My Travels Around the World With Duo Security
I consider myself very lucky that my role at Duo as an Advisory CISO affords me the ability to see the world. As a result of speaking at conferences and meeting with customers, I get to interact with an international audience. This has given me insight into the shared security problems with which we all must contend. We all worry about data breaches, security access control and privacy.
The best part of working for the Duo Security team at Cisco is that everywhere I go people want to show me they are running the Duo app on their phone or their watches, and to let me know how happy they are with the application. This really does make me smile.
In 2009, our founders, Dug Song and Jon Oberheide developed Duo with primary purpose of making security accessible to all by making it so simple and frictionless — it leveled the playing field. They set upon a path to democratize security. They had a mission to make security easy to use and thereby insuring a wider adoption from non-technical folks. Based on the number of very happy people I have talked to in my travels — I can safely say that they accomplished their goal!
Recently, I sat in an airport lounge in Hong Kong when a gent across from me started smiling away. He pointed at my Duo Security t-shirt and waved. I returned the gesture. Then he held up his phone to show me he was running Duo on it. In that moment, it really hit me that something was shifting in how people do business.
Years ago, I would use all manner of products. I would have to contend with green screens or applications written by engineers for engineers, and various other applications that did little to enable business. For the most part they were there to block activity, as opposed to helping the business operate in a safe and secure fashion. Back then we would rely on functions such as static passwords to “secure” access to our data. Today we have applications such as Duo Multi-Factor Authentication (MFA), Duo Access and Duo Beyond which actually helps organizations ensure the best secure access to their Crown Jewels while enabling their business to operate frictionlessly.
Duo helps to provide customers with the ability to move towards a zero-trust design and create built-in security champions within the workforce by securing the workload and workplace. Isn’t that what it’s all about? I spent years tangling with security products and implementations. More often than not they were geared towards getting to “no”. This was a huge driver behind the entrenched view of so many, that security was a blocker and cost center as opposed to being an enabler as it should be.
Furthermore, the psychology is that users are somehow responsible for their security failures. In most cases I encountered, people simply were unaware that they had made a security choice, let alone a poor one. They had not been properly educated on how to do things safely and securely, yet security practitioners were to ready to throw them under the bus for their indiscretions. Instead, what we as security professionals should be doing is taking the time to better educate and enable our end users so that they are properly equipped to handle what we all too often expect them to do via intuition. We need to give our people tools that they can use effectively, in addition to training them on security. Both are crucial.
When I encounter someone smiling and showing me their Duo application on their mobile device in India, Singapore, Sweden or wherever my travels may take me, it makes me smile as I realize that these are end users who have been enabled to do their job in a safer fashion and are they proud to share their experiences with me.