Duo Network Gateway – Reduce VPN Dependency Using Zero Trust
It’s Friday, you just got paid and you’re getting ready to take off for the weekend but you want to check your pay stub to verify your taxes so you hit your employee records portal. Those wonderful words of ‘Denied Access’ appear in your browser; you need to connect to the corporate VPN to access your pay stub.
If you are like me, you sigh, and put your machine to sleep because the workflow for your VPN requires far too much effort for something that should be a simple and quick process. If you do find yourself having the motivation to continue further on your journey of checking that pay stub, you first load up the crusty VPN client.
From here you copy and paste your username and password out of your password manager because the client is utilizing an embedded browser that can’t utilize your password manager, then you perform 2FA manually because the client is again using an embedded browser and it can’t utilize your Yubikey. After all of that you are finally logged in, but wait, there is an alert that you have to read about the VPN endpoint changing in the next 3 months. You are finally connected to the corporate network through the creepingly slow data pipe that is shared by a multitude of your coworkers.
Phew, finally time to actually perform the task you set out to originally; checking your pay stub. You hit the employee portal and you are finally able to verify that your taxes are correct, health insurance looks accurate and all checks out but what a process that seemingly small task turned into.
What is the Duo Network Gateway?
The Duo Network Gateway (DNG) enables organizations to provide zero trust remote access to web applications, web pages and SSH servers without the requirement of a VPN or exposing those applications to the internet directly.
This empowers any end user to access their applications from any device, on any network, and adds granular policy controls that ensure only the users that need access, have access as well as ensuring the hygiene of the connection.
How To Use Duo Network Gateway
The Duo Network Gateway can turn the employee pay stub story from above into a single process all from within the comfort of your web browser. An end user hits the employee payment portal directly just like they would hit Office 365 or Salesforce and they are greeted with a request for primary authentication then 2FA and they are in.
No need for a clunky client, copy and pasting sensitive information to the machines clipboard, and they get to utilize any of their desired 2FA devices through the process. The end user gets to enjoy a much simpler experience of hitting the resource they want to access without jumping through hoops to do so.
The organization gets the added security of the zero trust architecture that the Duo Network Gateway inherently provides; checking the user, the hygiene of the access device, the hygiene of the 2FA device, etc. for every application the end user needs to hit that day.
The organization can choose to allow the end user to check a “Remember Me” box if they wish as well to provide an even more seamless experience. An end user can authenticate once in the morning, hit that checkbox to be remembered for the acceptable duration that the organization sets, and the end user is free to use anything they need to access without requiring the authentication steps they already performed.
This is the power of the Duo Network Gateway.
Evaluating Use Cases For Duo Network Gateway
The Duo Network Gateway can provide an excellent end user experience while potentially leveling up the security of an organization in the process. The Duo Network Gateway, like any other technology, is not a silver bullet for all of the organization's use cases. The Duo Network Gateway provides zero trust access to an application or server but does not inspect every connection that an end user may be making that day.
Let’s say that an end user needs to order lunch for a meeting today, does the organization need to know that a connection to the Panera Bread website was performed? Probably not. Does the organization need to protect the portal used for expensing the meal for the meeting? Absolutely. This is where one benefit of the Duo Network Gateway shines — protecting the organization without being creepy to the end user.
Another example may be the requirement for an end user to utilize Microsoft's Remote Desktop Protocol, RDP, to access a Windows machine in the datacenter. The Duo Network Gateway will support this use case in the near future; but if you need this protection today, check out the Duo Authentication for Windows Logon and RDP application.
Looking Ahead - The Future Of Duo Network Gateway
The Duo Network Gateway is a powerful tool that organizations can utilize for providing end users with the flexibility of cloud based access to applications that are hosted on-premises, whether that is inside the physical office or hosted in a cloud environment that is locked down to the physical office’s public IP and the DNG supports HTTP/S and SSH today.
This leaves a gap, and Duo has been working on covering this gap. The Duo Network Gateway team has plans to support much more with RDP being the first protocol in the line up. With that in mind, what other protocols can you see the DNG being used for that it doesn’t support today?
Let us know your thoughts in this survey.
We talked about the Duo Network Gateway a lot just now. We talked about what the DNG is and what the DNG isn’t. We covered the seamless end user experience that the DNG can provide, and we delved into the additional security that an organization gains via the inherent zero trust architecture of the DNG. If you would like to give the DNG a try within your organization or in your personal homelab environment, check out the free 30-day Duo Trial.
Watch This Video On How To Install and Configure Duo Network Gateway
Try Duo For Free
See how easy it is to get started with Duo and secure your workforce, from anywhere and on any device with our free 30-day trial.