October 15, 2021

How Cisco Secure Access by Duo simplifies multi-factor authentication

Dipen Paun
IT & OT Security Sales Specialist at Data#3
Multi-factor authentication (MFA) is the simplest, most effective way to make sure users really are who they say they are. Due to its effectiveness, MFA is a critical piece of an organisation’s security pie. In fact, it’s one of the Essential Eight controls (ACSC Essential Eight) – and rated as one of the most important and efficient controls – which has been mandated across Australia. Every business should now be using multi-factor authentication, especially with the spike of security breaches associated with the rise of remote workforces over the last 18 months.

Alas, not all MFA solutions are created equal – you already know that as otherwise we wouldn’t be writing this blog!

We’ll begin by examining the problems behind ineffective MFA solutions, before showing how Cisco Duo closes these security gaps. It’s a very well-built solution that supports both administrators and end users with frictionless, seamless security processes that successfully fend off advancing cyber-attacks.

Why your MFA might be making you weak

At its most basic, MFA is implemented for one very important reason – to reduce the risk of a data breach to your organisation. However, all it takes is a single weak link in the security chain for an adversary to gain access to a device or network and access sensitive information. So, if an MFA solution can be easily bypassed or doesn’t provide complete protection, there’s no point to implementing it. This is particularly important when it comes to MFA integration. If it’s not simple to integrate with every single one of your existing on-premises and third-party cloud applications, then it’s far more likely that you will have holes in your organisation’s overall security posture. Again, I must emphasise that limited scope MFA is just as bad as none at all. For example, despite some government entities and managed services providers being protected by two-factor authentication (2FA), a Chinese hacking group were still able to gain access to their administrator accounts . Another problem is the human element – particularly the resistance of users to properly implement and integrate MFAs across all devices, on-premises and third-party cloud applications. This stems from complex MFA solutions where setup is put in the ‘too hard basket’ for administrators and users – meaning coverage across all applications is unlikely, leaving huge security holes.

Multi-factor authentication you can trust with Cisco Duo

In essence, all MFA solutions are designed to verify each user’s identity before they access your network. However, Cisco Duo is a whole lot smarter. With a zero-trust framework – meaning “never trust, always verify” – every access attempt is treated as if it originated from an untrusted network. Once users and devices have been deemed trustworthy, the zero-trust stance ensures that they have access only to the resources they absolutely need, to prevent any unauthorised lateral movement through an environment. However, it’s real differentiator is in its simplicity – for both end user and administrator – making it is one of the easiest and least burdensome forms of security that a company can implement.

Why Cisco Duo is so painless for administrators

Out of box integrations available

Cisco Duo can be quickly implemented using an out-of-the-box integration with some of the most popular cloud applications including Salesforce, Office 365, Google, Box, Dropbox, Slack, DocuSign and more.

Easy, fast integrations with API

Cisco Duo’s API ensures it natively integrates with hundreds of different applications in an IT environment – even legacy ones – to provide flexible, user-friendly multi-factor authentication that’s quick to roll out and easy to manage.

Configured in a matter of minutes

Cisco Duo configuration is quite simple and frictionless to implement. IT can set up detailed policies in minutes using the simple easy-to-navigate administrator dashboard.

Users self-enrol and authenticate in seconds

An easy self-enrolment onboarding process allows users to add themselves to Cisco Duo and walks them through setting up their two-factor authentication.

Scalable layer of protection

Cisco Duo requires minimal infrastructure and staff to roll it out – reducing the burden on your team as user enrolment and provisioning options scale as your organisation grows.

Flexible user-first policies

Administrators control and define the rules and levels of access with adaptive controls, balancing security and ease-of-use for the user.

Short implementation timeframes

It’s not uncommon for an MFA implementation to take up to 9 months to complete. Lengthy implementations like this invites plenty of intangible and unplanned costs. In contrast, Cisco Duo can be up and running in a matter of weeks. Just take a look at Fortescue Metal Groups – who deployed Cisco Duo to over 7,000 employees over a 4-week period, with their head of cybersecurity heralding it as a “seamless process, delivering immediate value through ease of deployment and intuitive user-centric experience.”[1]

Why Cisco Duo is seamless for the end user

Superior, intuitive user experience

Adding multi-factor authentication to your applications and devices doesn’t have to be disruptive to your users. Cisco Duo is one of those rare security solutions which is actually a pleasure for users to set up and use. It even offers flexibility in the choice of authentication method so employees can choose the one that best fits their workflow.

Less workflow interruption

Every user has a different way they want to access their applications and Cisco Duo’s zero-trust strategy allows administrators to adjust the level of access or trust based on contextual data about the user or device requesting access. This means users won’t be challenged or interrupted every time they require access to an app or device.

Reduce user friction and the risk of a data breaches

Some organisations view stronger authentication mechanisms as a hindrance because they believe users will be interrupted too much. In fact, this very reason has caused organisations to hold back from multi-factor authentication because of the inconvenience. Cisco Duo removes this roadblock while ensuring administrators have simple tools to verify user identities, assess and act on the health of devices, set adaptive access policies, and protect users’ productivity with modern remote access capabilities.

Take the next, seamless step in your MFA journey

Start a 60-day Cisco Duo trial

To give you more time to experience the simplicity of Cisco Duo in your organisation, we’ve extended our 30-day Cisco Duo trial to 60 days. Alternatively, request a 1-on-1 meeting with a Data#3 Consultant to map out your 60-day trial structure and discuss how Cisco Duo can seamlessly integrate into your current security landscape.

[1] ZDNet (2019), Chinese hacker group caught bypassing 2FA [ONLINE]. Available here.
[2] CSO (2019), Authenticate everything: Why your device security is no longer enough [ONLINE]. Available here.