4

The 2020 Duo Trusted Access Report

 3 years ago
source link: https://duo.com/resources/ebooks/the-2020-duo-trusted-access-report/success#get-the-report?utm_campaign=textlink-q2fy21&utm_content=tar2020&key=idg4
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

The 2020 Duo Trusted Access Report

A Remote Access Playbook

There's no denying it — remote work is the star of the corporate security show right now. It's more important than ever for organizations to provide their employees with secure access to the tools they need to be productive.

Get The Full Report

tar-2020-top-cover.png

Introduction

Although it feels very of-the-moment, remote work has been on the rise for years now. That said, the recent and rapid expansion of work-from-home culture presents new security challenges. How can employees access all their applications without exposing mission critical information to unnecessary risk? How can organizations allow employees to use their devices on unsecured networks, and ensure that users keep their operating systems and software up to date? There's a lot to think about. 

At Duo, it's our job to make application access more secure for organizations of all sizes, and while every organization's remote access strategy will be slightly different, there are a few fundamental factors to consider — key plays to have in your remote access playbook, so to speak. 

In this report, we'll look at what companies are doing to secure remote work and discuss what makes a good remote access strategy. 

Did you know?

Almost 78% of survey respondents were working from home at least 60% of the time, per a CSO Online study in March 2020.

Pandemic impact report: Security leaders weigh in, CSO Online

Overview

The core considerations for a good remote access strategy generally fall into three categories. We'll look at each in depth.

A man and a woman reviewing company data on a touch screen device.

Users

Who has permission to access your information?

A man uses Duo Push on a smart phone to access company applications.

Devices

Which devices are being used to access applications?

A woman uses the Duo Access Gateway on a laptop to sign in to company applications.

Applications

Which applications are users accessing?

Methodology

In this report, our security research team analyzed data from over 26 million devices, more than 500,000 unique applications and roughly 700 million authentications from across our customer base, spanning North America, Western Europe, and Asia Pacific.

A diagram illustrating 26 million devices, 700 million authentications per month, and 500,000+ unique applications.

Report Highlights

An antenna with a checkmark on top.

72% increase in multi-factor authentications from remote tech

A crossed-out smartphone.

85% increase in use of policy to disallow SMS authentications

A finger hovering over a circle that displays the text 4x.

iOS devices were 4x more likely than Android to receive and install updates within 30 days

icon-5.svg

Total devices with biometrics enabled increased 64%

icon6-(1)-1604953602.svg

The average number of daily authentications to cloud apps increased 40%

Users

As the workforce becomes more distributed, protections against credential theft are becoming both more stringent and more granular. This year, we saw 85% more customers disallowing less secure methods of multi-factor authentication — looking at you, SMS! — and the most-used authentication method, by a large margin, is Duo Push with almost 69% of total authentications.

Multi-Factor Authentication Methods by Industry

See how your industry's most common authentication methods compare to those in other fields.

0255075100Duo PushDuo Mobile PasscodeHardware TokenSMS PasscodeRemembered Device0%0%0%0%0%FinancialServicesHealthcareEducationRetailTechnology0255075100Duo PushDuo Mobile PasscodeHardware TokenSMS PasscodeRemembered Device0%0%0%0%0%FinancialServicesHealthcareEducationRetailTechnology
Photo of Dave Lewis, Duo Advisory CISO at Cisco.

Industries vary the type and scope of their authentication methods based on their risk appetites. As a result, we see some industries, like Media & Entertainment, Financial Services and Technology, leading the charge with stronger authentication regimens, such as Duo Push technology.

— Dave Lewis - Global Advisory CISO, Duo Security at Cisco

More About Users

In the full 2020 Duo Trusted Access Report, we'll explore:

  • More Authentication Data. How are users authenticating, in addition to the methods shown here? Have those trends changed over time?
  • Biometric Use. How many users have biometric authentication enabled, and what does that mean for remote work?
  • And More. Get the Full Report

Devices

With an increasingly remote workforce, companies can't solely rely on corporate networks or recognized devices to provide security protections. Instead, thoughtful security policies allow users to access applications on the devices they have available, whether they're corporate-managed or not. 

Policies are being used to help companies adapt to changing circumstances and security threats — over the past year, we've seen companies allow login attempts from certain countries but not others. Last year, a Chrome vulnerability prompted an uptick in browser limitation policies. 

Most Common Policy Types

See how companies use security policies to allow application access only from devices they can trust.

Location Restricted0%Invalid Device0%Out of Date0%No Screen Lock0%Anonymous IP0%010203040LocationRestricted0%InvalidDevice0%OutofDate0%NoScreenLock0%AnonymousIP0%010203040

Blocking High-Risk Locations

For security professionals, "work from anywhere" means "protect everywhere." In many cases, authentications can be monitored using measures like device health restrictions and tight policies for critical applications. However, it's sometimes necessary to block all access attempts coming from specified locations.

Heat maps show us that, of companies who block access based on location, Russia is blocked most frequently, followed closely by China. North Korea, Iran, and Afghanistan round out the top five.

Top 5Restricted Locations:1. RUSSIA2. CHINA3. NORTH KOREA4. IRAN5. AFGHANISTANTop 5Restricted Locations:1. RUSSIA2. CHINA3. NORTH KOREA4. IRAN5. AFGHANISTAN

More About Devices

Get the full 2020 Duo Trusted Access Report to learn more about:

  • Update Enforcement. Which industries are requiring device and OS updates, and how stringent are they?
  • Browser Use. Which browsers are companies allowing, and which do users rely on most frequently?
  • And More. Get the Full Report

Applications

Unsurprisingly, our data shows that remote access and cloud applications are becoming more popular year over year (between June 2019 - June 2020). But the implications of this trend go far beyond user convenience and market availability. Cloud applications are easy to protect with a security layer, like Duo's Multi-Factor Authentication, reducing time-to-security for new vendors, and bringing users the productivity tools they need to work effectively in a remote setting. 

Remote access technologies, like VPN and RDP, further secure sensitive data and are still an essential part of most work-from-home strategies — in fact, they're by far our most commonly accessed application type, claiming almost 37% of total authentications.

Application Insights

See key trends in the types of applications companies are protecting.

of authentications are to remote access technologies.

increase in authentications to VPN and RDP applications.

growth in cloud app adoption among enterprise companies.

of authentications are to on-premises applications.

Photo of Dave Lewis, Duo Advisory CISO at Cisco.

Because they don't have the internal resources to go cloud-first, small and medium-sized companies tend to leverage on-premises solutions to run the day-to-day operations of their business. Relying on older, tried-and-true ways of deploying technology isn’t a bad thing, but it does present itself as a limiting factor for future growth.

— Dave Lewis - Global Advisory CISO, Duo at Cisco

More About Applications

Get the full 2020 Duo Trusted Access Report to learn more about:

  • Application Access by Industry. Which industries are leading the charge in remote access applications?
  • Application Trends by Market Segment. How much has cloud app usage changed over the past year? How much has on-prem app usage decreased?
  • And More. Get the Full Report
tar-2020-bottom.jpg
The 2020 Duo Trusted Access Report

* = required

Check here if you are an MSP, Reseller or Partner

I have read and understand the Privacy Statement.

Additional Resources

aW1nL2Vib29rcy9tb2NrdXBfcmVtb3RlLWFjY2Vzcy1ndWlkZV9jb3Zlci0wMy5wbmc=?w=800&h=450&fit=crop&s=781e486acf57f1bb45b139c13944788a

The Essential Guide to Securing Remote Access

With the convenience of remote access, users are vulnerable to threats like phishing, brute-force attacks and password-stealing malware. Download our guide to learn how to secure remote access,...

Get the eBook

aW1nL2Vib29rcy9wdy1zbGlkZXItMS5qcGc=?w=800&h=450&fit=crop&s=83ec45f1433570cfebb1d00d42c1188c

Passwordless: The Future of Authentication

Tech and security analysts predict enterprises will shift to passwordless authentication for their users to enable modern digital transformation. In this white paper, we discuss the passwordless...

Get the eBook

aW1nL2Vib29rcy96dF9ldmFsX2NvdmVyXzgwMHg1MzMuanBn?w=800&h=450&fit=crop&s=5083f5dfe9d8f8217a11c6d5a8d25b12

Zero Trust Evaluation Guide: For the Workforce

Not every zero-trust approach to securing the workforce is created equal - our guide will outline the requirements your solution should have to support a modern organization.

Get the eBook


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK