This article has been indexed from The Duo Blog
Building a security strategy for a company is a balancing act. How do you protect your organization without imposing an unnecessary burden on your employees? If you put too many locks on the door, sooner or later, the window will start to look like a viable option.
Using Duo’s Policy Engine empowers security professionals and IT administrators to put the right locks on the right doors. Policy is the tool that allows you to specify who gets access to what, from where, and through what authentication method.
Like onions, ogres and parfaits, your company’s security policy comes in layers. First is Global Policy, which is required and applies everywhere, all the time. Then, you can create custom policy by layering Application Policy, which is specific to a single application and works in addition to Global Policy. Finally, there’s Group Policy, for which you define a policy to apply to a specific group of Duo end users in your company, and it works in addition to Global Policy and Application Policy.
When it comes to creating your layers, some companies use Global Policy to build their strictest level of protection and then carve out exceptions for areas which only require lighter touches of security using Application and Group Policies. This methodology is considered best practice. Other companies choose to take an additive approach. Their Global Policy covers the solid basics, and then they layer on more strict controls to protect those applications and users which need tighter security.
Group Policy is the most granular policy control. It’s at the top of the hierarchical policy stack, allowing Duo administrators to precisely define how certain users can access company resources. However, right now, only 11% of Duo customers are taking advantage of this precision tool. The sharpest knife in the drawer can be intimidating to use if you’re not sure how to wield it!
Let’s take a look at three cases where Gr
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: User Group-Level Policy: The Sharpest Knife in the Drawer