The 2021 Duo Trusted Access Report analyzed data from more than 36 million devices, over 400,000 unique applications and roughly 800 million monthly authentications from across Duo’s global customer base. It revealed how organizations across all industries are enabling work from anywhere, on any device, by implementing controls to ensure secure access to applications.

Biometrics were enabled on more than 71% of Duo customer mobile phones, illustrating a rise in adoption driven by users’ growing acceptance of non-traditional authentication methods and the accessibility of passwordless hardware that they already carry in their pockets. Further eliminating the need for users to retain a large cache of authentication passwords, Duo also saw a fivefold increase in Web Authentication (WebAuthn) usage since April 2019 when the World Wide Web Consortium (W3C) first published the open standard. WebAuthn enables biometrics to be securely stored and validated locally on the device, as opposed to a centralized database.

Duo has been a champion of passwordless technology, driving WebAuthn’s ratification as a member of the W3C working group and launching its infrastructure agnostic passwordless authentication product in March 2021.

Moving away from passwords will significantly improve the login experience for the vast majority of users – in turn leading to stronger security. More than half of organizations are planning to implement a passwordless strategy, according to the new survey of global IT decision makers conducted as part of the Trusted Access Report. Forty-six percent of respondents said security issues related to compromised credentials are the most frustrating or concerning aspect of dealing with passwords in their environment.

“We’ve now reached the point where the user experience is a security control in and of itself,” said Dave Lewis, Global Advisory CISO at Cisco. “Enterprises are moving toward new, more effective ways of handling access control and seeing in action how democratizing security can go a long way in enabling hybrid workers to focus on their core competencies without sacrificing security.”

The importance of user-centric security that incorporates employee work patterns to keep resources accessible and out of reach for malicious actors is reinforced by the recent Cisco Hybrid Work Index. The report showed that while there was a surge in VPN and secure remote access at the onset of the pandemic, fraudulent access attempts grew 2.4 times during the same time period and remains elevated 18 months later. Due to these threats, organizations are setting stricter policies to verify the trust of users and devices before granting access to applications. The number of authentication failures due to out-of-date devices increased 33% between 2020 and 2021.

These are just a few of many findings in the 2021 Duo Trusted Access Report. To download the report, please visit http://duo.sc/tar-2021.

Images licensed by pixabay.com

Related News:

Powering an Inclusive Future of Work: Cisco Unveils Webex Innovations that Enable Hybrid Work and Events, Ensuring Equal Opportunity and Voice

PC Matic Survey: 20% of Employers Never Require Employees to Change Passwords

The post Passwords Are Being Phased Out as a Result of Hybrid Work appeared first on Digital IT News.

The post PC Matic Survey: 20% of Employers Never Require Employees to Change Passwords appeared first on Digital IT News.

Cloud service providers offer APIs that enable DevOps engineers to automate the management of their infrastructure. However, the accounts used to access these APIs are highly privileged, making them a primary target for attackers. Automated workflows typically only need a short window of access to accomplish a specific task, and the persistence of privileged accounts outside of this window represents an unnecessary risk of credential misuse or theft.

DevOps Secrets Safe dynamically generates API accounts with a just-in-time model for privileged access. These accounts are created and removed by the solution as needed, eliminating the need for persistent accounts, and significantly shrinking the window of credential exposure. By automatically brokering access to cloud environments through DevOps Secrets Safe, organizations can eliminate persistent accounts and significantly reduce the security footprint of their automated workflows, all while simplifying access controls for their cloud infrastructure.

In this release, BeyondTrust has also introduced a built-in time-based one-time password (TOTP), with a native two-factor authentication workflow for all DevOps Secrets Safe users. This functionality is essential to ensure every account is protected. A Kubernetes Sidecar is also included in 20.4, which enables DevOps Secrets Safe to retrieve secrets on behalf of application containers on a defined interval, keeping them up to date with the latest available secret.

“Organizations are increasingly leveraging dynamic cloud-based infrastructure and require strong security around secrets and privileged accounts for managing ever-changing cloud assets,” states Dan DeRosa, Chief Product Officer at BeyondTrust. “DevOps Secrets Safe provides the risk protection they need for their highly privileged accounts. BeyondTrust continues to enable our customers’ migration to the cloud and the adoption of new technology stacks, like the DevOps ecosystem of third-party and open-source tools.”

Industry analysts recommend securing these privileged accounts with a centralized secrets management solution that is purpose-built for security, but doesn’t introduce friction into automated processes, keeping DevOps as agile as possible. This approach helps to reduce the risk of exposure, without slowing down the application delivery process.

DevOps Secrets Safe is a highly scalable and highly available solution that provides centralized storage, retrieval, and audit of secrets and credentials. It eliminates the need to embed or hardcode passwords or other secrets, within code or scripts. The DevOps Secrets Safe unique architecture is built on Docker containers targeting Kubernetes for deployment and facilitates rapid deployment and fast time-to-value.

DevOps Secrets Safe offers the following:

• Securely store and centrally manage credentials and secrets (e.g., passwords, API keys, certificates, etc.) for DevOps workflows
• Scalable and highly available, DevOps Secrets Safe is built on a modern architecture to facilitate rapid deployment and high-availability – out-of-the-box
• The REST API-first approach supports integration with CI, CD, and CLI tools for easy and agile interaction
• Securely broker access to cloud environments and audit every action

To learn more, visit http://beyondtrust.com/devops.

Image licensed by Adobe Stock

Related News:

ADARA Announces Public release of New Virtual 5G App for Android Phones and Tablets

Ivanti Wavelink Adds Support for iOS-Powered Mobile Devices

The post BeyondTrust DevOps Secrets Safe Extends Functionality for Securely Managing Cloud Infrastructure appeared first on Digital IT News.

The data shows Millennial workers are 6.5 times more likely to always reuse work passwords than Baby Boomers, who demonstrate safer password practices.

Brad Bussie, vice president of Entisys360’s Advyz Cyber Risk Services, feels Millennials’ comfort with technology encourages poor password behavior.

“Millennials tend to trust that large services have their best interests in mind and that security is built-in,” Bussie said. “They are the first generation that had easy access to global information.”

Workers enjoy the convenience of duplicate passwords. Cybersecurity experts recommend companies integrate a two-factor authentication system or a password manager. Neither requires employees to recall complex strings of characters, and both better protect data.

Most Employees Comfortable Using Work Devices for Personal Activities

Currently, 63% of employees aren’t concerned about storing personal information on work devices.

More than one-fourth of Baby Boomers (27%) are very comfortable with keeping personal information on work devices, despite associated cyber risks. However, only 17% of Millennials felt this way.

Using work devices for personal activities can make work data more vulnerable. Some experts feel Baby Boomers may not understand the importance of separating work and personal data.

However, senior associate at data breach claims company Hayes Connor Christine Sabino, thinks Millennials are better suited to separate their web activity across multiple devices.

“[Millennials] have more technological devices, like a personal laptop, tablet, mobile phone, and games console,” Sabino said. “They are less likely to require the use of their work laptop for these [personal]activities.”

Employees Think Companies Hold Primary Responsibility for Cybersecurity

The majority of workers (91%) believe companies are at least slightly responsible for cybersecurity.

Experts agree companies are responsible for determining security protocols, but employees are in charge of execution.

Olga Gutenko is a business development manager for security at Vaimo and feels employees share much of the responsibility for cybersecurity.

“Even in this remote work period, employers need to develop a security-focused culture that has buy-in from all employees, [where]employees share the responsibility for security,” Gutenko said.

Visual Objects surveyed 500 full-time U.S. employees to learn about how employees affect cybersecurity at their companies.

Full report: https://visualobjects.com/app-development/cybersecurity-topics-cyber-defense

Related News:

Deloitte Survey: New Data Reveals AI is Enhancing R&D

Security Champions Programs Can Improve Relationship Between Security and DevOps Teams, Says Survey

Image licensed by Pixabay.com

The post 63% of Employees Reuse Work Passwords, Millennials are Biggest Offenders appeared first on Digital IT News.