The (New) 2016 Duo Trusted Access Report: Microsoft Edition
We’ve just released the second version of The 2016 Duo Trusted Access Report: Microsoft Edition, a closer look at the security health of millions of devices running Microsoft software and accessing Microsoft applications.
In this report, we cover:
- How out-of-date software can increase the likelihood of a potential data breach
- An analysis of Duo’s dataset of enterprise Window devices and Microsoft applications, including how many are out-of-date and insecure
- Duo’s security recommendations on securing your organization with Trusted Access, a holistic security platform
A New Era of Access
The traditional security perimeter no longer exists – data and applications are stored in hybrid environments in the cloud and on-premises. Users are bringing their own devices to work, making it a challenge for administrators to maintain insight and control.
Out-of-date devices are at greater risk of exploitation, as they’re susceptible to known software vulnerabilities that can allow attackers to compromise them. It’s time to rethink security to better secure our people, devices and applications.
The status quo isn’t working - unfortunately, users’ devices aren’t safe. In addition to unsafe devices, credentials are still king for gaining access to systems with sensitive company data. We’re failing at the fundamentals in an age of access, as we increasingly see our data spanning not only infrastructure we own, but a lot that we don’t. We don’t know who’s accessing what, and how. In the past, we built security for networks and systems. But now, we have to build security for people.
- Dug Song, CEO & Co-Founder of Duo Security
This report helps you understand what devices are at risk, and how you can mitigate the risk.
An Analysis of Microsoft Devices
This report focuses on Windows devices, shedding light on the 63% of the devices that are running the Microsoft operating system.
We take a closer look at the adoption rate and out-of-date versions of Microsoft browsers, including Internet Explorer and Edge, and plugins like Flash and Java. Finally, we provide an analysis of the different industries using Microsoft applications, including the most popular integrations with Duo’s service.
Here’s a quick look at a few of our top findings:
- Sixty-five percent of all Windows devices are running Windows 7, released in 2009. Approximately 600 security vulnerabilities affect Windows 7.
- Tens of thousand of devices are still running Windows XP 15 years after its release. This represents more than 700 vulnerabilities, 200 of which are rated as high-to-critical.
- Twenty percent of devices running Internet Explorer (IE) are running unsupported versions 8, 9 and 10. IE versions 8 through 10 have reached end-of-life status without the ability to receive security patches, leaving them susceptible to old exploits. Of all devices running Microsoft browsers, only 3% are using the latest, Edge.
Securing Hybrid Environments
In the report, we provide several security recommendations for protecting your organization in this new era of access.
Duo’s Trusted Access platform verifies the identities of your users with two-factor authentication, and checks the security health of their devices before granting them secure access to applications.
- Trusted Users - Ensure every user is who they say they are when they log into your applications with two-factor authentication and contextual user access controls.
- Trusted Devices - Ensure every device is healthy and trusted by checking for out-of-date software, enabled security features and jailbroken or rooted status. Block, warn or notify users to update with device access controls.
- Every Application - Protect every application, no matter where it lives - on-premises or in the cloud. Single sign-on allows your users to log in only once to access all of their cloud applications.
Our holistic security solution can be used to protect every application in a hybrid environment – both Microsoft on-premises and cloud-based services during the migration. Get a full list of our security recommendations and see more data and findings from our analysis.