Zero trust is an evolution of traditional perimeter security in which users are constantly verified as they access data or resources, even if they have passed initial security checks. It also enforces the concept of least privilege, meaning that users only have access to the data or applications that they need to do their jobs — and nothing else. This ensures that the damage is minimized even if a security breach occurs.
State governments rightly see zero trust as the best way to protect their networks and data, but getting there is a complex process that can’t be achieved by any single product. Complicating matters further, the Cybersecurity and Infrastructure Security Agency model defines five key pillars that need protection in any zero-trust implementation. They include identity, devices, the network, applications and data.
Click the banner below to access exclusive cybersecurity insight.
Cisco Duo Supports Zero-Trust Architecture
Any effort toward zero trust is going to be a marathon rather than a sprint. But those efforts have to start somewhere, so most agencies begin with the identity pillar and branch out from there. That is where the versatile Cisco Duo platform comes into play. It can help to anchor the identity pillar of zero trust while also making inroads toward device security and other zero-trust elements.
The key protection element for Cisco Duo is multifactor authentication, for which users need to provide something other than a name and password to access resources. Duo supports biometric authentication, security tokens, one-time access codes and — yes — even passwords.
In my testing, I found it surprisingly easy to configure. Administrators can quickly set policies whereby users must supply different proofs of identity depending on what they are doing and what data or resources they need to do their jobs. It works well for on-prem and remote users alike, suited for multicloud environments or even agencies with large hybrid workforces.
Self-Enrollment Simplifies Onboarding
Another big challenge for zero-trust implementations is that admins need things to be seamless for users but difficult for attackers. Duo makes this easier. There is a self-enrollment option for authorized users that can be shared by administrators, and setup takes only a few minutes.
Even using smartphones, the onboarding process for users is very quick. Users can simply download the Duo Push application, and the platform will walk them through it in just a few minutes.
The key to zero trust is first knowing who your users are and what they need to access. Without trust in that information, admins can’t really protect anything else. That’s why the identity pillar is normally the starting point for zero trust. Cisco Duo can verify and protect user identities, providing a stable and easy-to-use platform that will become a solid foundation that all other zero-trust components can be built on.
SPECIFICATIONS
PRODUCT TYPE: Access security platform
DEPLOYMENT: Cloud-based
KEY SERVICES: Multifactor authentication, single sign-on, password elimination, device trust verification
DISTRIBUTION: As a service
SOFTWARE ENGAGEMENT TYPE: Annual subscription or a perpetual license