Protecting Cisco AnyConnect VPN & Cloud Applications With Duo’s MFA
This blog post is the first in a three-part series on how Duo’s MFA integrates with Cisco AnyConnect VPN.
Organizations are facing a major technology shift. They’re in the process of moving many of their on-premises workloads and applications to the cloud. But the transition to cloud isn’t as simple as flipping a switch – it takes time and strategy to ensure it goes smoothly.
Many Duo customers run hybrid environments in which they have a mix of applications in the cloud and on-premises. They’ve moved major applications such as email, file sharing, collaboration and marketing automation to the cloud, while on-premises applications are accessible via a virtual private network (VPN).
For IT admins, your goal becomes ensuring productivity by enabling access all applications – on-premises and in the cloud – from anywhere at any time, while also ensuring that access is secure and meets all necessary compliance regulations. Adding Duo’s multi-factor authentication (MFA) to VPN solutions, like Cisco AnyConnect, enables secure access to all applications.
Why Protect Cisco AnyConnect with Duo’s MFA?
Security research shows attackers continue to use credentials compromised via phishing, brute force and other attack methods to gain unauthorized access to internal business applications. If attackers steal VPN credentials, they could potentially access corporate applications and data, which could lead to catastrophic data breaches.
Meanwhile, for some organizations, securing VPN access is a data regulatory compliance requirement – PCI DSS 3.2 requires organizations with cardholder data environment (CDE) to secure all remote access with MFA, and several other compliance regulations, such as HIPAA and NIST 800-171, have similar requirements regarding MFA. Duo’s MFA helps you instantly reduce the risk of a data breach while also helping you quickly and easily meet compliance requirements.
From a security risk perspective, securing access to your VPN is just one of many proactive steps you can take. As workloads and applications increasingly run in the cloud, you want to ensure a consistent level of access security for all applications. With Duo, you can easily add MFA to cloud apps such as Office 365, AWS, Google, Workday, Box and more. There are no additional steps for end users. If they are already enrolled into Duo’s MFA service, they will be prompted to authenticate when they log in to access their cloud applications. After Duo’s MFA is set up with on-premises and cloud applications, you can also take advantage of its rich device telemetry, which provides visibility into the security posture of all user devices, such as laptops, desktops and mobile devices, including all personal devices (bring your own device – BYOD) that access applications.
Along with user authentication, Duo provides visibility into all corporate-owned and BYO devices without the use of agents. Since there are no device agents involved, Duo is easier to deploy and more user friendly. With complete device visibility, you can determine risks due to personally-owned devices in your environment. For example, one enterprise healthcare customer discovered 30,000 devices that they were previously unaware of had been accessing their environment – and nearly 50 percent of those devices didn’t meet their company’s security and compliance requirements.
You can leverage the user and device data Duo collects to enforce security policies based on the risk level of data and applications. For example, you can enforce a security policy for VPNs to allow access only from specific locations, such as United States, and only from devices running up-to-date software. With Duo, you have a high level of assurance before granting a user and their device access to applications. Many of our customers also call this type of security zero trust or the software-defined perimeter (SDP). Cisco can help accelerate your zero trust journey with Cisco Trusted Access.
Join our webinar on February 21st @ 10:00am PT to learn more. Register here.