Skip navigation

The 2019 Duo Trusted Access Report

Now Available: The 2021 Duo Trusted Access Report

In this report, you’ll find:

  • Analysis of data that shows users are implementing the key principles of zero-trust security for the workforce
  • An examination of user and device security and how users are accessing applications
  • What security policies users are enforcing to reduce risk and ensure secure access to applications
  • Data showing how users react to internal phishing campaigns
  • Which browsers and devices are most frequently found to be out of date when attempting to access applications

The Zero-Trust Future Is Now

The explosion of cloud applications and mobility has expanded the concept of a perimeter security architecture, which assumes that every user and device inside company walls is secure and therefore trusted by default. Users, devices and applications are now everywhere, and they’re more frequently outside of the traditional network. It’s a transformation more than a decade in the making.

Today’s workforce is always on and always connected. Workers now use their personal mobile devices to access cloud applications and expect frictionless access regardless of time, device or location. It’s the epitome of any time, anywhere and from any device.

A zero-trust architecture for the workforce ensures the trustworthiness of devices and users’ identities wherever application access is attempted and before granting access, whether users are on or off the network. This security model verifies users and establishes trust in their devices (those users and devices comprise your workforce), no matter where they are located, what devices they use, and which applications they access.

For The 2019 Duo Trusted Access Report, our data shows that Duo customers across all industries are starting to implement zero-trust security principles to secure their workforce.


For this report, our advanced research team, Duo Labs, analyzed data from nearly 24 million devices, more than 1 million applications and services and more than half a billion authentications per month from across our customer-base, spanning North America and Western Europe.

Five Key Findings

Here are five key findings outlined in The 2019 Duo Trusted Access Report. Download the full report to see all of our key findings.

Biometrics Use is Climbing

Over the last four years, customers are more often using biometrics as a second or third authentication factor to access applications. This year, 77 percent of devices used by Duo customers have biometrics, such as Apple Touch ID and Face ID, Android fingerprint sensors and Windows Hello configured.

Fewer Fooled by Phishing

Data from our phishing simulator tool revealed that in 2019 internal phishing campaigns are capturing fewer credentials and finding fewer out-of-date devices. Users are also opening phishing emails less frequently.

Use of Flash Fizzles

As Adobe Flash Player continues to crawl toward end of life, more Duo customers have Flash uninstalled from their devices. So far this year, 71 percent of Duo customers have removed Flash, which is up from previous years.

Android Devices Still Most Out of Date

Android devices lead the pack of out-of-date devices at 58 percent. Meanwhile, as of May 31, 2019, only 9.7 percent of Android devices were on the latest patch, which had been released 26 days prior.

Remote, Mobile Work Increasing

Our data shows 45 percent of requests to access protected applications came from outside the business walls, showing that users are truly mobile and the perimeter has expanded to where access occurs.

Zero Trust for the Workforce

A zero-trust architecture for the workforce is a paradigm shift. It grants or denies access based on the trustworthiness of users and their devices, which comprise your workforce, and does so wherever access happens, instead of relying on a traditional perimeter security model. As cloud and mobility continue to become must-haves, the enterprise must be able to give users access no matter where they are, regardless of which type of device they use or which applications they need to access. Implementing and adhering to the principles of zero-trust security for the workforce can make that happen.

Download The 2019 Duo Trusted Access Report: Expanding the Enterprise Perimeter with Zero-Trust Security for the Workforce now and see all the data.

Preview the eBook