. We’re excited about making security part of our end user’s day-to-day life! Check out Duo Access to start helping your end users update their endpoints!