Zero trust starts with secure access

Never trust; always verify. A zero trust model establishes trust in users and devices through authentication and continuous monitoring of each access attempt, with custom security policies that protect every application.

Download the guide

How to implement zero trust

In order to implement a zero trust architecture, organizations must meet four functional requirements: establish trust, enforce trust-based access, continuously verify trust, and respond to changes in trust. Duo’s user-focused approach provides each of these functions in a way that frustrates attackers and not users, so you can move towards zero trust with zero friction.

Duo authenticates users and verifies devices to establish trust
Duo enables access and applies powerful and granular adaptive policies to enforce trust-based access
Duo provides risk-based authentication to continuously verify trust
Duo provides alerts, logs, and anomalous login detection to allow organizations to detect and respond to changes in trust

Check out our zero trust demos

image of a person working on a laptop demonstrating what the Duo dashboard for admins looks like.

Why Duo for zero trust

Provides strong security

Duo provides a critical foundation for zero trust strategy. It ensures that only the right users with the right devices are accessing the right applications, aligning with the zero trust concept of “least privilege.”

Continuous trust assessment with risk-based authentication adjusts security requirements in response to risk signals in real-time to help ensure secure access.

Enables high productivity

Duo enables zero trust security that doesn’t get in the way of users. With its simple and intuitive interface and capabilities, Duo provides a frictionless authentication experience.

The user-friendly administrator dashboard helps IT and security teams gain deep visibility into all devices attempting to access resources, enabling efficient zero trust security policy creation and fast incident response.

Delivers unmatched value

Duo simplifies zero trust implementation with an all-in-one solution that includes strong MFA, passwordless, single sign-on, VPN-less remote access, trusted endpoint verification, and more, that works with any organization’s environment.

Duo is lightning fast to deploy and can significantly reduce IT helpdesk overhead and costs thanks to user self-service features such as enrollment, password resets, password management, and endpoint remediation.

The value of zero trust at Cisco

Two people discussing about zero trust model

Moving to a zero trust model is an opportunity to move into a much better user workflow. Plus, when the geopolitics brought us new problems, zero trust from Duo was something that we were able to leverage in order to match the risks that we saw with the appropriate security controls.

Brad Arkin

SVP, Chief Security and Trust Officer, Cisco

Five phases to implement zero trust

We have developed a plan with five iterative phases for how you can implement zero trust for user and device access to applications. Learn how Duo can help your business with all five phases to accomplish a zero trust architecture.

Phase 1: Establish user trust

Leverage phishing-resistant MFA to verify users truly are who they say they are. Make it easy for users to strongly authenticate – on managed and unmanaged devices, and whether they’re employees or contractors (e.g., BYOD).

RELATED DUO FEATURES

Duo MFA

Phase 2: Verify device trust

Apply device posture checks and block unwanted access with a trusted endpoint policy. Guide users in fixing device trust issues on their own before gaining access to apps, and without having to call the helpdesk.

RELATED DUO FEATURES

Duo’s trusted endpoints

Phase 3: Enable access to applications

Shrink the attack surface by reducing password usage with passwordless SSO and make it faster and more convenient for users to get to the apps they need with VPN-less access (e.g., ZTNA) – whether SaaS-based or private.

RELATED DUO FEATURES

Duo’s cloud-based SSO Passwordless Duo network gateway

Phase 4: Enforce contextual access

Deploy risk-based authentication, increase device visibility, and adapt access dynamically based on user or device behavior. Step up access based on increased risk and ease up access requirements based on lowered risk. Respect the user’s privacy and productivity by anonymizing location data and eliminating unnecessary decisions.

RELATED DUO FEATURES

Device Insight Adaptive access policies Risk-based authentication Duo trust monitor

Phase 5: Verify trust continuously

Continuous trusted access relies on innovations like Wi-Fi profile analysis and session trust analysis. By leveraging open protocols to communicate signals and react to changes in risk, session trust analysis brings visibility and control to a traditionally opaque surface: risk remediation during the established session.

RELATED DUO FEATURES

Continuous trusted access

Featured resources for zero trust

EBOOK

Would you like to learn more about Cisco's Zero Trust framework?

RESOURCES

Learn how Duo can keep your organization safe from identity-based attacks and boost workforce productivity

Articles

ARTICLE

Zero trust security from Cisco: Frustrate attackers, not users

ARTICLE

The Cisco Security Outcomes study: How organizations achieve outcomes using zero trust security

ARTICLE

A guide on the various Zero Trust Frameworks and their relationship to the Cisco Zero Trust Framework

Ebooks

EBOOK

Zero trust at scale: A look inside Cisco’s zero trust integration model

EBOOK

Risk-based authentication: How duo can reduce risks for hybrid work

EBOOK

The 2024 Duo trusted access report

Webinars

WEBINAR

Your Zero trust roadmap: Five steps to securing user access to applications

WEBINAR

How Zero trust accelerates incident response

WEBINAR

Leveraging Duo within your zero trust program

Explore all resources

Frequently asked questions

What is zero trust?

Zero trust is a strategy for securing your business by eliminating excessive trust and continually verifying trust – of a user, device, application, or network – before access is granted. By never assuming trust, always verifying it, and applying least privilege to each access control decision, organizations can reduce risk systematically.
What are the principles of a zero trust architecture?

The principles of zero trust architecture are: never assume trust; always verify it; and enforce the principle of least privilege. Using guidance such as the CISA Maturity Model can help organizations make progress. It outlines five pillars to apply zero trust policies: identities (users), devices, networks, apps, and data; with three cross-cutting capabilities: visibility & analytics, automation & orchestration, and governance.
What are the functional requirements of a zero trust platform?
1. Establish trust for users, devices, and applications driven by visibility and context
2. Enforce trust-based access based on the principle of least privilege
3. Continuously verify trust to detect any change in risk even after initial access is granted
4. Respond to change in trust by investigating and orchestrating responses to potential incidents
Where are zero trust policies enforced?

Zero trust policies are enforced across networks, users, devices, applications, and clouds.
What are some examples of zero trust in action?

These are some examples of zero trust in action:

• Securing hybrid work
• Applying micro-segmentation to workloads at scale
• Unifying access policy across environments
• Orchestrating unified security workflows for faster incident response

Ready to secure your organization?

Experience for yourself why Duo is one of the most trusted access management tools. Try it for free, explore editions, and connect with security experts.

Start your free trial

See why Duo is the leader in identity security.

Compare editions

Find out which edition is right for your organization.

Contact sales

Connect with our sales team and learn more.