What Is Trusted Access?

Trusted access takes a zero-trust approach to authentication by verifying user identity and device health before granting secure access to enterprise resources. Continuous trusted access requires adaptive security policies and real-time monitoring.

What are the benefits of trusted access?

Trusted access management solutions help prevent attacks by providing:

  • Continuous user and device monitoring
  • Granular endpoint device visibility
  • Dynamic access policy enforcement
  • Remote and bring-your-own-device (BYOD) security
  • Secure access to cloud and network
  • Reduced risk of breaches

How does trusted access work?

Trusted access uses access policies to continuously verify user and device compliance. Access management software enrolls users and devices, and then allows administrators to set adaptive, context-aware access policies that grant or deny access to protect an organization's network and assets.

How do you implement trusted access?

To implement trusted access, first choose a reliable access management solution. Enroll users and devices, define access policies, and then set up multi-factor authentication (MFA) to allow users to access the applications they need. Lastly, continuously verify user identity and device posture to enforce adaptive access policies.

What are types of trusted access?

Multi-factor authentication

MFA is an access security process that verifies user identity at login with two or more identity-checking steps, supporting trusted access. Cisco Duo trusted access incorporates strong MFA designed to protect against the latest attacks that target gaps in weaker MFA solutions.


Single sign-on (SSO)

SSO works with MFA to provide a simplified approach to authentication, providing users with one fast login to all permitted cloud or on-premises applications. There's no need to remember multiple credentials.


Passwordless authentication

Passwordless authentication provides secure access with verification methods that don't rely on passwords. Such methods include biometrics, security keys, and mobile authenticator applications.


Device trust management

Device management tools gain visibility into devices to verify health before granting access. You can assess and monitor device posture, enforce access policies across managed and unmanaged devices, and spot anomalous login activity.


Remote access

Remote access solutions secure user and device access to cloud and on-premises applications no matter how, where, or when trusted users log in. You can enable remote access with or without a VPN.


Adaptive access

Administrators can use access management solutions to create adaptive access policies for user groups and specific applications based on contextual factors like role, device, and location. With granular visibility into users and devices and policy enforcement by application, solutions can dynamically respond to risk and protect trusted users while deterring attackers.

How do you implement trusted access?

Gain endpoint visibility

Start by gathering data on your endpoints. Deploy an access management solution that provides visibility into endpoint device features. A detailed inventory of your users' devices should include platform, OS versions, model type, and plug-ins. The inventory should also list enabled security features, such as pass codes, screen lock, encryption, or Touch ID.


Identify at-risk devices

With granular endpoint visibility and device analysis, identify at-risk devices running outdated software that attackers could exploit to install malware on your network.


Log users and authentications

Access management software keeps authentication logs that provide data about your enrolled users and their logins. Such data includes username, time of attempt, application or integration type, authentication method used, IP address, location, and whether the access attempt failed or succeeded.


Trust devices and networks

Using information gathered from the previous stages, choose to either trust certain devices and networks or set restrictions based on custom profile groups. For example, you can require MFA for engineering users who access code repositories and business data. Others logging into less sensitive services may require fewer restrictions.


Urge users to update

Automated self-remediation features can notify users that their software is out of date. Users also have the option to update their browsers, plug-ins, or OS. Self-remediation makes your IT environment safer while reducing the need for help-desk calls.


Block at-risk devices

Endpoint remediation software lets administrators automatically block devices with outdated software from accessing enterprise applications. This action helps to ensure that only healthy devices are accessing your company's applications and data.