Why is Zero Trust important?

Zero Trust is one of the most effective ways for organisations to control access to their networks, applications, and data. It is no longer enough to establish firewall rules and block by packet analysis. Having the technology to recognise normal versus anomalous behaviour allows organisations to improve authentication controls and policies rather than assume connections via VPN or SWG means the connection is fully safe and trusted.

This is critical as organisations expand their infrastructure to include cloud-based applications and servers – not to mention the explosion of remote worker devices related to the pandemic. A borderless security strategy is vital for businesses with a distributed workforce working remotely.

Secure your Remote Workers

Zero Trust Architecture (ZTA) assumes that there is no traditional network edge. Resources and workers can be located anywhere; local, in the cloud, hybrid and any other combination you can think of. Therefore, defences should be narrowed from wide network perimeters to individual or small groups of resources.

In August 2020 NIST announced the final version of Special Publication (SP) 800-207, which covers the core logical components that make up a zero-trust architecture. This is the optimal approach to protect a cloud first, work from anywhere environment.

Zero Trust is a paradigm shift from traditional network security which automatically trusted users and endpoints within the organisation’s perimeter, exposing the business to risk from malicious internal actors and rogue credentials, with unauthorised and compromised accounts potentially having wide-reaching access.

A leading Zero Trust Security platform

DUO addresses all the core principles in the ZTA framework combining advanced technologies to provide a secure platform for all users, all devices, and all applications.

Verify User Trust with Multi Factor Authentication

  • Ensure users are who they say they are by using a second source of validation, like a phone or token, to verify user identity at every access attempt, and regularly reaffirm their trustworthiness.

Establish Device Trust

  • See every device used to access your applications, and check the hygiene of your users’ mobile and desktop devices at every login; continuously verify device health and security posture of both corporate and unmanaged devices

Enforce Adaptive Policies

  • Assign granular and contextual access policies, limiting exposure of your information to as few users and devices as possible. Detect user location, device, role, and more at every login, set security policies based on these attributes, check for anomalous access, and continuously monitor policy effectiveness.

Secure Access for Every User

  • Provide appropriate permissions for every user accessing any application, anytime and from anywhere. Secure both on-premises and cloud environments — like Microsoft Azure, Amazon Web Services, and Google Cloud Platform — with or without a Virtual Private Network (VPN).

Secure Access to Every Application

  • Reduce the risk of credential theft by enabling users to securely access their applications with a single username and password. Users can log in to a single, MFA-protected dashboard to gain access to all their applications, both cloud-based and native.

Secure your Remote Workers with DUO Zero Trust Security

Zero Trust Architecture (ZTA) assumes that there is no traditional network edge. Resources and workers can be located anywhere; local, in the cloud, hybrid and any other combination you can think of. Therefore, defences should focus on individuals or small groups of resources.

Operational Overview

DUO Two-Factor Authentication

Two-factor authentication adds a second layer of security, keeping your online accounts secure even if your password is compromised. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password; and with Duo Push, you will be alerted right away if someone is trying to log in as you login with your usual username and password, and then use your device to verify that it is you. Your administrator can set up the system to do this via SMS, voice call, one-time passcode, the Duo Mobile smartphone app, and so on.

Using Duo with a Mobile or Landline

Duo works with all mobile phones and landlines by supporting authentication via phone call and SMS passcodes. If you don’t have a mobile, you can also use a landline or tablet, or ask your administrator for a hardware token such as a Yubikey token. DUO also supports security keys plugged into your USB port which when tapped or when the button is pressed send a signed response back to Duo to validate your login. Duo lets you link multiple devices to your account, so you can use your mobile phone and a landline, a landline with a hardware token, two different mobile devices, etc.

This second factor of authentication is separate and independent from your username and password — Duo never sees your password.

Supported Devices

If you have a new phone and want to add the same DUO security to it; You can add new devices right from the Duo Prompt. Just click Add a new device and choose an authentication method.

DUO Security Policies

Duo helps keep information secure with software and operating system policies. Your Duo administrator can warn you when your software is out of date and give you the option to update your software before you finish logging in to the service. Duo can even block access from devices that don’t meet your organisation’s requirements.

Device Health

The Duo Device Health Application is installed on your desktop or laptop and performs health checks whenever you access Duo protected applications. Duo’s Device Health Application reduces risk by ensuring compliance of corporate devices to business standards and provides visibility into personal devices before granting them access to corporate resources.

Duo Device Health supports Windows 10 client editions, including Enterprise, Pro, and Home. macOS 10.13 and later.

DUo Mobile

DUO Mobile makes it easy to authenticate on all supported mobile devices, which include iOS 12.0 and greater, Android 8 and greater, Apple Watch (support requires Duo Mobile 3.8 or later).

DUO Restore

Duo Mobile’s restore functionality lets you back up Duo-protected accounts and third-party accounts (such as Google or Facebook) for recovery to the same device or to a new device.

be aware that:

  • Restoring or reactivating any “Duo-Protected” and “Duo Admin” accounts on a new device will deactivate those accounts on your old device.
  • Restoring any third-party accounts on a new device does not deactivate those accounts on your old device. Be sure to delete them or delete Duo Mobile entirely from the old device once you verify the passcodes generated by the restored accounts work for logging in to those services

macOS Touch ID and Duo

Touch ID on macOS, provides secure Duo login approvals, although authentication is limited to web applications that show Duo’s inline browser prompt.

Touch ID requires

  • A MacBook Pro or MacBook Air with a Touch ID button.
  • A fingerprint enrolled in Touch ID
  • Chrome 70 or later. Safari and other browsers on macOS are not supported.
  • Your organisation must have Touch ID enabled

Note: (DUO cannot use Touch ID in an Incognito window).