Access security is more important than ever, now that most organizations are moving toward a mix of on-premises and cloud-based applications. To ensure we can trust our users, we must verify their identities, while checking the security health of their devices to determine the risk of granting them access to our applications.
It only takes one unprotected application - or out-of-date device - to result in a catastrophic data breach.
Real Identity and Device Exploits
In 2014, the entry point into JPMorgan Chase’s systems was via stolen credentials that gave attackers access to one of the bank’s servers. While normally the bank uses two-factor authentication to defend against this type of attack, the single network server had not been updated with the security tool, allowing attackers high-level access to more than 90 bank servers.
But stolen credentials aren’t the only access-based attack that can lead to a data breach. Out-of-date software on your users’ devices can also lead to a compromise. In 2015, researchers at Trend Micro found that The Independent, the WordPress-based blog of the U.K. newspaper, had been hacked and was redirecting users to web pages containing an exploit kit.
The exploit kit leveraged out-of-date versions of Adobe Flash Player to install malware and ransomware on their systems, using CVE-2015-7645, a critical vulnerability that could crash a victim’s system and allow an attacker to take control.
Securing Every Application
At Duo, we know that protecting every application at your organization is key to closing security gaps and reducing your attack surface. That’s why our Trusted Access solution integrates with every type of service you might use, including:
- Virtual private networks (VPNs) like Juniper, Cisco, and Palo Alto
- Cloud-based apps like Microsoft O365, Salesforce, Google Apps, AWS and Box
- On-premises applications and web apps like Epic, SSH, UNIX, and Wordpress
We also offer APIs and client libraries for everything else like Python, .Net, Ruby and more to ensure you can protect every login at your company.
Application Access Controls
To further control access to your applications, Duo also lets you create custom authentication policies and controls per user group or application, to ensure users only access the applications you want them to access.
For example, you might require developers logging into your production servers to always use two-factor authentication, with the most up-to-date operating systems and plugins like Flash and Java.
These types of controls can help reduce the risk of malware infection or a compromise due to lax authentication or poor device security health, and by enabling them on a per-app basis, you can make decisions about who and what type of device should be allowed to access applications based on the sensitive nature of your data stored in those applications.
Simple, Secure Cloud Access
The typical user needs to log into multiple cloud-based web applications each day to complete their job, which can be frustrating and time-consuming.
To simplify the login process, Duo offers single sign-on (SSO), which allows users to log in only once to a web portal in order to access all of their cloud applications. Duo ensures users can use SSO for secure access by checking the security health of their devices every time they access their work applications.
A complete Trusted Access solution covers every application, making access security easy and quick to implement and use to ensure access - by every user and device - to your environment is secured.