How can Cisco Duo help you achieve ISO 27001 compliance?

Having secure, effective password policies across your corporate accounts is more important than ever before. For obvious reasons, cyber-criminals are desperate to get their hands-on passwords as they are the key to open your private accounts. There isn’t a week that goes by that there isn’t another story in the press about a largescale password leak. Worryingly, 80% of hacking-related breaches are still tied to compromised, weak or re-used passwords. However, by using two-factor authentication like Cisco Duo, hackers must bypass an extra security hurdle before they can access your corporate data. This greatly reduces the risk of a successful cyber-breach as it means they cannot breach your systems with a username and password alone.

Cisco Duo multi-factor authentication not only improves the security of your business-critical applications, it also helps many businesses on the road to achieving compliance such as: ISO 27001, PCI Data Security Standard, GCSx CoCo, HIPAA and SOX. Many businesses are now required to comply with certain regulations which involves implementing 2FA. This additional security layer helps to protect sensitive information from being intercepted by hackers. For instance, 2FA can be used when logging in to corporate devices or applications, resetting passwords or enforcing a stronger authentication process when accessing sensitive financial data.

As Cisco Duo encourages users to engage with Cyber Security best practices, it empowers them to become proactive participants in the Cyber-Security strategy. This helps to create a ‘security minded’ culture which ultimately lowers cyber-risk and improves security hygiene.

Businesses who want to achieve ISO 27001 compliance must be able to show that they have effective security controls to protect their systems. Cisco Duo is a 2FA solution which can help organisations to quickly attain ISO 27001 readiness and maintain the compliance status long term.

• Access control: With Cisco Duo IT administrators can deploy role specific access control policies. This allows them to define detailed policies on a per user or per application basis (which can be tailored to your business’s needs). Administrators can also base access control on their location or network.

• Duo also allows administrators to create a list of users or departments who can be granted access to certain business applications.

• Operations security: Cisco Duo provides detailed event logs which provides information about user login activities and any changes made by administrators. This information is invaluable when it comes to investigating a breach or a potential brute force attempt. These logs can also be integrated into log management tools for analysis such as Splunk. (Duo can be used as a 2FA method to protect the data within Splunk as well)

• Communications security: Duo Beyond allows businesses to follow a ‘zero-trust’ security concept by establishing device trust for secure access to critical services.

• Duo Access allows organisations to set flexible policies which are specifically based on user roles, the health of the device or their location. These granular access controls allow IT administrators to effectively safeguard intellectual property. For instance, if admins would like to restrict access to certain areas of the network such as development and test environments, they can simply create designated user groups based on roles and responsibilities.