Cisco Duo

Service scope

Service constraints: Yes, Cisco Duo has certain constraints that buyers should be aware of. These may include limitations on support for certain hardware configurations or planned maintenance arrangements that could temporarily impact service availability. Buyers should review the service terms and conditions to understand any constraints that may affect their use of Cisco Duo.
System requirements: Supported operating systems: Windows, macOS, iOS, Android, Linux.

Compatible web browsers: Chrome, Firefox, Safari, Edge, Internet Explorer.

Internet connectivity for authentication and management operations.

Compatible VPN, remote desktop, or cloud applications for integration.

Mobile devices with supported versions of operating systems.

Active directory or LDAP for user authentication and sync.

Secure internet connection for cloud-based authentication services.

Optional hardware tokens for two-factor authentication.

Regular software updates for security patches and enhancements.

Adequate network bandwidth for seamless authentication and access operations.

User support

Email or online ticketing support: Email or online ticketing
Support response times: 08:30 - 18:00 Weekdays, excluding Bank Holidays. Out of hours support available where necessary. 30 minutes to 8 hour response dependent on priority call, P1 - 30 mins, P2 - 1 hour, P3 - 4 hours, and P4 - 8 hours.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 A
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: WCAG 2.1 A
Web chat accessibility testing: We have not conducted any testing of web chat accessibility with users employing assistive technology.
Onsite support: Onsite support
Support levels: End-user training can be provided at an ad hoc cost. We provide a UK based Service Desk for support. Out of hours support is available. Our helpdesk is made up of 1st, 2nd and 3rd Line technical expertise. A Technical Account Manager will be assigned as standard as a part of our standard and premium IT Support, see our pricing schedule and SFIA Rate Card for details.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Creative Networks assist users in getting started with the Cisco Duo service through a blend of onsite and online training, along with comprehensive user documentation. For onsite training, our team conducts interactive sessions customised to the organisation's requirements. We guide users through setup procedures, authentication methods, and best practices for using Cisco Duo effectively. This hands-on approach enables users to ask questions, receive immediate feedback, and gain practical experience with the service. Additionally, we offer online training sessions conducted via webinars or virtual classrooms, providing flexibility for remote attendance. These sessions cover similar topics to onsite training, allowing users to learn at their own pace and convenience. Moreover, we provide detailed user documentation that outlines step-by-step instructions, troubleshooting tips, and frequently asked questions (FAQs). This documentation serves as a valuable resource for users to refer to whenever they encounter challenges or need additional guidance while using Cisco Duo. In essence, our comprehensive training and documentation resources empower users to confidently adopt and utilise the Cisco Duo service, enhancing their security posture and user experience.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: At the conclusion of a contract with Cisco Duo, users can extract their data by adhering to specific procedures outlined by Cisco Duo or the contract agreement. Typically, this involves accessing the Cisco Duo administration interface to export relevant data, such as user accounts, authentication logs, configuration settings, and reports. Within the Cisco Duo administration interface, users may have access to features facilitating data export, such as built-in reporting tools or data export functionality. Alternatively, users may require assistance from Cisco Duo support or their IT Managed Service Provider (MSP) to facilitate the data extraction process. It's crucial for users to review the terms of their contract with Cisco Duo to understand their rights and obligations concerning data extraction and retention. Some contracts may include provisions for data extraction and transfer upon contract termination, while others may necessitate users to complete the process within a specified timeframe. In summary, users should communicate with Cisco Duo or their MSP to ensure a seamless transition and compliance with data protection regulations when extracting their data at the end of the contract.
End-of-contract process: As a contract with Cisco Duo draws to a close, Creative Networks focuses on securely transferring all client data held within the Cisco Duo service according to contract terms. This entails exporting user accounts, authentication logs, and configuration settings, ensuring a smooth transition for the client. Additionally, Creative Networks reviews post-contract obligations, such as data retention requirements, and collaborates with the client to fulfil these obligations. In terms of pricing, the contract encompasses the base cost of the service, covering essentials like user authentication and basic support. However, certain features or services may incur additional charges, such as premium support or advanced reporting capabilities. Creative Networks will communicate these additional costs transparently to the client, helping them evaluate their suitability within budget constraints. Throughout the contract duration, Creative Networks maintains active engagement with the client, optimising the usage of Cisco Duo and maximising value for the client's investment.

Using the service

Web browser interface: Yes
Using the web interface: Through the Cisco Duo web interface, users can perform various tasks such as configuring authentication methods, adding users, and defining access policies. They have the flexibility to make changes to user information, authentication settings, and access logs. However, administrative privileges may be required for certain tasks, such as adding new applications or modifying global settings. Users may encounter limitations based on their assigned roles and permissions within the system. While the web interface offers comprehensive functionality for managing authentication and access, some advanced configurations or administrative actions may necessitate assistance from Cisco support or designated administrators. Overall, the web interface provides a user-friendly platform for users to efficiently set up and manage the Cisco Duo service while adhering to security protocols and compliance standards.
Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
Web interface accessibility testing: Creative Networks have not conducted any web interface testing with assistive technology users.
API: Yes
What users can and can't do using the API: Users can leverage the Cisco Duo API to perform various tasks related to authentication and access management programmatically. Through the API, users can set up the service by creating and managing user accounts, configuring authentication methods and policies, and integrating Cisco Duo with their existing systems and applications. This allows for streamlined deployment and customisation tailored to specific organisational needs. Additionally, users can make changes to the service through the API by updating user attributes, modifying authentication policies, retrieving authentication logs and reports, and automating administrative tasks. This enables efficient management of the Cisco Duo service and ensures that it aligns with evolving security requirements and user access needs. However, there are certain limitations to what users can set up or change through the API. For instance, while users can perform most administrative tasks programmatically, there may be some advanced configurations or settings that are not accessible via the API and require manual intervention through the web-based administrative interface. Additionally, certain sensitive operations or actions may require appropriate permissions or authentication tokens to ensure security and prevent unauthorized access or modifications.
API automation tools: Ansible

Chef

SaltStack

Terraform

Puppet
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML

PDF

Other
Command line interface: Yes
Command line interface compatibility: Linux or Unix
Using the command line interface: The command-line interface (CLI) for Cisco Duo empowers users to manage authentication methods, user settings, and access policies efficiently through text-based commands. Users can initiate service setup by configuring authentication settings, adding users, and integrating with other systems via CLI commands. Additionally, they can execute commands to modify user permissions, update authentication configurations, and review logs seamlessly. However, the CLI may have limitations compared to graphical interfaces, particularly for complex configurations or administrative tasks that require deeper visibility or intuitive interfaces. Users need appropriate permissions and familiarity with CLI commands to navigate and utilise the interface effectively. While the CLI offers flexibility and efficiency for managing Cisco Duo, users may occasionally need to complement CLI operations with other management tools or interfaces to access certain advanced features or configurations.

Scaling

Scaling available: Yes
Scaling type: Automatic
Independence of resources: To ensure users aren't affected by demand placed on our service by others, we employ strategies like scalability, load balancing, and resource allocation. We monitor demand closely, scaling our infrastructure to accommodate increasing loads without compromising performance. Traffic is distributed across multiple servers to prevent overload, and resources are allocated dynamically based on demand. Redundancy measures such as backup servers and failover mechanisms ensure service availability in case of hardware failures or sudden spikes in demand. Real-time performance monitoring enables us to proactively identify and address issues, maintaining optimal performance and reliability for all users.
Usage notifications: Yes
Usage reporting: Email

Analytics

Infrastructure or application metrics: No

Resellers

Supplier type: Reseller providing extra features and support
Organisation whose services are being resold: Cisco

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with another standard
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Backup and recovery

Backup and recovery: No

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: All service level agreements are as per the ones supplied by Cisco Duo and published by them. Cisco Duo commonly aims for availability levels exceeding 99.9%. Any downtime during working hours is credited on a pro-rata basis.
Approach to resilience: The Cisco Duo service is designed with resilience to ensure uninterrupted access to authentication and secure access features. The service incorporates redundant infrastructure components, including servers, network elements, and data storage systems, to mitigate the impact of hardware failures and maintain continuous availability. Failover mechanisms automatically redirect traffic to alternate servers or data centres in case of primary system failure, minimising downtime. Additionally, Creative Network's third party data centre has geographically distributed data centres enhancing resilience by strategically locating facilities in different regions, reducing the risk of service disruptions due to localised events such as power outages or natural disasters. These data centres feature high availability architecture with redundant power supplies, backup generators, and diverse network connectivity to maximise uptime and ensure consistent service delivery. Continuous monitoring and maintenance, including real-time performance monitoring and security audits, help proactively identify and address potential issues to maintain service availability. Overall, the combination of Cisco Duo's resilient service architecture and the robust data centre setup ensures that Creative Networks can offer clients a reliable authentication and secure access solution, minimising the risk of service disruptions and maximising uptime.
Outage reporting: Our service employs various channels to report outages promptly and effectively. Firstly, we maintain a public dashboard offering real-time updates on service status and ongoing incidents. Users can access this dashboard to stay informed about outages and track resolution progress. Secondly, we provide an API allowing users to programmatically retrieve service status information, including reported outages. This facilitates integration with third-party monitoring tools and automated alerting systems for efficient incident management. Additionally, we send email alerts to notify users about outages and service disruptions. These alerts contain comprehensive details such as the nature of the outage, affected services, and estimated time to resolution. This ensures that users receive timely and actionable information, enabling them to take appropriate measures and stay informed about the service status. By leveraging multiple communication channels, including a public dashboard, API access, and email alerts, we enhance transparency, accessibility, and responsiveness in reporting outages. This approach enables us to minimise the impact of outages on our users and maintain high service availability and reliability.

Identity and authentication

User authentication: Username or password
Access restrictions in management interfaces and support channels: Supplier defined controls. Access to management interfaces is restricted to designated users and controlled with user name and password protection.
Access restriction testing frequency: At least once a year
Management access authentication: Username or password
Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: Less than 1 month
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: Less than 1 month
How long system logs are stored for: Less than 1 month

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: UKAS
ISO/IEC 27001 accreditation date: 24/10/2022
What the ISO/IEC 27001 doesn’t cover: Areas not covered by ISO/IEC 27001 certification include specific business processes unrelated to information security, certain third-party services or suppliers, or compliance with other industry-specific regulations.
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: As an ISO 27001 accredited organisation, Creative Networks adheres to stringent information security policies and processes to safeguard data and mitigate risks. Our framework comprises comprehensive policies covering data protection, access control, encryption, and incident response, regularly reviewed and communicated to all employees. We employ a structured risk management approach, conducting regular assessments and implementing controls to address identified risks. A clear reporting structure ensures prompt incident response and resolution, with designated individuals responsible for escalation and management. Regular audits and assessments monitor compliance with security standards, complemented by ongoing training and awareness programmes to educate employees on best practices. Continuous improvement drives enhancements to policies, processes, and controls in response to evolving threats and regulatory requirements. Through these measures, Creative Networks maintains a robust security posture, fostering a culture of security awareness and ensuring the protection of sensitive information.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Creative Networks adheres to ISO 20000 Standard-compliant Change Management Processes for managing configuration and changes within our services. We maintain a Configuration Management Database (CMDB) to track service components throughout their lifecycle, including hardware, software, and network devices. This ensures accurate inventory management and facilitates impact assessments for changes. Our Change Management Process categorises changes based on impact and urgency, with thorough approval and review procedures. Before implementation, we conduct impact assessments to evaluate potential security implications, considering data confidentiality, integrity, and availability. Changes with significant security impacts undergo additional scrutiny and approval by designated security experts.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Creative Networks employs a rigorous Vulnerability Management process, continually assessing threats through sources like the National Cyber Security Centre and vendor newsletters. We swiftly deploy patches following thorough testing to mitigate risks, integrating with Incident and Change Management processes. Information about potential threats is gathered from various reputable sources, including official advisories, industry bulletins, and threat intelligence feeds. This approach ensures timely and effective identification, assessment, and mitigation of vulnerabilities, safeguarding the security and integrity of our services for our customers.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Creative Networks employs protective monitoring processes with monitoring agents on all devices to swiftly detect and respond to potential compromises. We assess incident severity upon identification to prioritise responses, maintaining a 4-hour SLA for remedial actions. Multiple alert systems are monitored continuously for timely detection. Upon detecting a potential compromise, we promptly investigate, contain the threat, and implement remedial measures to minimise impact. Our goal is to swiftly safeguard the security of our systems and data.
Incident management type: Supplier-defined controls
Incident management approach: Creative Networks follows an ISO 22301-aligned Incident Management Process. Common events have pre-defined procedures. Users report incidents to the Incident Manager, who logs them and gathers relevant evidence. Incidents are rectified using patches or workarounds. We analyse incidents to prevent future occurrences. Regular reviews of archived incidents identify trends and assess effectiveness. Incident reports are provided to stakeholders, detailing the incident and actions taken. Our process ensures prompt incident resolution and continuous improvement.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
Who implements virtualisation: Third-party
Third-party virtualisation provider: Cisco Duo
How shared infrastructure is kept separate: Cisco Duo utilises virtualization technology to segregate applications and users sharing the same infrastructure. This helps enhance security and isolation between different components, ensuring that each user's data and activities remain separate and protected.

Energy efficiency

Energy-efficient datacentres: Yes
Description of energy efficient datacentres: Our datacentres adhere to the EU Code of Conduct for Energy Efficient Datacentres by implementing various measures aimed at reducing energy consumption and improving efficiency. This includes utilising advanced cooling systems, optimising airflow management, deploying energy-efficient hardware, and implementing virtualisation technologies to maximise resource utilisation. Additionally, they employ monitoring and measurement systems to track energy usage and identify areas for improvement continually. By adhering to these best practices, they aim to minimise their environmental footprint while delivering reliable and sustainable datacentre services.

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Wellbeing

Fighting climate change

By providing secure remote access capabilities like Cisco Duo, we can enable organisations to support remote work initiatives. This can lead to reduced commuting and office energy consumption, contributing to lower carbon emissions.

Covid-19 recovery

Cisco Duo facilitates secure remote access to critical systems and data, enabling businesses to maintain operations during lockdowns and other restrictions. This supports business continuity efforts and aids in the recovery from Covid-19-related disruptions.

Tackling economic inequality

Secure access provided by Cisco Duo ensures that employees, regardless of their location or circumstances, can securely connect to their work systems and collaborate effectively. This promotes equal opportunities for remote and on-site workers alike.

Wellbeing

By enabling remote work, Cisco Duo can contribute to employee wellbeing by offering flexibility in work arrangements, reducing stress associated with commuting, and providing a safer working environment during health crises. Additionally, the security provided by Cisco Duo helps safeguard sensitive data, enhancing overall peace of mind for employees and organisations alike.

Pricing

Price: £2.41 to £7.33 a user a month
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: The free version includes basic multi-factor authentication for a limited number of users or devices. Advanced features and support options are not included. The trial is typically available for a 30 day period.
Link to free trial: https://signup.duo.com/?utm_source=cisco&utm_medium=referral&utm_campaign=smb-fy24-q3-na-0102-trials-and-demos-cc004573

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Pricing

Service documents

Cookies on Digital Marketplace

Cisco Duo

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Social Value

Pricing

Service documents