There's no denying it — remote work is the star of the corporate security show right now. It's more important than ever for organizations to provide their employees with secure access to the tools they need to be productive.
Although it feels very of-the-moment, remote work has been on the rise for years now. That said, the recent and rapid expansion of work-from-home culture presents new security challenges. How can employees access all their applications without exposing mission critical information to unnecessary risk? How can organizations allow employees to use their devices on unsecured networks, and ensure that users keep their operating systems and software up to date? There's a lot to think about.
At Duo, it's our job to make application access more secure for organizations of all sizes, and while every organization's remote access strategy will be slightly different, there are a few fundamental factors to consider — key plays to have in your remote access playbook, so to speak.
In this report, we'll look at what companies are doing to secure remote work and discuss what makes a good remote access strategy.
Pandemic impact report: Security leaders weigh in, CSO Online
The core considerations for a good remote access strategy generally fall into three categories. We'll look at each in depth.
In this report, our security research team analyzed data from over 26 million devices, more than 500,000 unique applications and roughly 700 million authentications from across our customer base, spanning North America, Western Europe, and Asia Pacific.
72% increase in multi-factor authentications from remote tech
85% increase in use of policy to disallow SMS authentications
iOS devices were 4x more likely than Android to receive and install updates within 30 days
Total devices with biometrics enabled increased 64%
-1604953602.svg){kind=icon}
The average number of daily authentications to cloud apps increased 40%
As the workforce becomes more distributed, protections against credential theft are becoming both more stringent and more granular. This year, we saw 85% more customers disallowing less secure methods of multi-factor authentication — looking at you, SMS! — and the most-used authentication method, by a large margin, is Duo Push with almost 69% of total authentications.
See how your industry's most common authentication methods compare to those in other fields.
This content is animated. To view it, please enable Javascript in your browser (you’ll be glad you did, trust us!).
Industries vary the type and scope of their authentication methods based on their risk appetites. As a result, we see some industries, like Media & Entertainment, Financial Services and Technology, leading the charge with stronger authentication regimens, such as Duo Push technology.
— Dave Lewis - Global Advisory CISO, Duo Security at Cisco
In the full 2020 Duo Trusted Access Report, we'll explore:
With an increasingly remote workforce, companies can't solely rely on corporate networks or recognized devices to provide security protections. Instead, thoughtful security policies allow users to access applications on the devices they have available, whether they're corporate-managed or not.
Policies are being used to help companies adapt to changing circumstances and security threats — over the past year, we've seen companies allow login attempts from certain countries but not others. Last year, a Chrome vulnerability prompted an uptick in browser limitation policies.
See how companies use security policies to allow application access only from devices they can trust.
This content is animated. To view it, please enable Javascript in your browser (you’ll be glad you did, trust us!).
For security professionals, "work from anywhere" means "protect everywhere." In many cases, authentications can be monitored using measures like device health restrictions and tight policies for critical applications. However, it's sometimes necessary to block all access attempts coming from specified locations.
Heat maps show us that, of companies who block access based on location, Russia is blocked most frequently, followed closely by China. North Korea, Iran, and Afghanistan round out the top five.
This content is animated. To view it, please enable Javascript in your browser (you’ll be glad you did, trust us!).
Get the full 2020 Duo Trusted Access Report to learn more about:
Unsurprisingly, our data shows that remote access and cloud applications are becoming more popular year over year (between June 2019 - June 2020). But the implications of this trend go far beyond user convenience and market availability. Cloud applications are easy to protect with a security layer, like Duo's Multi-Factor Authentication, reducing time-to-security for new vendors, and bringing users the productivity tools they need to work effectively in a remote setting.
Remote access technologies, like VPN and RDP, further secure sensitive data and are still an essential part of most work-from-home strategies — in fact, they're by far our most commonly accessed application type, claiming almost 37% of total authentications.
See key trends in the types of applications companies are protecting.
of authentications are to remote access technologies.
increase in authentications to VPN and RDP applications.
growth in cloud app adoption among enterprise companies.
of authentications are to on-premises applications.
Because they don't have the internal resources to go cloud-first, small and medium-sized companies tend to leverage on-premises solutions to run the day-to-day operations of their business. Relying on older, tried-and-true ways of deploying technology isn’t a bad thing, but it does present itself as a limiting factor for future growth.
— Dave Lewis - Global Advisory CISO, Duo at Cisco
Get the full 2020 Duo Trusted Access Report to learn more about:
In this report, you'll learn:
With the convenience of remote access, users are vulnerable to threats like phishing, brute-force attacks and password-stealing malware. Download our guide to learn how to secure remote access,...
Tech and security analysts predict enterprises will shift to passwordless authentication for their users to enable modern digital transformation. In this white paper, we discuss the passwordless...
Not every zero-trust approach to securing the workforce is created equal - our guide will outline the requirements your solution should have to support a modern organization.