Zero Trust: A strategy that allows little room for assumptions to be made; a user must never trust that they are accessing their data securely and instead must double- or triple-verify identity at login.

What are the main concepts of zero trust?

User/Application Authentication Ensuring users and their devices are trustworthy at every access request, no matter where it comes from Device Authentication Securing access across applications and networks Trust Extending trust to support a modern enterprise across the distributed network

How does zero trust work?

Zero trust can be summed up as “never trust; always verify.” This approach treats every access attempt as if it originates from an untrusted network — so access won’t be allowed until trust is demonstrated. Once users and devices have been deemed trustworthy, zero trust ensures that they have access only to the resources they absolutely need, to prevent any unauthorized lateral movement through an environment.

What are the challenges of implementing zero trust?

<ul> <li>Security Overload for End-Users</li> <li>Workforce Decentralization</li> <li>Environmental Complexity</li> </ul>

What are the benefits of zero trust?

<ul> <li>Streamline User Experiences</li> <li>Protect a Diverse Workforce</li> <li>Secure Remote Work</li> </ul>

How do you implement zero trust?

There are five phases for implementing Zero Trust for the Workforce, which comprises an organization’s users and their devices, and how they access applications. <ol> <li>Establish User Trust</li> <li>Device and Activity Visibility</li> <li>Device Trust</li> <li>Adaptive Policies</li> <li>Zero Trust for the Workforce</li> </ol>

Skip navigation

Our Product

Our Product

Simple Tools for Complex Security Needs

Connect and protect your employees, business partners and customers with identity-powered security.

Explore All Products

How Does Duo Work for You?

Get the security features your business needs with a variety of plans at several price points.

Duo for Small to Medium Businesses

Desktop and mobile access protection with basic reporting and secure single sign-on.

Duo for Enterprise

All Duo Small/Medium Business features, plus adaptive access policies, greater device visibility, plus advanced device insights and remote access solutions.

Duo for Federal Government

FedRamp authorized, end-to-end FIPS compliant, streamlined solutions.

Duo for State and Local Government

Meet compliance objectives with our friction-free MFA.

Compare Editions

Key Capabilities

Duo provides secure access to any application with a broad range of capabilities.

Multi-Factor Authentication (MFA)

Verify the identities of all users with MFA.

Remote Access

Provide secure access to on-premise applications.

Device Trust

Ensure all devices meet security standards.

Single Sign-On (SSO)

Provide secure access to any app from a single dashboard.

Adaptive Access Policies

Block or grant access based on users' role, location, and more.

Explore Demos Contact a Duo Rep
Solutions

Solutions

Secure Access for a Variety of Industries & Use Cases

Duo’s security is customizable, easy to set up and simple to use, making it the perfect solution for a wide range of industries.

Explore Our Solutions

By Industry

Duo provides secure access for a variety of industries, projects, and companies.

K-12 Education

Higher Education

Finance

Healthcare

Legal

Retail

Technology

Federal Government

State & Local Government

Meeting Your Goals

Whether you're considering a big-picture security strategy like zero trust, or you want to address a specific threat like phishing attacks, Duo has you covered.

Access Management

This set of tools and policy controls ensures only the right users have access to applications and resources and under the right conditions.

Zero Trust Security

A zero trust model establishes trust in users and devices through authentication and continuous monitoring.

Passwordless

Duo's comprehensive access security sets the stage for user-friendly, password-free multi-factor authentication.

Phishing Prevention

Secure your workforce against phishing attacks with strong multi-factor authentication, device trust and more.

Risk-Based Authentication

Duo’s dynamic solution detects and responds to potential threat signals to secure trusted users and frustrate attackers.

Explore Demos Contact a Duo Rep
Why Duo?

Why Duo?

Strong MFA Security that Doesn't Sacrifice Productivity

With Duo, you can have both, in a platform that integrates across your entire ecosystem. Every user, every device, no exceptions.

Why You Should Choose Duo

Have It All

Duo delivers peace of mind with strong security and increased productivity at an unmatched value.

Speed to Security

Reduce friction and automate processes so that end-users and administrators can focus their time on moving your business forward.

Next Level MFA

Duo continues to pioneer MFA-approaches that keep your business a step ahead of the next threat.

Protection and Productivity

Our Risk-Based Authentication reduces the burden placed on users so they can verify their identity quickly and get back to the task at hand.

Complete Coverage

Close the gap on your security perimeter and bring every user and every device under one secure roof.

Explore Customer Stories

Duo provides secure access for a variety of industries, projects, and companies.

Explore Duo Demos

Click through our instant demos to explore Duo features.

About Duo

Duo Security is part of Cisco Secure — find out how we make global security resilience easier than ever!

Explore Demos Contact a Duo Rep
Pricing
Duo Blog
Docs & Support

See All Duo Documentation

Getting Started with Duo

Duo Essentials Edition

Remote Access & VPN

See All Duo Resources

Events & Webinars

eBooks

Duo Videos

See all Duo Support

Support for Duo Users

Support for Admins

Additional Support Information
Admin Login

Contact Sales Free Trial

Zero Trust Starts with Secure Access

Never trust; always verify. A zero trust model establishes trust in users and devices through authentication and continuous monitoring of each access attempt, with custom security policies that protect every application.

Download the Guide

How to Implement Zero Trust

image of a person working on a laptop demonstrating what the Duo dashboard for admins looks like.

In order to implement a zero trust architecture, organizations must meet four functional requirements: establish trust, enforce trust-based access, continuously verify trust, and respond to changes in trust. Duo’s user-focused approach provides each of these functions in a way that frustrates attackers and not users, so you can move towards zero trust with zero friction.

Duo authenticates users and verifies devices to establish trust
Duo enables access and applies powerful and granular adaptive policies to enforce trust-based access
Duo provides risk-based authentication to continuously verify trust
Duo provides alerts, logs, and anomalous login detection to allow organizations to detect and respond to changes in trust

Why Duo for Zero Trust

Provides Strong Security

Duo provides a critical foundation for zero trust strategy. It ensures that only the right users with the right devices are accessing the right applications, aligning with the zero trust concept of “least privilege.”

Continuous trust assessment with risk-based authentication adjusts security requirements in response to risk signals in real-time to help ensure secure access.

Enables High Productivity

Duo enables zero trust security that doesn’t get in the way of users. With its simple and intuitive interface and capabilities, Duo provides a frictionless authentication experience.

The user-friendly administrator dashboard helps IT and security teams gain deep visibility into all devices attempting to access resources, enabling efficient zero trust security policy creation and fast incident response.

Delivers Unmatched Value

Duo simplifies zero trust implementation with an all-in-one solution that includes strong MFA, passwordless, single sign-on, VPN-less remote access, trusted endpoint verification, and more, that works with any organization’s environment.

Duo is lightning fast to deploy and can significantly reduce IT helpdesk overhead and costs thanks to user self-service features such as enrollment, password resets, password management, and endpoint remediation.

The Value of Zero Trust at Cisco

The number $3.4M representing the annual savings in employee productivity saved by Cisco implementing zero trust.

$3.4M annual savings in employee productivity

As a result of 410,000 fewer VPN authentications per year.

The $500K number represents the annual savings in IT helpdesk support costs when Cisco implemented zero trust.

$500K annual savings in IT helpdesk support costs

With <1% of users contacting the IT helpdesk vs. 7% for typical security technology rollouts.

The 86K number represents the potential compromises averted per month when Cisco implemented zero trust.

86K potential compromises averted per month

86,000 vulnerable devices self-remediated/month based on 5.76M device health checks/month.

Moving to a zero trust model is an opportunity to move into a much better user workflow. Plus, when the geopolitics brought us new problems, zero trust from Duo was something that we were able to leverage in order to match the risks that we saw with the appropriate security controls. Read the Customer Story
— Brad Arkin, SVP, Chief Security and Trust Officer, Cisco

Five Phases to Implement Zero Trust

We have developed a plan with five iterative phases for how you can implement zero trust for user and device access to applications. Learn how Duo can help your business with all five phases to accomplish a zero trust architecture.

image of the number 1 in our 5 phase approach to zero trust.

Phase 1: Establish User Trust

Leverage phishing-resistant MFA to verify users truly are who they say they are. Make it easy for users to strongly authenticate – on managed and unmanaged devices, and whether they’re employees or contractors (e.g., BYOD).

RELATED DUO FEATURES

Duo MFA

The number 2 representing the second phase of our five phased approach to zero trust.

Phase 2: Verify Device Trust

Apply device posture checks and block unwanted access with a trusted endpoint policy. Guide users in fixing device trust issues on their own before gaining access to apps, and without having to call the helpdesk.

RELATED DUO FEATURES

The number 3 representing the third phase of our five phased approach to zero trust.

Phase 3: Enable Access to Applications

Shrink the attack surface by reducing password usage with passwordless SSO and make it faster and more convenient for users to get to the apps they need with VPN-less access (e.g., ZTNA) – whether SaaS-based or private.

RELATED DUO FEATURES

The number 4 representing the fourth phase of our five phased approach to zero trust.

Phase 4: Enforce Contextual Access

Deploy risk-based authentication, increase device visibility, and adapt access dynamically based on user or device behavior. Step up access based on increased risk and ease up access requirements based on lowered risk. Respect the user’s privacy and productivity by anonymizing location data and eliminating unnecessary decisions.

RELATED DUO FEATURES

The number 5 representing the fifth phase of our five phased approach to zero trust.

Phase 5: Verify Trust Continuously

Continuous trusted access relies on innovations like Wi-Fi profile analysis and session trust analysis. By leveraging open protocols to communicate signals and react to changes in risk, session trust analysis brings visibility and control to a traditionally opaque surface: risk remediation during the established session.

RELATED DUO FEATURES

Continuous Trusted Access

Additional Resources

Frequently Asked Questions

Expand All

What is zero trust?

Zero trust is a strategy for securing your business by eliminating excessive trust and continually verifying trust – of a user, device, application, or network – before access is granted. By never assuming trust, always verifying it, and applying least privilege to each access control decision, organizations can reduce risk systematically.

What are the principles of a zero trust architecture?

The principles of zero trust architecture are: never assume trust; always verify it; and enforce the principle of least privilege. Using guidance such as the CISA Maturity Model can help organizations make progress. It outlines five pillars to apply zero trust policies: identities (users), devices, networks, apps, and data; with three cross-cutting capabilities: visibility & analytics, automation & orchestration, and governance.

What are the functional requirements of a zero trust platform?

Establish trust for users, devices, and applications driven by visibility and context
Enforce trust-based access based on the principle of least privilege
Continuously verify trust to detect any change in risk even after initial access is granted
Respond to change in trust by investigating and orchestrating responses to potential incidents

Where are zero trust policies enforced?

Zero trust policies are enforced across networks, users, devices, applications, and clouds.

What are some examples of zero trust in action?

These are some examples of zero trust in action:
• Securing hybrid work
• Applying micro-segmentation to workloads at scale
• Unifying access policy across environments
• Orchestrating unified security workflows for faster incident response

How to go from MFA to Zero Trust

Jumpstart your zero trust program today with our five-phase plan for securing user and device access to applications.

Download the MFA to Zero Trust Guide

Zero Trust Starts with Secure Access

How to Implement Zero Trust

Why Duo for Zero Trust

Provides Strong Security

Enables High Productivity

Delivers Unmatched Value

The Value of Zero Trust at Cisco

Five Phases to Implement Zero Trust

Phase 1: Establish User Trust

RELATED DUO FEATURES

Phase 2: Verify Device Trust

RELATED DUO FEATURES

Phase 3: Enable Access to Applications

RELATED DUO FEATURES

Phase 4: Enforce Contextual Access

RELATED DUO FEATURES

Phase 5: Verify Trust Continuously

RELATED DUO FEATURES

Additional Resources

Explore

Related

Frequently Asked Questions

What is zero trust?

What are the principles of a zero trust architecture?

What are the functional requirements of a zero trust platform?

Where are zero trust policies enforced?

What are some examples of zero trust in action?

How to go from MFA to Zero Trust