Businesses implementing biometrics and zero-trust to respond to shadow IT

Organizations are increasingly adopting biometrics to respond to the changing threat landscape and an increase in requests to access protected apps from outside of the network perimeter by implementing a zero-trust framework, according to a new report from Cisco’s Duo Security.

Growing cloud and mobile use have led to 45 percent of requests for access to protected apps coming from outside of the business, and companies are responding with stronger user authentication, required screenlocks and disc encryption, by blocking out-of-date browsers and operating systems and anonymous IP addresses, according to the “2019 Duo Trusted Access Report.”

According to the report, 77 percent of mobile devices used to access business applications have biometrics configured, a 10 percent increase in the past four years. More than two out of three users authenticate with mobile push-based applications than legacy methods like phone calls or SMS. Only 2.8 percent of Duo customers now use one-time passwords sent by SMS, the company says.

Concern about cloud security and understanding of how biometrics can help has not necessarily led immediately to increased adoption, a study from Ping Identity earlier this year indicated.

The report also breaks down the use of different operating systems and browsers. Google Chrome has gained ground on its competitors, but as ITWorld notes, increases in iOS, Android, and Windows 10 use means biometric authentication is now supported by the three most popular operating systems for business application access.

“For years, security teams have had little visibility into the cloud applications users were accessing and the personal devices they were using,” says Wendy Nather, head of advisory CISOs at Duo. “The findings in this report make clear that security leaders are taking back control of these apps and devices thanks to a zero-trust approach to security. This approach, in many cases, even allows organizations to adapt quickly to pending threats.”

Article Topics

access management  |  authentication  |  biometrics  |  cloud services  |  mobile  |  network security  |  Zero Trust