Interview – Richard Archdeacon – Duo Security
DAN ASSOR [00:00:01] Okay. Hi, guys. So next up is Richard Archdeacon, who is an Advisory CISO at Duo Security. Good morning, Richard.
RICHARD ARCHDEACON [00:00:11] Good morning, Andrew. How are you this morning?
DAN ASSOR [00:00:14] I’m good, it’s Dan but I know it says Andrew up on the screen. So, Richard, tell me about Duo, it’s history where it’s been and you know where it is today. Just if you could bring the company to life for us that’ll be great.
RICHARD ARCHDEACON [00:00:31] Sorry. Can you just repeat?
DAN ASSOR [00:00:32] Yes, sorry, Richard. It could be great if you could just introduce Duo Security to our viewers. Tell us about history and where it is.
RICHARD ARCHDEACON [00:00:40] Certainly Duo is an organisation is now part of the Cisco group, It was founded about 7 or 8 years ago in Michigan. It specialises in looking at the end user and providing secure access through various factors, looking at multi, looking at MFA, looking at the device health, and then making sure that the user only goes and uses those resources that they should be using.
DAN ASSOR [00:01:09] Fantastic and in terms of your regional reach, is it just the U.K.? Global? Europe?
RICHARD ARCHDEACON [00:01:18] I cover the whole of Europe, Middle East and Africa.
DAN ASSOR [00:01:21] Okay. And do you see many sort of regional differences with the work that you do in terms of how they interact with you?
DAN ASSOR [00:01:28] Well, I think all areas are now driven forward by this need to drive more security around the endpoint, not only the endpoint, but also the user and I think we’ve seen a dramatic change in how people are working. And so I think all over the region, theres focus on this new perimeter we have to protect, which is at the endpoint. So I think it’s a pretty common issue throughout the region, to be quite honest.
DAN ASSOR [00:01:53] Sure. Could you tell us a bit about multifactor authentication?
RICHARD ARCHDEACON [00:02:00] Well, multifactor authentication, there’s phase one aspect of how one verifies who is using one’s assets. I think with one of your previous conversations, you use the expression the evil twin. So who is actually accessing our resources? Is it actually the person they say they are? Or is it somebody else who’s just masquerading? The whole concept of identity has become obscured on the Internet and as we all know, there’s any number of statistics. The easiest way into an organisation is through the front door using compromised credentials. So what MFA does is it makes the user assert who they are. So I log in and then I get told to say, yes, it is me and this is really important because you can now tell if that users being confirmed. It’s not a fake personwith stolen credentials, but also its very significance in changing the culture of the organisation, because using MFA, you’re driving security decisions back to the end user. The end user is actually helping the security team protect the organisation during the process of accessing the company’s resources, the organisation’s resources.
DAN ASSOR [00:03:11] Sure. And I’d noticed that you have you call a trusted access platform or you refer to a trusted access platform, which sounds quite intriguing. Can you just tell us a bit more about that is?
RICHARD ARCHDEACON [00:03:25] Yeah. So I said earlier, about security shifting around the endpoint, computing going down to the endpoint. It’s a trend that’s been going for some years and that endpoint consists of the user and a device that they’re going to be accessing that could be anywhere, any place, any type of device. It could be one we own, one we don’t own. So it could be a BYOD type device. So how do we learn to set a series of tests if you want policy decisions which will enable us to make a trust, the trust level, which will then enable you to access your resource. So, for example, do we trust you enough to look at our finance applications? Do we trust you enough to look at all our clients and management application? And we do that by looking at a number of factors. The user, the MFA getting used to confirm who they are, but then also looking at the device itself. What’s the state of the device? Because a compromise device is just as dangerous. So we look at the status of the device. We look at any number of characteristics and then we can then make a decision around that access. So if somebody is trying to access the finance application, it’s 2:00 a.m. from the other side of the world. When they normally access it at 9:00 to 5:00 in the office, we can say, hang on. There’s something funny going on here.
DAN ASSOR [00:04:43] Sure and remote access is obviously a huge market in today’s climate. What differentiates yourself in this area, do you think?
RICHARD ARCHDEACON [00:04:54] Well, I think we focussed on a number of factors. The first is making it very easy for the end user, what we refer to as democratised security, making it really simple and making it available to large corporations as well as, you know, small family businesses. So I think that’s one of the aspects which is is important. Ease of use. Absolutely critical. Secondly, Cloud delivery means it’s very easy to apply and implement and we can get an organisation…
DAN ASSOR [00:05:28] It seems like we lost the sound there. We’re going to cut to a quick break.
DAN ASSOR [00:06:13] Hi, welcome back. I was just interviewing Richard Archdeacon from Duo Security. Hi, Richard. Hopefully you’re back with us now.
RICHARD ARCHDEACON [00:06:25] Yeah, I can hear you well.
DAN ASSOR [00:06:26] Perfect. So you were talking previously about remote access, I was saying it’s a huge market. And what differentiates you in this area? Maybe you can just remind our viewers.
RICHARD ARCHDEACON [00:06:39] Yeah, it’s focussing on three things. One was the the ease of use for the end user because you’re incorporating them into the whole process, it has to be easy to use. Otherwise, they’ll get they’ll get around it. Second, the ease of deployment and span of coverage as cloud based solution, easy to deploy, easy grid to maintain, a very quick to deploy. And the third aspect is inbuilt integration, you can integrated into most applications pretty quickly. So it’s very easy to integrate and if you haven’t got a built in integration, then all the documentation is there. Easy for you to actually get your team integrating with all of your particular applications. All the standard applications you’d expect are integrated already. So speed of deployment, speed of use and ease of use.
DAN ASSOR [00:07:25] Sure. I guess during normal times this is all great. But during lockdown, I guess there was a bit of a rush to get people working remotely. Do you think security sort of went out the window a bit whilst people were trying to get their offices set up?
RICHARD ARCHDEACON [00:07:41] I think people were very well aware of security and the threats posed by people remote working. So I think that a lot of people were putting in very rapid security solutions in order to meet that rising demand. And what I’m seeing now talking to CISO’s is that they’re saying we were fighting the fire a couple of months ago. Now, let’s actually turn this into a proper strategy where we can transform the way our business works. So I think that’s the change we’re seeing now.
DAN ASSOR [00:08:11] Perfect. Thank you. And finally, what Richard, what products and services do you integrate with?
RICHARD ARCHDEACON [00:08:18] Well, I think there’s a huge list of other technologies we integrate with and I would suggest that people go to our site and have a look at them. I couldn’t remember them all, there’s so many.
DAN ASSOR [00:08:28] Absolutely. Okay. So, Richard, thank you so much for those thoughts. And Richard Archdeacon is from Duo Security and we encourage you to go and visit the Duo Security website. So after quick break, we’re going to move on to Nick Baglin from Contrast Security.