Seamless Secure Work on a Plane
Frequent travelers – this blog is for you. Let’s start off by walking through the experience of the remote worker that is always on the move. This traveler has the perfectly packed bag. They know exactly what time to show up at the airport to walk directly onto the plane. And their accumulated miles are a prized possession.
However, one thing this frequent traveler can’t control is the work experience once they’re on that plane. Maybe there’s fast and free Wi-Fi available for all devices and they can seamlessly do their jobs the same as in the office. Or maybe, that’s not the case.
Anyone who has tried to work on a plane knows that the quality of connection when you’re in the air can be inconsistent. To pile onto the problem of connectivity, you might need to connect to your VPN to access your applications or perform multi-factor authentication (MFA) to login to your account. Now you have your laptop out, but your VPN won’t connect, you’re trying to authenticate with a phone that doesn’t have service, and after you jump through those hoops, your applications won’t load.
Even though you might prefer to watch a movie or take a nap on the flight, sometimes that’s not an option. And if you do have to work, Cisco wants to make it easy for the end user, without sacrificing security. When deploying Cisco’s User Protection Suite across your organization, you can protect all users, access to applications, and devices without getting in the way of user productivity.
Now let’s tell the story of the frequent traveler who is connecting to their organization’s resources, protected by the User Protection Suite. Rather than establish a VPN connection to access applications on the network, Cisco Secure Access provides a direct connection to the application through unique Zero Trust Network Access (ZTNA) capabilities.
How does Cisco recreate the same end user experience that you might get in the office while traveling? Cisco’s ZTNA capabilities were built using brand-new technology, rather than relying on legacy networking protocols, or IP addresses to define the connection to the application, which can slow users down.
This new technology, called MASQUE, establishes the connection using the QUIC protocol. In the old days, the user would have to connect to a tunnel to then connect to the application. QUIC takes a different approach and creates a low overhead “session stream” which can provide quick (pun intended) connections, even when the internet is unreliable. QUIC does this by providing fast recovery by tracking each session with “tags” so if any traffic is lost it can be quickly recovered. It can also exist in separate streams so any loss in one stream will not affect another. This creates a stable and resilient working environment for the user, even on an unreliable connection. And from the end user’s point of view, all they see is an application that loads quickly.
Connecting to the application quickly is an important step to getting to work. Another requirement for seamless and secure access is to be able to authenticate your identity, even if you can’t connect to your phone. Most authentication providers today rely on push requests after you submit your username and password. If you have Wi-Fi available for all devices on a flight, that’s not a problem. If you don’t have a mobile connection, you need a way to safely authenticate, that doesn’t remove security protocols but also doesn’t get in the way of trusted users.
That’s where Duo’s offline access for Windows or Mac comes in. For Duo administrators, it only takes a few clicks to set up offline access, and you have the option to configure the policy as global policy or for certain user groups that are the frequent travelers. You can also enable offline access for certain applications or block it for others.
Once you activate offline access for your account, users can automatically login with either an offline security code (provided through the Duo mobile app) or a security key, even when your phone cannot accept a traditional push request. Admins also have full visibility into these authentications and can see when users are utilizing offline authentication, the devices that are accessing resources, and if those authentications were successful.
And Duo is not stopping there. We are continuing to research new ways to provide secure and simple offline access. One priority for our team this year is to launch Passwordless Offline for Windows. This will bring the strongest, phishing-resistant authentication option to all users (even those on a plane).
When we think about seamless and secure access there are multiple requirements to make that happen. Users need to be able to quickly access applications and resources, regardless of location, whether that is in the office or on a plane. It also means not sacrificing security protocols or putting organizations at risk to grant that access. In the ideal world everyone would be working on a fast and secure network in the office. People work in many diverse conditions. At Cisco, it’s important to put users first and rethink the traditional security/productivity tradeoff. Instead, let’s have both.
To learn more about how Cisco’s User Protection Suite can protect your workforce on planes, trains and automobiles, connect with an expert today.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share: