Thanks to the remote work revolution, the future of security will be more efficient, effective and user-friendly — and maybe even password-free. Find these insights and more in Duo’s 2021 Trusted Access Report.
The landscape of authentication is clearly changing. Just a few years ago, security experts started preaching a risk-based access model — evaluating users, their devices and the applications they access to determine a login’s legitimacy. The corporate network wasn’t the ultimate source of security anymore. Instead, risk could be managed using stronger security controls — like multi-factor authentication (MFA).
Now, with the concept of deperimeterization firmly established, access security is building on the foundation of MFA. IT professionals are realizing that security adoption is as important as the technology itself — and that forgoing passwords is a major usability improvement. It is also clear that remote work is here to stay, and access security must
respond to new and evolving use cases. In the face of so much change, it’s more important than ever that organizations have a streamlined, effective security stack that runs like clockwork.
In this report, we’ll examine these industry shifts, and look at how Duo’s customers are adapting to a more nuanced security landscape.
Trends in how organizations use Duo show that:
More than ever, organizations are realizing that usability is security.
Access security has become all but mandatory over the past few years.
Existing security workflows are becoming more streamlined.
For this report, Duo’s Data Science team analyzed data from more than 36 million devices, more than 400 thousand unique applications and roughly 800 million monthly authentications from across our customer base, spanning North America, Latin America, Europe and the Middle East and Asia-Pacific.
5x increase in Webauthn usage since April 2019
Biometrics enabled on 71% of active customer phones
Duo Push most popular authentication method at 30% of total auths
Of customers using location policies, 74% block Russia and China
15% of authentications are to cloud apps, up from 13% last year
More than ever, organizations are realizing that usability is security. Security workflows that are easy to navigate are more likely to be adopted and less likely to be circumvented, so the value of a well-designed interface can’t be underestimated.
The emphasis on experience is evident in Duo’s authentication data — we’ve seen utilization of user-friendly authentication methods like biometrics, WebAuthn and Duo Push increase significantly since 2019.
See how usage of Duo's available authentication methods has changed year over year since 2019. Toggle methods on and off to filter your comparison.
Organizations are showing movement away from passwords, which would significantly improve the login experience for many users. Cisco recently surveyed technical decision-makers from around the world and found that over 50% were considering
a passwordless solution. When asked to choose their top criteria, decision-makers consistently identified improving the overall security of their company and improving the experience of the end users as most important.
See what's most important in a passwordless solution, and toggle between the answer choices to explore how each country surveyed responded.
Passwordless provides the user benefit for initiatives strengthening authentication. Employees see faster authentication with fewer login prompts and less friction.— J. Wolfgang Goerlich, Advisory CISO, Cisco
Over the past few years, access security has become all but mandatory. Many companies now see MFA as a baseline essential in their security strategies, and its appeal continues to grow — the MFA market is projected to reach $23.5 billion by 2026.
It’s no surprise, then, that we see Duo usage expanding as well. Duo customers are protecting more applications, enrolling more devices and performing more authentications than ever before.
Cloud and Remote Access apps are leading the way.
The top 5 countries where auth volume increased:
Trusted access blends the topics of security, compliance and privacy in a way that affects all of us on a daily basis. Evolving this trusted access is a top priority for our digital future.— Wendy Nather, Advisory CISO, Cisco
With security coverage well established, companies can focus on streamlining their ecosystems, reducing total cost of ownership and eliminating technical debt. Organizations no longer need a different security solution for each use case; now, companies can cover many requirements with adaptive access policies.
Duo’s policy engine can meet critical, sometimes niche needs — like checking devices for compliance at every login, securing data more heavily than less critical applications and allowing users to access corporate networks remotely under the right conditions. Over the past year, we found that policy configuration blocked 7.6% of authentications overall.
We dug into policy data to find out what commonly causes users' authentications to fail. Compare how the causes break down by percentage between 2020 and 2021.
[Continuous trusted access] means users can have a nuanced, appropriate security experience – requiring additional checks only when needed. This puts control of the user experience back in the hands of the users, addresses emerging compliance requirements and makes the security administration function simple.— Helen Patton, Advisory CISO, Cisco
In this report, you'll learn: