Leave Federal IT Legacy Limbo. No Rip and Replace Required
Anyone who has ever sold technology to the federal government or the military knows that they are a great customer to have with global reach, but their sales cycle is often very long and very slow. The government is a slow ship to turn around and they have to be sure before they signoff. Getting to the sales finish line requires many approvals, research and back and forthing that can last literally years. This makes it difficult for new technology to reach government agencies.
Modernizing federal government and public agencies’ IT infrastructure has been stagnant for the past decade. The slow sales cycle had government agencies investing in high dollar (now legacy) hardware and software that was secure and compliant — just as corporate America began to shift to the cloud — and then to mobile. First in a hybrid mix of on-premises and cloud technologies and applications — then as cloud was proven to be secure — the cloud became the new normal.
A rip and replace of legacy technology is cost prohibitive and risky. Until the technology is proven, there is always the possibility of another poor investment that will be gone as fast as most bitcoin ICOs.
The federal and public agencies with shifting budgets have been sort of stuck in a legacy limbo with expensive hardware, long licensing contracts, infrastructure that is not agnostic, hardware tokens and limitations prescribed by federal security and compliance regulations. They’ve been somewhat blocked from progressing into the modern era. One of the biggest hurdles for federal and public agencies the first step of authenticating a worker to allow them access to login into secure systems. The current old technology is the use of CAC and PIV smart cards which while prolific, are extremely limited.
In 2015, due to increasing cybersecurity vulnerabilities the then Federal Chief Information Officer (CIO) Tony Scott introduced the federal Cybersecurity Sprint that required federal agencies to:
Dramatically accelerate implementation of multi-factor authentication, especially for privileged users. Intruders can easily steal or guess usernames/passwords and use them to gain access to Federal networks, systems, and data. Requiring the utilization of a Personal Identity Verification (PIV) card or alternative form of multi-factor authentication can significantly reduce the risk of adversaries penetrating Federal networks and systems.
To maximize effectiveness, multi-factor technology should be mandatory for the entire organization as OMB guidance directs agencies not to spend time and money on new solutions that do not contribute to migrating to the mandated PIV-enabled end-state.
In 2017, Scott continued pressing for modernization of federal IT, but pointed out that he is not alone. Scott said, “On the issue of cyber, this is not unique to the federal government. I have plenty of CIO friends who work in banking, retail, media and entertainment, automotive and other industries and when I get together for a drink with my CIO buddies, guess what the number one topic is? I’ll give you one guess — it is cyber.” Cyber as in cybersecurity.
What Is Multi-Factor Authentication?
Passwords are extremely vulnerable to hackers as a single factor by themselves. With multi-factor authentication a user’s identity can be authenticated using two or three factor combinations.
- Something you know (e.g., passwords)
- Something you have (e.g., Personal Identification Verification (PIV) cards)
- Something you are (e.g., biometrics like fingerprints)
Duo Security developed mobile multi-factor authentication (MFA) from the belief that security at the highest levels of federal and government agencies does not have to be complicated to users to be compliant and effective against cyberattacks; can live in the cloud and expand the secure firewall to any application or device including BYOD devices with a built-in zero-trust model; and does not require a rip and replace of legacy system yet overcomes legacy MFA limitations.
Duo MFA works with current legacy systems while consolidating multiple tools into a single vendor and a single user-friendly dashboard, to get a clear path through legacy limbo into the modern era for federal and government agencies.
How Does MFA Help Federal Agencies?
Duo helps federal agencies face many of their most thorny cybersecurity concerns quickly and head-on, with an easy-to-use and easy to deploy approach to MFA.
Duo helps you:
- Overcome the compliance confusion
- Gain deep visibility into devices
- Solve the PIV/CAC conundrum with Duo Mobile
- Escape from legacy limbo
- Provides end user-friendly multi-factor authentication with flexible authentication options for every use case
- Gives admins complete visibility into endpoint security across all devices - including unmanaged, personal devices
- Can be configured for granular access control policies based on user, device and application attributes
- Natively integrates with cloud and on-premises apps, remote access, servers, custom web applications, identity providers and standard protocols such as SAML, RADIUS, LDAP and REST APIs
- Can be deployed in hours and doesn't require a full-time security team to manage or roll out
- Provides one centralized dashboard to view all overall security policies, with reporting and logs for compliance audits
- Uses Duo's rich data telemetry to block access by insecure devices
- Provides modern remote access to multi-cloud environments
How Does Duo Work?
After entering a username and password, users verify their identity by approving a push notification on their phone, sent by Duo Mobile.
- Is available for iOS and Android devices, including smartwatch support such as Apple Watch
- A user-friendly, frictionless and secure way to complete multi-factor authentication
- Duo Push offers the easiest and more secure method of multi-factor authentication.
Other Authentication Methods Supported by Duo
Duo supports a variety of authentication methods. Easily authenticate anywhere, anytime, with any device using Duo.
- U2F (Universal Second Factor)
- Touch ID for Mac (WebAuthn)
- Mobile one-time passcode (OTP)
- Phone callback
- SMS (text passcode)
- OTP Hardware tokens
- Duo D-100 hardware tokens
- Third-party hardware tokens
- Bypass codes - administrator-generated OTP
Duo is FedRAMP In-Process, offers offline MFA functionality to help comply with DFARS-CUI and delivers two-factor authentication to comply with NIST guidelines.