When it comes to secure access both locally and remotely to devices or services organisations we work with are in 1 of 4 maturity levels (we base this like our other control assessments on the ASD maturity models found here – https://www.asd.gov.au/publications/protect/essential-eight-maturity-model.htm):
- level zero: We have no additional controls beyond usernames and passwords (and even those are probably poorly managed….but it doesn’t matter because a password IS NOT A CONTROL!)
- level one: We have partially implemented secure access via an additional factor or secret for some subset of users and devices/applications.
- level two: We think we have fully implemented the above style of control or similar but can’t be sure.
- level three: We have implemented a comprehensive secure access solution and we continually monitor its outputs and it is embedded in our SOPs (standard operating procedures).
Data Engines partner with Duo Security (amongst some other ancillary technology providers) to assist organisations of all sizes with secure access solutions regardless of size, industry or you position on this maturity scale.
If your organisation is:
- At maturity level zero: then Duo is the most friction-less, painless and most widely supported multi factor authentication platform we’ve worked with…you can turn it on, add devices and applications and if you don’t like it in a few months you can turn it off and you haven’t made any undue capital or time investment.
- At maturity level one: then the Duo platform could show you why your original implementation stalled; or it could coexist as an additional MFA solution for power users or those using applications your current platform doesn’t easily support.
- At maturity level two: then Data Engines can help you audit and monitor credentials usage across your systems to verify the coverage of your control…you might even be interested in a functional comparison of Duo with your solution. We’ve found that Duo’s broader secure access approach to MFA means that some organisations switch MFA providers to leverage additional benefits like built in device posture assessments, comprehensive and immediate access audit logs and on-premise application integration for a true hybrid secure access platform.
- At maturity level three: As above, your MFA and secure access solution maybe embedded and successful; in this case Data Engines, as above, could assist in ongoing external verification and auditing of the control’s effectiveness.
Get in touch if you’d like to setup and administrator account in our Duo cloud portal and we’ll let you play around with 5-10 users for a few months and walk you through what we love about the solution.