The vendor presents AWS Control Tower as the easiest way to set up and govern a new, secure multi-account AWS environment. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while knowing new accounts conform to company-wide policies.
N/A
Cisco Duo
Score 9.4 out of 10
N/A
Cisco Duo is a two-factor authentication system (2FA), acquired by Cisco in October 2018. It provides single sign-on (SSO) and endpoint visibility, as well as access controls and policy controlled adaptive authentication.
We were wanting to prove the concept of a low touch process for quickly spinning up boilerplate AWS environments. We were able to get started quickly and to ensure that the AWS Well-Architected Framework principles were followed - at least upfront - however, we found that for our use case and expertise level it ultimately wasn't a fit. We have the skills on our team to manage more of this on our own. My recommendation would be contingent on what skills are already available on your team: if you can "do it yourself" you might as well so that you don't pay for resources you don't need and you have finer grain control over what's created.
Cisco Duo is extremely well-suited for someone wanting to add MFA to an on-premise Active Directory environment. Some of the other vendors in this space do provide this feature, but they do not natively support it. One of the top competitors in this space requires signing up with another third-party service to make this integration possible. Less moving parts for something as crucial as this is a huge benefit and having only one vendor to point fingers at makes troubleshooting much simpler.
If you need to integrate some legacy applications to Cisco Secure Access by Duo, it's not easy.
If you want to have more detailed information and reports, you need to pay more for the licensing. The basic option is not enough.
A constraint could be that each employee has to install it on their personal smartphone, which some don't like. But, there is an alternative using SMS, although sometimes it takes too long to receive the message.
There are a lot of competing solutions on the market; however, Duo "just works", and there is little to no learning curve for the new members to be acclimated to it. As long as that continues I see it as the preferred option moving forward
There is no way to easily close an AWS account whether it was created manually or via the AWS Control Tower. It takes too many steps to close it vs to provision a new AWS account
La interfaz es intuitiva y fácil de navegar, lo que permite a los usuarios administrar sus dispositivos y acceder a las polĂticas sin problemas. La integraciĂłn con las aplicaciones SSO y SaaS facilita aĂşn más el proceso de acceso, mejorando la experiencia del usuario.
In the last 5+ years we've been using Duo, there may have been 1 outage that impacted us. We do receive periodic notifications of issues but, for the most part, they impact carriers or functionality that we either don't use, or do not care about.
Since it’s a reputable company, I have received technical support when needed and I trust that if anything else happens I can contact them with any issues. I haven’t experienced bad customer service and I totally feel supported while using this authentication method. No complains so far and the high rating!
Implementation was straight forward and you can isolate different scenarios in order to test new application setup or add to an existing setup. Gui interface is pretty easy to understand and follow. I had no experience with Duo and still manage to easily set up new policies and rules.
Using AWS Systems Manager and other slightly lower level components has been helpful for us to manage parts of our AWS presence at a more granular level than AWS Control Tower was designed for. It's not at all an apples-to-apples comparison as they solve different use cases, but for us, the use case associated with AWS Systems Manager was a better fit for our specific needs and skillsets. We did not need everything that AWS Control Tower was doing for us.
Our school is based in Microsoft 365. Azure has a product built into their licensing (provided you have purchased the appropriate level or the add-on product.) The MFA in Azure is a work in process and doesn't offer broad integration options as Duo does. We didn't look into any other commercial products.
