What is our primary use case?
We use it for MFA to secure our Outlook webmail and some other applications as well. We use Duo for pretty much anything that uses MFA.
We were looking for increased security. We wanted to make sure that the person who is trying to log in to our services is actually who they claim to be. We wanted to lock down our applications more and provide extra security.
We have some on-prem servers for the gateways and it's in the cloud as well.
How has it helped my organization?
It has definitely made our company more secure. It's pretty easy to incorporate into any sort of application you want to. We also use it for single sign-on for certain applications and that has been nice. People hate passwords.
It's really great for remote workers and a hybrid workforce nowadays, for people who are trying to access their VPN or any applications from outside of the company. It helps us make sure it's someone who should be accessing those things. It does a good job.
It's definitely a factor in achieving that Zero Trust.
In a way, it helps us remediate threats more quickly. If someone is trying a brute-force attack, trying all the passwords they can, and they're not getting a response through Duo, you can see certain security threats that are happening and remediate them.
Duo has also had a big impact on employee morale. People like it. They feel that their data is more secure. Resiliency is very key to keeping people doing their jobs. Cyber security resilience has been very important for us. It used to be that security was not to be the main focus, but it's extremely important now. There are a lot of ransomware attacks and people need to be very cognizant of that. It's important to have redundant and resilient systems in place to support that.
What is most valuable?
It's nice to have that push notification with the app and it's pretty easy to use. Our users are usually pretty open to it, and it's pretty easy to onboard people.
It also seems like it's accurate, and you can add multiple devices to your account.
In addition, typically, if it detects that you're on an internal network, you can bypass the Duo portion of it. That way, people don't have to do MFA when they're on campus.
Another feature is the single pane of glass management. That's important for analytics and also for troubleshooting. It means there's one place that you go to at least start the troubleshooting process. It also helps with the user experience because you can manage all the user accounts from that one spot, including setting up new users, making adjustments, editing their preferences, et cetera.
What needs improvement?
It could be a little bit more intuitive when it comes to the sign-up process. I know they send out an email, but sometimes our users get a little confused. It could be an end-user problem, but Cisco could work on that a little.
Buyer's Guide
Duo Security
August 2022
Learn what your peers think about Duo Security. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
621,548 professionals have used our research since 2012.
For how long have I used the solution?
I've been using Duo Security for about two years.
What do I think about the stability of the solution?
It seems very stable. I don't think there has been any point at which people have tried to use it and it has failed.
What do I think about the scalability of the solution?
The scalability seems fine. As long as you get the licensing to support it, you can add as many users as you'd like.
We have five or six offices locally, and a few more in different states in the US. We also have one in Shanghai, but they're doing their own thing there. But everyone in our US offices uses it, they all get enrolled. Typically, people will install the app on their phones although they don't have to.
How are customer service and support?
I don't think we've had to use technical support too often, which is a good thing about the product itself.
Which solution did I use previously and why did I switch?
We didn't use an MFA before Duo.
How was the initial setup?
When the solution was rolled out, I wasn't with the company, but we then expanded it in different ways and I have been involved in that. In terms of the initial deployment, from what I can tell, it was relatively straightforward. And from what I've seen since, it hasn't been too hard to expand it to other services.
What was our ROI?
It's definitely a valuable product to have.
Which other solutions did I evaluate?
We may have evaluated other options at a surface level, but we didn't really go too deeply into them. We pretty much went with Duo out the gate.
What other advice do I have?
I would tell leaders who want to build more resilience within their organization to do it right now. It's definitely important and there are a lot of resources out there that can help them on that path. Duo helps with that.
It does what it's marketed to do.
Disclosure: I am a real user, and this review is based on my own experience and opinions.