Simplifying Zero Trust: Duo Secures the Workforce
At Duo, we believe security doesn’t have to be complicated to work. This philosophy is at the core of what Duo does best: make security accessible to all by making it easy to use, affordable and effective. We choose to avoid FUD (fear, uncertainty and doubt) messaging, because we believe that it is unnecessary.
Gaps in security visibility and technology due to outside vendors, solutions that may or may not be compatible and manageable, conflicting priorities, limited budgets or a limited security team can lead to real vulnerabilities when security is also complex.
Duo and Cisco have joined forces to eliminate security complexity. We aim to execute and deliver transparent solutions that play nice with others while offering visibility into systems that offer world-class protection without more work.
The New Zero Trust Defined
What is “zero trust” and why should you care? In the past, the security walls or the “perimeter” lived in and around the network. Mobility and globalization have changed that. Users are connecting to the network and applications in a variety of new ways — which has expanded the perimeter to anywhere access happens.
Zero trust uses a variety of factors for verification and authentication before granting access to work resources. In a nutshell, zero trust enforces that no trust or access is granted until users and devices are identified and verified.
It's not about getting rid of the perimeter - but rather tightening security on the inside.The new perimeter is less about the edge of the network, and now more about any place you make an access control decision.
—Wendy Nather, Head of Advisory CISOs, Summarized from Zero Trust: Going Beyond the Perimeter
The Ways of Access of the Past
- The corporate network relied on a firewall as the main barrier to entry for users, devices and applications
- The enterprise managed all endpoints accessing resources
- Systems managed by enterprises could trust one another, and trust was often based on network location
The New Way of Zero-Trust Access
- Visibility is clear and definable by setting policies and enabling BYOD (bring your own device) or IoT (Internet of Things) devices for business agility
- User, device and application trust is continually reestablished
- Monitoring and threat containment is continuous
To learn more about Zero Trust watch this video:
Three Key Areas of Business Protection: Workforce, Workloads & Workplace
Security for the enterprise should cover IT ecosystems, with many different vendors, software and infrastructure spread across the multi-cloud, hybrid cloud and on-premises.
The enterprise has to grant access for different types of users — employees, contractors, customers — often with BYOD devices and on a global scale. Enterprise applications talk to each other via APIs, microservices and containers, as well as IoT devices that regularly access the network.
Each area of your enterprise IT is equally important to protect using a zero-trust security approach.
- Zero Trust for the Workforce - Securely grant access to employees, contractors, partners, etc. and their secure devices (BYOD). Allow secure application access (regardless of location).
- Zero Trust for Workloads - Secure all connections within your applications (when an API, micro-service or container is accessing an application's database), across the multi-cloud (cloud, data centers and other virtualized environments).
- Zero Trust for the Workplace - Secure all user and device connections across your enterprise network, including IoT (types of devices may include: servers, printers, cameras, HVAC systems, infusion pumps, industrial control systems, etc.).
For comprehensive zero-trust coverage, you need to secure access across all three areas in a consistent and automated way.
Cisco Zero Trust
Cisco’s three-step methodology implements zero trust across the workforce, workloads and workplace by:
- Establishing trust of a user, device, application, etc. - before granting access or allowing connections or communications.
- Continuously verifying trust by monitoring for risky devices, policy noncompliance, behavior deviations and software vulnerabilities
- Enforcing trust-based policies with granular controls based on changing context - such as the security posture of devices and the behavior of applications
For the workforce, Duo Security protects against phishing, compromised credentials or other identity-based attacks with multi-factor authentication (MFA) to verify user identities and establish device trust before granting access to applications.
For workloads, Tetration secures hybrid, multi-cloud workloads and contains lateral movement with application segmentation. Identify vulnerabilities in software versions and block communication to reduce your overall attack surface.
For the workplace, Software-Defined Access (SD-Access) provides insight into users and devices, identify threats and provides control over all connections across the enterprise network, including IoT devices.
Duo’s Simplified Zero Trust for the Workforce
As the first step on your zero-trust journey, Duo provides simplified zero-trust security to protect the workforce by ensuring only trusted users and secure devices can access your applications, regardless of where they’re located.
- Duo establishes trust - By verifying user identities using multi-factor authentication (MFA). And by inspecting end user devices to ensure they're running the latest software versions, and are not jailbroken or tampered.
- Duo enforces trust-based access - Before granting access to applications or data, Duo enforces access policies based on contextual data, like user or user group roles, device security health and more.
- Duo continuously verifies trust - By monitoring for any indicators of compromised or risky end user devices, such as out-of-date software or the lack of security, like passcodes or encryption.
With all of these capabilities, Duo reduces your overall attack surface and mitigates risks related to identity, such as phishing or stolen passwords. Duo also gives you increased visibility into the security of end user devices, so you can identify both managed and unmanaged devices and enforce contextual access policies.
Join the Cisco Security Virtual Summit
In the first ever Cisco Security Virtual Summit, you’ll have the opportunity to join live as we unveil our latest product innovations and share why integration is at the heart of what we do.
When: Tuesday, November 12, 2019 at 1:00 p.m. ET/10:00 a.m. PT
Where: Click this link
Discover the future of firewall, SD-WAN, and zero trust.