“It’s not often that you can say you are improving security while also improving the user experience, but that’s what we have achieved with this rollout.”
—Josephina Fernandez, Director of Security Architecture & Research at Cisco
The network edge has left the building. Long before 2020 happened, we were working from coffee shops, airports and client sites. We have been using our personal devices on public or home networks to access productivity applications. Our users can be employees, contractors, vendors or come from acquisitions, and we use all sorts of applications that are located in the cloud and on-premise. As a result, we are more flexible and agile than ever—but changes in how we access corporate applications have introduced a lot of complexity and risk.
Like many of our customers, Cisco is also embracing this change in the way we work. We see a future that is more accessible and more secure for everyone. But that future needs to come quickly and it needs to come at scale. With our recent deployment of Duo Beyond, Cisco has demonstrated how workforce zero trust can be implemented across a globally distributed enterprise with minimal disruption. Along the way, we learned what works well and developed a blueprint to accelerate our customers’ success.
This past year, Cisco IT transformed how we work by using Duo Beyond to apply the principles of workforce zero trust. The charter was quite simple – verify every user, validate every device and do this every time an application is accessed. Oh, and make it frictionless so the user doesn’t even know it is happening, or better yet, they feel that their life somehow became a little easier. The final challenge: do it in less than five months.
Enter workforce zero trust. Zero trust can feel complex and unattainable, but really it is quite simple. Every time a user accesses an application:
The key is every time and for every application. Not some of the time and only the applications that are easy to protect—it’s every. single. time.
Duo Beyond helps ensure this seamless, secure access by:
This may look like a lot of work, but the reality is that a good security solution needs to be both easy for the user andeasy for administrators. Security that is easy is security that is used. We know that resources are scarce and that ‘good enough’ security is both tantalizing and risky. That’s why we take the admin experience extremely seriously and take a great deal of pride in making Duo simple to use and support. Additionally, Duo is platform agnostic, meaning easy integration with a very broad range of applications, so hard choices don’t need to be made.
Not only was the Cisco team able to successfully roll out Duo Beyond to over 100,000 users, they found that there wasn’t even a need to add any additional support headcount. In fact, most calls that came in were to ask to be added to the pilot group. Cisco smoothly laid the foundations for a strong zero trust workforce in a matter of five short months.
The team views zero trust as a win-win-win. By automating to the tune of 2.6 million health checks per month resulting in 48,000 self-remediated devices, a tremendous burden was lifted off of the security team’s shoulders. That’s 48,000 potential compromises avoided right off the bat. As more applications are made accessible via the Duo Network Gateway, users will need to authenticate less with the VPN. Currently at a quarter million fewer VPN authentication per month and growing, users are loving this more accessible and more secure new normal.
Be sure to catch Brad Arkin at RSA, where he will share lessons learned from Cisco’s workforce zero trust journey in securing over 100,000 users in less than five months.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels