ndly approach that might enable its 130,000 customers to securely work anyplace, from any system, with out friction. By leveraging its personal Duo Passwordless, the workforce was in a position to remove phishable multi-factor authentication elements, enhance usability and productiveness, cut back authentication actions by 93%, and safe its workforce from anyplace.
At Cisco, securing our office for the long run means constantly adapting to technological developments and staying forward of the risk panorama. Leveraging our personal suite of safety merchandise, together with Duo, has been key in serving to us do this.
When most of our workforce labored remotely in the course of the pandemic, we applied Duo Beyond and moved from a conventional network-based perimeter and VPN mannequin to a zero-trust framework in order that customers may securely work anyplace, from any system, with out friction.
Today, our zero-trust journey continues as we try to fulfill the safety wants of right now whereas adapting for what’s subsequent with Duo Passwordless. Identity is now the perimeter— the primary line of protection towards cyber threats. With most information breaches coming from weak or stolen credentials, it’s clear that the long run requires passwordless authentication.
The drawback with passwords
To put it merely, passwords are a simple goal for hackers. Once the gold customary for shielding delicate info, passwords at the moment are outdated and weak within the ever-evolving risk panorama. They’re extremely prone to phishing assaults, might be simply forgotten, and infrequently result in consumer frustration that brings an inflow of password-related assist desk tickets to IT groups.
When affected by password fatigue, customers are inclined to make use of weak, reused, or solely barely modified passwords throughout completely different accounts. Good password administration is difficult and troublesome to implement, and previous to utilizing Duo Passwordless, Cisco IT struggled to handle these challenges throughout an enormous workforce spanning greater than 130,000 customers.
As a big firm and a pacesetter in expertise, a compromise in our safety can have a serious affect on our enterprise and our innovation. If attackers receive delicate info resembling supply code, inside system particulars, buyer information, or mental property, it not solely places our enterprise and workers in danger, however the clients who depend on our expertise. We wanted to adapt our method to authentication to mitigate the password associated safety dangers to our enterprise and challenges confronted by our workers and help groups.
Traditional multi-factor authentication (MFA) is now not ample
Authentication has advanced as cybercrime has grow to be increasingly subtle. We began with “something you know,” or a username and password. We added MFA, which mixes “something you know” with “something you have” or “are” like a tool or fingerprint. While stronger than a username and password alone, the “something you know” issue of a password remained prone to vulnerabilities.
The transfer to passwordless: specializing in safety and consumer expertise
We started working intently with the Duo product workforce to take a user-friendly, zero belief method that not solely enhanced safety but in addition improved the consumer expertise. To do that, we applied Duo Passwordless. It wasn’t nearly enhancing safety, however on the similar time cultivating a seamless expertise that might higher serve our clients and workers each now and into the long run.
While Duo Passwordless remains to be MFA, it takes it a step additional and combines the expertise into one step, making for a smoother consumer expertise. It depends on cryptographic public-private key pairs, using biometrics (resembling fingerprint or facial recognition) or safety keys like YubiKeys to authenticate customers with out the necessity for passwords.
Enhancing Duo as buyer zero
As “customer zero” for Duo Passwordless, we had the power to check and enhance the expertise via early pilot applications earlier than launch. Using a multi-phased method, we began with a small group of IT and safety employees, enhancing efficiency and performance via suggestions earlier than regularly increasing to the total workforce over 10 months. The data gained from preliminary pilot teams and insights into how completely different customers could be impacted helped form our method to speaking the adjustments with our workforce.
Through cautious collaboration between groups throughout our group, Cisco IT Security and the Security and Trust Organization (S&TO) started driving the route of our passwordless future. My workforce inside IT Security served as the principle drivers behind this effort, with S&TO offering change administration help, and IT UX, IT Comms, and IT Research & Analytics supporting as wanted. Help@Cisco additionally performed a task as soon as we shifted to necessary passwordless just for key apps, managing the help course of for our inside customers so service groups may give attention to the operation and enchancment of the product.
Challenges and classes discovered
While the total rollout has seen excessive ranges of natural workforce enrollment with restricted promotion, there have been some challenges with adoption. Many customers reported preliminary considerations with using biometrics. For instance, Windows Hello customers who didn’t log in with biometrics by default, merely didn’t know to set it up. Unless particularly advised, customers on this scenario didn’t understand biometrics had been an possibility for them.
To treatment, we targeted on worker training round how biometrics are used, the place they’re saved, in addition to the worth of shifting to passwordless authentication. In addition, we supplied alternate options to biometrics. For instance, on Windows, customers can use a PIN. If they don’t like platform-based authenticators, they will use a YubiKey with a PIN or setup a passkey on a cell system.
Also essential to notice, we didn’t initially mandate the transfer to passwordless. Our method to encouraging worker adoption and alter was formed by our dedication to delivering the most effective consumer expertise. We needed to ship providers and expertise that acted as a magnet for adoption somewhat than a mandate.
Now that we’re additional into our journey, we’ve got began Passwordless Only enforcement on sure apps. The slower, however at-will transition allowed natural adoption and helped get individuals snug with the brand new expertise prior to creating the observe necessary.
The affect: A safer and productive workforce
Since the passwordless resolution was made accessible to all the workforce, we’ve seen substantial advantages together with:
- Zero password-related safety incidents
- A frictionless expertise for over 130,000 workers with zero belief safe entry
- Improved usability and productiveness, lowering authentication actions by 93%
- Enhanced safety by eliminating phishable MFA elements
- Substantial discount in IT time and prices as a consequence of fewer password-related points
The future: Continued innovation and enlargement
While there’s a lengthy street forward of a full trade shift away from passwords totally, this has primarily been about altering the expertise for our workforce right now and mitigating potential future threats for our enterprise. Preparing for a totally passwordless future is a journey that we proceed to construct and enhance on, together with:
- Improving safety and value for our workforce: Our journey started with our implementation of Duo Beyond and continues with Duo Passwordless, underpinning our present transition to Cisco Secure Access inside Cisco IT (extra to come back!). Identity safety is a basis for zero belief entry, and Duo is far more than simply MFA.
- Strengthening and evolving our zero-trust structure: The profitable rollouts of our Duo options mixed with the newest rollout of Cisco Secure Access unlocks even stronger zero belief outcomes with an identify-first SSE.
Learn extra about Duo Passwordless Authentication, our journey, and the highly effective mixture of Cisco Secure Access and Duo. For Cisco workers, discover ways to arrange passwordless in your Cisco system right here.
Additional Resources:
PS: Attending Cisco Live in San Diego this June?
You’ll have a particular alternative to speak stay with Cisco IT consultants to dive into these success tales and different deployments! Look for Cisco on Cisco in every of the showcases and remember to search Cisco on Cisco within the session catalog to add our classes to your schedule!
Share: