How is zero-trust security for the workforce making its way into the enterprise – and how are organizations using the key principles of zero trust today?
We examine those questions and more in The 2019 Duo Trusted Access Report: Expanding the Enterprise Perimeter with Zero-Trust Security for the Workforce.
For this report, our advanced research team, Duo Labs, analyzed data from nearly 24 million devices, more than 1 million applications and services and more than half a billion authentications per month from across our customer-base, spanning North America and Western Europe.
The data shows that the explosion of cloud applications and mobility has expanded the concept of a perimeter security architecture and organizations are implementing the foundation of zero trust to secure users and devices as they access applications; we call it zero trust for the workforce.
Five Key Findings
Here are five of the many key findings outlined in The 2019 Duo Trusted Access Report. Download the full report to see all of the data.
Biometrics Use is Climbing
Over the last four years, customers are more often using biometrics as a second or third authentication factor to access applications. This year, 77 percent of devices used by Duo customers have biometrics, such as Apple Touch ID and Face ID, Android fingerprint sensors and Windows Hello configured.
Fewer Fooled by Phishing
Data from our phishing simulator tool revealed that in 2019 internal phishing campaigns are capturing fewer credentials and finding fewer out-of-date devices. Users are also opening phishing emails less frequently.
Android Devices Still Most Out of Date
Android devices lead the pack of out-of-date devices at 58 percent. Meanwhile, as of May 31, 2019, only 9.7 percent of Android devices were on the latest patch, which had been released 26 days prior.
Remote, Mobile Work Increasing
Our data shows 45 percent of requests to access protected applications came from outside the business walls, showing that users are truly mobile and the perimeter has expanded to where access occurs.
Use of Flash Fizzles
As Adobe Flash Player continues to crawl toward end of life, more Duo customers have Flash uninstalled from their devices. So far this year, 71 percent of Duo customers have removed Flash, which is up from previous years.
Zero Trust for the Workforce
A zero-trust architecture for the workforce ensures the trustworthiness of devices and users’ identities wherever access is attempted and before granting access, whether users are on or off the network. This security model verifies users and establishes trust in their devices (those users and devices comprise your workforce), no matter where they are located, what devices they use, and which applications they access.
Zero trust for the workforce to built on five key principles:
- Establish User Trust: Verify the identity of all users before granting access to corporate applications and resources
- Gain Visibility Into Devices: Get detailed insight into every type of device accessing your applications, across every platform
- Establish Device Trust: Check the security posture and trust of all devices – corporate and personally-owned – accessing your applications
- Enforce Adaptive Policies: Enforce granular, contextual policies based on user, device and location to protect access to applications
- Enable Secure Access to All Apps: Give your users a secure and consistent login experience to on-premises and cloud applications
For The 2019 Duo Trusted Access Report, our data shows that Duo customers across all industries are starting to implement zero-trust security principles to secure their workforce.
A zero-trust architecture for the workforce is a paradigm shift. It grants or denies access based on the trustworthiness of users and their devices, which comprise your workforce, and does so wherever access happens, instead of relying on a traditional perimeter security model. As cloud and mobility continue to become must-haves, the enterprise must be able to give users access no matter where they are, regardless of which type of device they use or which applications they need to access. Implementing and adhering to the principles of zero-trust security for the workforce can make that happen.
Download The 2019 Duo Trusted Access Report: Expanding the Enterprise Perimeter with Zero-Trust Security for the Workforce now and see data that shows organizations are moving into the future with zero-trust security for the workforce.