Zero Trust framework improves workforce security and productivity, while cutting support costs




In collaboration with Joel Barbier and Vishal Gupta

Like most firms, Cisco is committed to continually improving security while simultaneously simplifying the user experience.

We’ve learned some significant exercises along the way.

There are multiple parts where customer ID and password credentials is likely to be potentially accommodation. For example, hires sometimes chose to ignore best rules by utilizing easy-to-remember passwords such as “1 23456. ” Others would share their Cisco passwords or use them externally for non-business-related applications–essentially exploiting their passwords everywhere.

When we relied only on the password login process, it is estimated that about 80 percentage of all hackers were is generated by credentials/ name theft. Other points of concern included new-hire onboarding or credentials give, password resets on behalf of users, password-related communications, and overall direct or management of password items. All can contribute to potential risks.

Further complicating problems, when most of our personnel disappeared remote in early 2020, it became confusing and tariffing for consumers to know how to access different applications. For example, some apps involved a Virtual Private Network( VPN) contact, while others could be accessed directly. Like many other business, Cisco invested in VPN expansion to support hires labouring from dwelling, while also rolling out Zero Trust on a limited basis initially( more details below ).

As the lines increasingly blurred between run and home man, many remote craftsmen became stymie at associate via VPN and enduring the authentication process potentially multiple times a day. It is likely to be tiring for consumers to keep track of which works need VPN and which don’t- reducing their productivity. Ultimately, squandering a VPN when the workforce is almost amply remote can be inefficient, especially when we’re sending data back over the corporate network, exclusively to have it eventually return to the cloud.

Zero Trust structure delivers ensure, garb consumer know-how

As a cause, Cisco decided to move from a traditional, network-based perimeter and VPN model to a Zero Trust model. Zero trust is not a single mixture but a structure of solutions that verify a invention, establish programme, and continually monitor device behavior. Multi-Factor Authentication is a key element of this approach. We started deploying multi-factor authentication in November 2020 for several applications, then expanded the insurance coverage in 2021 to numerous additional applications, including Microsoft Office 365.

Our overall goal for Zero Trust and multi-factor authentication is required to provide a fasten, regalium experience while retrieving applications, wherever customers or lotions are located. From a technical view, we had four objectives 😛 TAGEND

Implement an building that would allow secure, VPN-free access to some of our most-visited internal and SaaS employments Validate consumer and maneuver cartel on a per-app basis, with an ability to set per-app access programs Improve our authentication event by reducing the burden on users Build this transition seamlessly, expecting zero customer war, and without any outages or distractions

Zero Trust helps us achieve these goals by incorporating customer/ machine trust programmes for remotely accessing lotions. Consumers experience a “borderless experience” by accessing the network from anywhere, without having to connect through a VPN.

Instead of relying only on user ID and password credentials, Zero Trust contributes a seam of armour. It leverages a user-identity credential that is securely deployed to managed endpoints by our manoeuvre conduct collection. This credential then acts as the first part of authentication, saving useds the gradation of having to type in their username and password. That is something that reduces the likelihood that users will save their corporate name and password in their browser for convenience.

After establishing user trust, the solution ratifies manoeuvre trust and health–starting with the assumption that if a manoeuvre is managed by our corporate design handling programmes, then it must have a good baseline security posture. We play an additional device health check during every authentication transaction to ensure that the device is running the latest software, screen lock, saucer encryption, firewall, and anti-virus agent. This real-time check is conducted by the Duo Beyond Device Health app, which continuously are present in the device’s background.

With Zero Trust, when a consumer tries to log in to an application, our corporate SSO identity engine checks the user and maneuver certificate, does a real-time health assessment of the machine, and finally provokes a second-factor notification before allowing user access.

Zero Trust saves season, boosts productivity

Since Zero Trust was implemented, adoption metrics show that it is saving Cisco employees more than 410,000 VPN authentications per month. Located on Cisco IT internal resolutions, it takes about 45 seconds for each VPN authentication. This represents 307,500 times, or 5,125 hours, saved per month- an annual savings of 61,500 hours. Expecting an average hourly cost per work of $55, we can value this productivity increase at $3.4 million per year for Cisco works. This also represents an optimization of the application information traffic flowing over the company’s core network and offloaded through direct internet access.

Since incorporating assures for device state and trust at the employment layer, we’ve substantially improved our ability to react to device risk. For example, we’re conducting nearly 5.76 million manoeuvre health checks automatically per month. This has allowed us to identify 86,000 designs per month that users have self-remediated. That’s 86,000 potential endangers effortlessly averted.

While there were some concerns about increased reinforcement order magnitude when introducing device health checks for borderless access, exclusively 0.6 percent of users have contacted our help desk for support–which is actually less than the 7 percentage proportion of help-desk requests for security deployment, password reset, machine remediation, and brace calls for authentication based on internal standard. We feel that the easy-to-follow remediation steps within the Duo Device Health App toy a key role in minimizing our reinforcement lists. The deployment had a minimum repercussion, remaining overall costs low-grade and plying a better used experience.

Subsequently, fewer reporters have been required to provide support, leading to an estimated $ 500,000 per year savings in helpdesk support costs. In addition to cutting support costs and improving security[ 1 ], the Zero Trust Multi-Factor Authentication fabric has improved productivity because useds don’t need to waste time logging in to the VPN.

inside cisco itFigure 1. Duo Zero Trust benefits

The future of Zero Trust

Implementing Zero Trust as a critical framework and choosing a more rigorous certificate posture will continue providing opportunities for Cisco. For example, the remote working capabilities that Zero Trust enables has over the past two years given Cisco to expand access to a diverse flair puddle. Harmonizing to Darcie Gainer, Cisco’s Security Product Marketing Leader, the remote operating abilities with borderless access and without VPN have already permitted Cisco to grow its apprentice categorizes in 2021 and 2022.




[ 1 ] Note: Zero Trust also introduced per-app access self-controls, which curtail reserve access to users and machines that satisfy a characterized insurance posture.

Learn more about our wander to an advanced network architecture by snap through our interactive journey map

Follow Cisco IT on social!

Twitter Facebook YouTube

Read more: blogs.cisco.com









Leave a Reply

Your email address will not be published. Required fields are marked *