ndly means that may permit its 130,000 customers to securely work anyplace, from any gadget, with out friction. By leveraging its personal Duo Passwordless, the crew was capable of eradicate phishable multi-factor authentication elements, enhance usability and productiveness, scale back authentication actions by 93%, and safe its workforce from anyplace.
At Cisco, securing our office for the longer term means constantly adapting to technological developments and staying forward of the menace panorama. Leveraging our personal suite of safety merchandise, together with Duo, has been key in serving to us do this.
When most of our workforce labored remotely in the course of the pandemic, we applied Duo Past and moved from a standard network-based perimeter and VPN mannequin to a zero-trust framework in order that customers may securely work anyplace, from any gadget, with out friction.
At this time, our zero-trust journey continues as we try to fulfill the safety wants of as we speak whereas adapting for what’s subsequent with Duo Passwordless. Id is now the perimeter— the primary line of protection in opposition to cyber threats. With most knowledge breaches coming from weak or stolen credentials, it’s clear that the longer term requires passwordless authentication.
The issue with passwords
To place it merely, passwords are a straightforward goal for hackers. As soon as the gold commonplace for safeguarding delicate data, passwords at the moment are outdated and weak within the ever-evolving menace panorama. They’re extremely inclined to phishing assaults, may be simply forgotten, and infrequently result in person frustration that brings an inflow of password-related assist desk tickets to IT groups.
When affected by password fatigue, customers are inclined to make use of weak, reused, or solely barely modified passwords throughout completely different accounts. Good password administration is tough and troublesome to implement, and previous to utilizing Duo Passwordless, Cisco IT struggled to handle these challenges throughout an enormous workforce spanning greater than 130,000 customers.
As a big firm and a pacesetter in know-how, a compromise in our safety can have a significant affect on our enterprise and our innovation. If attackers acquire delicate data resembling supply code, inside system particulars, buyer knowledge, or mental property, it not solely places our enterprise and staff in danger, however the prospects who depend on our know-how. We wanted to adapt our strategy to authentication to mitigate the password associated safety dangers to our enterprise and challenges confronted by our staff and assist groups.
Conventional multi-factor authentication (MFA) is now not adequate
Authentication has advanced as cybercrime has develop into an increasing number of subtle. We began with “one thing ,” or a username and password. We added MFA, which mixes “one thing ” with “one thing you’ve” or “are” like a tool or fingerprint. Whereas stronger than a username and password alone, the “one thing ” issue of a password remained inclined to vulnerabilities.
The transfer to passwordless: specializing in safety and person expertise
We started working carefully with the Duo product crew to take a user-friendly, zero belief strategy that not solely enhanced safety but in addition improved the person expertise. To do that, we applied Duo Passwordless. It wasn’t nearly enhancing safety, however on the identical time cultivating a seamless expertise that may higher serve our prospects and staff each now and into the longer term.
While Duo Passwordless remains to be MFA, it takes it a step additional and combines the expertise into one step, making for a smoother person expertise. It depends on cryptographic public-private key pairs, using biometrics (resembling fingerprint or facial recognition) or safety keys like YubiKeys to authenticate customers with out the necessity for passwords.
Enhancing Duo as buyer zero
As “buyer zero” for Duo Passwordless, we had the flexibility to check and enhance the know-how by way of early pilot packages earlier than launch. Utilizing a multi-phased strategy, we began with a small group of IT and safety workers, enhancing efficiency and performance by way of suggestions earlier than progressively increasing to the complete workforce over 10 months. The data gained from preliminary pilot teams and insights into how completely different customers could be impacted helped form our strategy to speaking the adjustments with our workforce.
By means of cautious collaboration between groups throughout our group, Cisco IT Safety and the Safety and Belief Group (S&TO) started driving the path of our passwordless future. My crew inside IT Safety served as the principle drivers behind this effort, with S&TO offering change administration assist, and IT UX, IT Comms, and IT Analysis & Analytics supporting as wanted. Assist@Cisco additionally performed a task as soon as we shifted to necessary passwordless just for key apps, managing the assist course of for our inside customers so service groups may give attention to the operation and enchancment of the product.
Challenges and classes discovered
Whereas the complete rollout has seen excessive ranges of natural workforce enrollment with restricted promotion, there have been some challenges with adoption. Many customers reported preliminary considerations with using biometrics. For instance, Home windows Good day customers who didn’t log in with biometrics by default, merely didn’t know to set it up. Except particularly instructed, customers on this state of affairs didn’t notice biometrics have been an possibility for them.
To treatment, we targeted on worker schooling round how biometrics are used, the place they’re saved, in addition to the worth of shifting to passwordless authentication. As well as, we offered options to biometrics. For instance, on Home windows, customers can use a PIN. In the event that they don’t like platform-based authenticators, they will use a YubiKey with a PIN or setup a passkey on a cellular gadget.
Additionally essential to notice, we didn’t initially mandate the transfer to passwordless. Our strategy to encouraging worker adoption and alter was formed by our dedication to delivering one of the best person expertise. We wished to ship providers and know-how that acted as a magnet for adoption fairly than a mandate.
Now that we’re additional into our journey, now we have began Passwordless Solely enforcement on sure apps. The slower, however at-will transition allowed natural adoption and helped get individuals comfy with the brand new know-how prior to creating the follow necessary.
The affect: A safer and productive workforce
Because the passwordless answer was made obtainable to the whole workforce, we’ve seen substantial advantages together with:
- Zero password-related safety incidents
- A frictionless expertise for over 130,000 staff with zero belief safe entry
- Improved usability and productiveness, decreasing authentication actions by 93%
- Enhanced safety by eliminating phishable MFA elements
- Substantial discount in IT time and prices resulting from fewer password-related points
The long run: Continued innovation and growth
Whereas there’s a lengthy highway forward of a full trade shift away from passwords completely, this has primarily been about altering the expertise for our workforce as we speak and mitigating potential future threats for our enterprise. Getting ready for a totally passwordless future is a journey that we proceed to construct and enhance on, together with:
- Enhancing safety and usefulness for our workforce: Our journey started with our implementation of Duo Past and continues with Duo Passwordless, underpinning our present transition to Cisco Safe Entry inside Cisco IT (extra to return!). Id safety is a basis for zero belief entry, and Duo is far more than simply MFA.
- Strengthening and evolving our zero-trust structure: The profitable rollouts of our Duo options mixed with the newest rollout of Cisco Safe Entry unlocks even stronger zero belief outcomes with an identify-first SSE.
Study extra about Duo Passwordless Authentication, our journey, and the highly effective mixture of Cisco Safe Entry and Duo. For Cisco staff, learn to arrange passwordless in your Cisco gadget right here.
Extra Assets:
PS: Attending Cisco Stay in San Diego this June?
You’ll have a particular alternative to speak reside with Cisco IT consultants to dive into these success tales and different deployments! Look for Cisco on Cisco in every of the showcases and you should definitely search Cisco on Cisco within the session catalog to add our classes to your schedule!
Share: