The successor to AWS Single Sign On, AWS IAM Identity Center is used to centrally manage workforce access to multiple AWS accounts and applications. It helps users to securely create or connect workforce identities and manage their access centrally across AWS accounts and applications. AWS states that IAM Identity Center is the recommended approach for workforce authentication and authorization on AWS for organizations of any size and type.
N/A
Cisco Duo
Score 9.5 out of 10
N/A
Cisco Duo is a two-factor authentication system (2FA), acquired by Cisco in October 2018. It provides single sign-on (SSO) and endpoint visibility, as well as access controls and policy controlled adaptive authentication.
IAM plays a pivotal role in our organization, addressing the unique needs of our diverse workforce, which includes full-time employees, part-timers, contractors, and client engineers who access our workloads. This multifaceted solution offers us unparalleled control over access, ensuring that each individual has precisely the permissions they need and nothing more. IAM's robust security features guarantee the protection of our valuable resources and sensitive data. As our organization expands, IAM effortlessly scales with us, adapting to changing requirements, and helping us maintain our commitment to top-tier security and efficient access management.
Cisco Duois is well suited in all kinds of scenarios where you need to ensure proper security measurements, I think. We can't just rely on our passwords only, as they can be easily stolen through phishing or data breaches thus keeping multi factor authentication is quite essential. I always prefer MFA or at least 2FA for any critical system.
So outside the obvious of multifactor and it being important, one thing I really like about DUO is the integrations and the options it has for integrations are pretty great. And I'd say versatile. I use Cisco ICE as well and I find I'm more most impressed with Cisco Duo specifically with the weird applications we could come up with for it in using it. So I had say the versatility of authentication and other AAA factors with the Cisco duo are why we like it so much.
Make it easier for users to assume roles securely, especially in cross-account settings. This might involve simplifying the process of switching roles in the management console or creating a command for AWS CLI that supports smoother role assumption.
Policy testing tools will be invaluable for administrators when they are creating policies. If this tool is able to assess the impact of enforcing a policy it will help greatly in preventing policy misconfigurations that lead to unintended consequences.
Better user interface, AWS should simplify the IAM interface to encourage new users.
Documentation is oftentimes missing key information for proper implementation. This is circumvented by reading third-party guides or contacting support for additional details.
They do not push Fail-Closed as much as I think they should. Fail-Open is fairly trivial to bypass and it should be made known to the customer during setup how much this will affect overall security.
More vendor integration is something that is always craved by administrators. There are so many third-parties to integrate with.
There are a lot of competing solutions on the market; however, Duo "just works", and there is little to no learning curve for the new members to be acclimated to it. As long as that continues I see it as the preferred option moving forward
It gets easier with time, initially, it can be overwhelming for a fresher. Once you're used to working with roles and policies and know when and where it is required eventually it becomes easy
La interfaz es intuitiva y fácil de navegar, lo que permite a los usuarios administrar sus dispositivos y acceder a las políticas sin problemas. La integración con las aplicaciones SSO y SaaS facilita aún más el proceso de acceso, mejorando la experiencia del usuario.
In the last 5+ years we've been using Duo, there may have been 1 outage that impacted us. We do receive periodic notifications of issues but, for the most part, they impact carriers or functionality that we either don't use, or do not care about.
I have not needed direct support for Cisco Secure Access by Duo as I have not had a problem with it, but I have full confidence that the support is outstanding. It is now a core component of the corporate technology stack - a problem would mean a serious degradation in the ability of the company to function.
Implementation was straight forward and you can isolate different scenarios in order to test new application setup or add to an existing setup. Gui interface is pretty easy to understand and follow. I had no experience with Duo and still manage to easily set up new policies and rules.
AWS Identity and Access Management (IAM) excels over Google Cloud IAM with its granular control, extensive service integration, and robust security features. AWS IAM provides fine-tuned access policies, versatile role delegation, and a wide array of services. Its adaptability and extensive toolset make it the preferred choice for businesses of all sizes.
It's easier to deploy. When comparing the quality of technical support, Duo Security is the preferred option. Duo has better integration options for out-to-the-box on-premise and cloud applications. The dashboard brings you more reports, and the access event logging is very complete. The quality of end-user training and documentation is superior. I think the relation price vs. value Cisco Secure Access by Duo has the best rating: service & support, integration & deployment, licensing, and capability.
AWS IAM Identity Center has significantly bolstered our security posture by ensuring that only authorized personnel access our resources. This enhanced security has protected us from potential data breaches or unauthorized use of resources, mitigating risks and potential costs associated with security incidents.
While IAM brings long-term cost savings, there might be initial implementation and training costs. It's important to factor these costs into the ROI equation.
If your organization isn't used to such fine-grained access control, there might be resistance to adopting IAM. Overcoming this resistance might require additional training costs.
