How to Establish Zero Trust with Cisco Duo for Governments
Zero trust means not assuming that any user, device or application is safe on the network. Instead, government agencies should verify every access request and enforce the principle of least privilege, granting users only the minimum access they need.
Government organizations collect and store some of their constituents’ most sensitive data, including financial information and personal identification numbers. With the increase in cyberattacks targeting all levels of government, your organization needs to implement a robust, comprehensive zero-trust framework to protect your citizens’ data.
Zero trust is based on the notion of “Never trust, always verify.” This means not to assume that any user, device or application is safe, even inside the network. Instead, government agencies should verify every access request and enforce the principle of least privilege, granting users only the minimum access they need to perform their jobs.
One of the main reasons for governments to implement zero trust is to defend against insider threats, including employees who violate security policies (whether intentionally or accidentally), contractors who have access to sensitive data and compromised devices that are brought onto the network. Zero trust ensures that every user and device is continuously authenticated and authorized, reducing the risk of insider threats. It’s equally important to ensure that both users and devices accessing applications meet all the security requirements required by your government organization.
Learn how Cisco has added value to their own organization’s zero-trust approach with their Cisco Duo solution, and how you could implement this technology for your organization.
What is Cisco Duo?
Cisco Duo is a cloud-based security platform that protects users’ and devices’ access to all applications from anywhere. It’s easy to set up, use and manage, and provides full visibility and control for the endpoint device.
Duo uses multifactor authentication to verify users’ identities. Along with extensive insights into your users’ devices, Duo allows you to limit access based on suspected endpoint or user risk.
With Duo, you can protect your government from compromised credentials and devices, and undesired access to your applications and data. Establishing both user and device trust helps build a strong foundation for a zero-trust security model.
How Cisco Duo verifies device trust
Duo enables organizations to verify the trustworthiness of any device – managed or unmanaged – by providing the following three key capabilities:
1. Complete visibility: Visibility is important to verify and enforce device trust policies. Duo provides in-depth device visibility across all major operating systems, and helps administrators differentiate between corporate-managed devices and BYOD, based on the enrollment status in device management systems.
2. Device posture assessment: Administrators can enforce corporate security policy compliance and block non-compliant devices at the time of authentication. Duo becomes a critical enforcement point to ensure that users maintain an acceptable level of device hygiene, whether by updating the OS patch level or enabling security features such as enterprise AV agents and disk encryption, before granting application access.
3. Distinguish devices from users: By integrating Cisco AMP for endpoints with Duo, organizations can set a policy to automatically block malware-infected devices from accessing applications. Duo blocks only the device; the user can log in from any other device that is policy-compliant in order to be productive.
How zero trust at scale helped Cisco increase security
In 2020, Cisco set out to move from a traditional network-based perimeter and VPN model to a zero-trust framework. Their goal was to give users a secure, uniform experience accessing applications, wherever the user or application is located. Using Duo Beyond helped Cisco improve security and create a better experience for 100,000+ users – in less than five months.
At Cisco, four things need to happen every time someone tries to access an application:
- They verify the user.
- They confirm that the device is up-to-date and healthy.
- They validate that a Cisco-managed device is being used.
- They confirm that the application can be accessed without the VPN.
Cisco was able to substantially increase their ability to react to device risk with this zero-trust approach. And with Duo, users were able to remediate the issues themselves without having to contact tech support.
With Cisco Duo security solutions and CDW support, your government can also optimize workforce productivity while protecting it from cyberthreats.
You can trust CDW for Cisco Duo solutions because of the gold-level partnership earned through our expert knowledge of Cisco’s portfolio and experience securely connecting and protecting institutions like yours.