The 2024 Duo Trusted Access Report: Navigating Complexity
The 2024 Duo Trusted Access Report: Navigating Complexity, gives us a chance to use the topic of complexity as a backdrop to examine trends (existing and emerging) in both access management and identity.
Complexity is covered from multiple angles - from the complexity of identity stack to the complexity of managing digital identities and access rights – providing practical recommendations to help organizations navigate the more sophisticated cybersecurity landscape.
In partnership with the Cyentia Institute, Duo analyzed data from more than 16 billion authentications, spanning nearly 52 million different browsers, on 58 million endpoints and 21 million unique phones across regions including North America, Latin America, Europe, the Middle East, and Asia Pacific.
Here’s a quick look at a few of our top findings:
Passwordless adoption continues to rise — Even though it began on a small scale, account adoption of WebAuthn-enabled factors, including security keys and biometric technology like Touch ID, increased by 53%.
MFA usage continues to expand globally — The number of MFA authentications using Duo rose by 41% in the past year.
SMS and phone calls as a method of second factor authentication decreased by 22%, reaching an all-time low at 4.9%.
The percentage of failures due to out-of-date devices increased by 74.7% in 2023 — Organizations are putting in stricter controls, reducing risk of out-of-date software.
Less than 4% of organizations implement explicit geography-based deny or allow policies.
In addition to looking into the past, we wanted to give our readers a sense of what the future might bring. To do this, we have also delved into identity sprawl and protection, a concept that might still be considered emerging to some.
Why should you care about identity sprawl?
Identity sprawl is a growing challenge and occurs when users have numerous accounts and identities managed by multiple systems that are not synchronized. This presents a continuous security risk and operational challenge for many security and IT teams.
Focused on identity security challenges, the report aims to answer the following questions:
Identity is the new perimeter; why are we struggling to protect it?
How can we maintain the visibility of our workforce identities?
How can we secure workforce identities?
The future of identity security
When Identity & Access Management (IAM) hygiene is poor or inadequate, organizations' identity attack surface increases. As more relationships are created between devices, attributes, identities and permissions, it becomes increasingly difficult to monitor which users are doing what.
Investigating incidents is also challenging without a solution that brings identity-related data together from multiple sources or helps pass contextualized posture information from IT to SOC. Visibility into misconfigured and unused accounts, including employees, contractors, and service accounts is also vital.
Having identity threat detection and response capabilities under one roof with access management is becoming a necessity. In tandem, these capabilities can help minimize chances of successful identity-based attacks while offering holistic coverage across identities and applications.
To address identity-based attacks with greater efficacy, IAM analytics needs to be an inherent part of such a solution. It builds context for the policies, strategies, and prioritizations necessary to fill visibility gaps and move the needle towards strong least privilege access controls and a zero-trust security strategy.
This year’s Trusted Access Report provides a comprehensive analysis of trends in authentication and access. With the growing complexity of identity sprawl and increasing concerns about identity security, it is more important than ever to add context through data.
Download the 2024 Duo Trusted Access Report: Navigating Complexity today to learn more about these trends.