By Blair Pettrey on Aug 27, 2018 2:45:13 PM
More than 80 percent of hacking related breaches leveraged stolen and/or weak passwords, according to the Verizon 2017 Data Breach Investigation Report. Two-factor authentication (2FA) is one security solution that can mitigate the risk of a data breach and should be deployed everywhere to protect your users and information systems.
Legacy 2FA solutions haven’t been able to scale with modern computing environments and can introduce security risks and coverage gaps within your organization. Because of this, many large enterprise organizations are switching from RSA SecurID (notorious for a high price tag and adding friction/complexity) to Duo’s two-factor solution (reliable, secure and easy).
Most organizations are looking for security technologies that align to their long-term strategies. They want solutions that are built for today’s world but have the vision to evolve to advance their security programs. Many organizations made the switch because they feel RSA SecurID is outdated, and they were interested in a 2FA solution that’s not only more relevant today but also designed for tomorrow.
A Brief History
In the 1980s-90s, the client-server computing model reigned supreme, and RSA SecurID was built for this era. But over the past 30 years, technology has evolved and RSA SecurID has struggled to keep pace. Duo’s two factor was designed to protect the modern era.
In the client-server era, compliance was the primary driver for adopting security solutions like two-factor authentication. It was a checkbox exercise for privileged user accounts and provided limited coverage to the rest of the organization.
Today, compliance is only one piece of an organization's security philosophy. The current drivers for two-factor authentication adoption are to provide sound security and risk management to every user and every application. Data breaches are a daily occurrence that affect countless organizations, but two-factor authentication assists in mitigating the potential for a data breach and is a fundamental baseline and building block for a successful security program.
Protect All the Things
Because of the complexity of traditional two-factor technologies (both to the admins and users), most companies only secured a set of privileged employee accounts and systems. In the modern IT environment, users rely on on-premises applications alongside Software as a Service (SaaS) technologies. Due to the sensitivity of these applications, every user and the applications themselves need to be protected with two-factor authentication.
The number of applications that employees use is constantly expanding, and IT and security teams are constantly playing catch-up to secure them. Because of this, the ability to deploy security solutions within days or weeks is paramount. Unfortunately, traditional two factor can take months or even years to deploy. This model won’t scale or function to protect in today’s dynamic landscape. Duo’s cloud-based solution can be deployed in just days or weeks and provides the agility that IT and security teams demand.
We Fight for the User
Back in the day, users were expected to sit in a cube and access business applications through corporate-owned desktops. Modern business users have a different set of technology expectations and require security solutions to be frictionless. They want to work from the location they want, the way they want and on the devices they’re most comfortable with.
Traditional two-factor architectures don’t allow for this flexibility, and their rigidity leads to users circumventing the controls and policies, increasing your organization's security risks. Duo prides itself on creating a security solution that’s built for your users and aligned with how they use technology. Because it works and is transparent, users don’t try to find work-arounds. It’s a win-win for them and your organization.
Traditional solutions are very capital-intensive. They require a large investment up front to get a two-factor solution up and running, plus they require costly renewals. Duo’s SaaS architecture allows you to expand as needed. Our transparent pay-as-you-go offering is billed annually on a per-user basis.
Why are enterprise organizations switching from RSA’s solution to Duo?
RSA SecurID may have worked well for the client-server era, but not so much for the modern IT era. We spoke to customers that made the switch, and this is what they highlighted as key factors that inspired them to choose Duo:
#1 - It’s Easy to Trust
With Duo, there are no “shared secrets.” SecurID is a one-time password (OTP) two-factor solution. Each user is given a token that’s programmed with the network’s shared secret, which is integrated with the date and time to create an OTP. That’s validated against the authentication server, which also knows the shared secret. The server generates its own OTP, which, if it matches the user’s OTP, grants access to the user.
Duo is designed with asymmetric cryptography to sign and verify communications between Duo’s servers and a user’s smartphone. A private key stays on the mobile device and is used to sign all authentication responses, while the public key is used to verify the signature on the server side. That means an attacker can’t access your accounts even if they breached our servers. Learn more in our blog, RSA-Proofing our Duo Push Two-Factor Authentication.
#2 - It’s Easy to Set Up
Duo offers the fastest enterprise-scale deployment of two-factor authentication. One success story involves a large tech company with 15,000 end users. They replaced their RSA partial deployment with Duo’s solution in just two days to their entire employee base, and even integrated 12 different applications.
Duo provides a self-service model without any overhead for your end users. In addition, we roll out automatic software updates on a two-week cycle, requiring no support from your team. Our unlimited app support means you don’t have to pay for additional integrations.
Everything’s in the cloud with Duo – no need to worry about supporting in-house infrastructure. That saves your administrators time when they deploy.
#3 - It’s Easy to Use
For end users, Duo’s solution is designed and built to ensure that it’s extremely easy to use. There’s no training or 50-page guides on how to use it. Users only have to download Duo’s free mobile app and self-enroll in a few quick, easy steps. The whole process usually takes a couple of minutes. Because two-factor authentication is one of the few security solutions that consistently involves end-user interaction, it’s essential that it’s seamless for users.
With RSA’s SecurID, you add strain for your users and create unnecessary hurdles. Duo’s context-rich push notifications simplify the process, requiring only the tap of a button to approve an authentication request. Duo also supports modern devices and functionality, including Apple Touch ID and Apple Watch, so your users can use any of their devices to authenticate.
#4 - It’s Easy to Expand
Why stop at protecting your users with our best-of-breed 2FA? We want to help you build a security platform that helps you secure your company. Our approach is simple and built on Trusted Access. If you trust the user and the device, then access to your applications is granted. Legacy two-factor solutions don’t have an integrated security strategy and only offer expensive, bolt-on products.
Duo’s Trusted Devices gives you information about your laptops, desktops and mobile devices without requiring an agent. This provides you with fleet hygiene information including OS, browser and Flash or Java plugins. For mobile, it includes information on rooted or jailbroken mobile devices. We can couple this with integrations into your Enterprise Asset Management (EAM) and Mobile Device Management (MDM) systems to provide managed versus unmanaged categorization. This is a huge value to companies and ensures that only managed corporate systems are accessing your applications via Duo access policies.
Duo’s secure single sign-on (SSO) provides your users with a consistent login experience for both cloud-based and on-premises applications. Each time an application is accessed via Duo’s secure SSO, the system checks and logs device and user information. As an administrator, you can use this data to enforce granular application access policies. For example, if you have a highly critical application that you only want accessed over a VPN from a corporate managed device with 2FA, you have the ability to enforce that.
#5 - It’s Easy to Afford
The top reason why organizations are making the switch is based on total cost of ownership (TCO). Duo’s TCO is nearly 60 percent lower than RSA’s, which organizations have found to be true in four different areas:
As seen above, initial deployment administrative costs with RSA are much, much higher than Duo’s – Duo accounts for just a tiny fraction (.58 percent). Those costs include management, hardware and host OS licensing; high availability hardware and software; backup hardware and software; professional services; and the cost of IT administrative time.
A major benefit of using a cloud-based solution is that it eliminates the need to support any data center infrastructure for high availability or disaster recovery. Similarly, cutting hardware, software and data center costs also substantially reduces ongoing administrative maintenance expenses. Help desk costs also factor into overall end-user maintenance costs, like replacing and renewing token licenses.
Duo’s patches and upgrades, as well as support, are rolled into one initial price. Duo accounts for only five percent of the costs associated with RSA’s ongoing admin maintenance. If you choose Duo’s phone-based authentication methods, you can effectively eliminate any token support costs and cut down the time it takes to authenticate.
Duo’s pricing is simple and transparent – no hidden costs or additional services tacked on past the initial deployment and support costs, which are bundled into our per-user, monthly or annual pricing.