Do you value your privacy? Your brand reputation? Or your money? I bet you do. Nowadays, almost all generated data, whether it is personal, medical, or professional is processed and stored by a cloud-based application. Would you risk the confidentiality, integrity, and privacy of your data in the cloud to be protected by a single password?
Passwords are known for being easy to break (or guess). Once a criminal gets hold on your precious credentials, they can access all your emails, your photos, your bank account, commit impersonation fraud and wreak havoc.
The solution is to harden the security of your assets in the cloud by enabling multi-factor authentication (MFA). MFA made the news headlines recently when President Biden signed an Executive Order asking federal agencies to “adopt multi-factor authentication… to the maximum extend.” Although the Executive Order covers a wide array of cybersecurity challenges, it is very clear about the importance of implementing multi-factor authentication.
What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is an authentication method that requires the user to provide two or more factors to verify his identity and gain access to an application or an online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. The use of additional identity verification factors, instead of a single password, decreases the likelihood of a successful cyber-attack.
MFA is based on three factors of identity verification:
- Knowledge – something you know, such as a password or a PIN.
- Possession – something you have, such as a smartphone.
- Inherence – something you are, such as a biometric like fingerprints or voice recognition.
With the proliferation of artificial intelligence and machine learning, organizations can leverage other forms of multi-factor authentication, like:
- Location-based, where the location factor is derived from the geolocation data of the smartphone. Location data can be used to block the access to cloud assets.
- Adaptive authentication, or risk-based authentication, where additional factors are analyzed by considering context and behavior. These values are used to determine the risk level and adapt the authentication method accordingly. For example, if the request is determined as low-risk, authentication can be done with Single Sign-On. If the access request is medium risk, authentication would step up to include MFA.
Why is MFA Important in the Cloud?
With the accelerated migration of business and data to the cloud, MFA has become even more important. Cloud environments have blurred traditional corporate boundaries and users can be located anywhere, in disparate geographic locations than the enterprise premises. In a sense, in cloud computing everyone is an outsider, even company employees. By extend, trust has become a vulnerability. We can no longer consider that those inside the company are the good guys while the ones outside are the bad guys.
A zero-trust approach to access security dictates the need to establish a robust access security. As users are accessing corporate systems anytime and from anyplace, MFA can help ensure that they are who they say they are by prompting for additional authentication factors that are more difficult for adversaries to compromise or use brute force to crack.
The key benefit of using MFA in the cloud is that it will enhance your organization’s access security by requiring your users to strongly identify themselves by more than a single password. Passwords are important but they are a lucrative target for criminals and vulnerable to brute force attacks. Enforcing the implementation of MFA means increased confidence that your organization will be safer against cyber-attacks.
Selecting an MFA Solution
One of the most common MFA factors that users encounter are one-time passwords (OTP). OTPs are 4–8-digit codes that are being generated periodically by an authenticator app. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor which could simply be a counter that is incremented or a time value.
Even though businesses have accelerated their digital transformation and their journey to the cloud, they still host servers and services on-premises. Hence, the access security solution to deploy should be capable of providing a seamless MFA across the hybrid business environment, with low total cost of ownership (TCO) and variety of authentication mechanisms to support all access scenarios. In addition, the access management solution should be in the cloud to avoid any bandwidth bottlenecks that may disrupt the authentication process and harm user experience.
Thales SafeNet Trusted Access enables organizations to protect enterprise apps and scale securely in the cloud with a comprehensive list of authentication capabilities. Step-up, risk-based authentication makes it easier to implement MFA across the entire application portfolio for an enterprise. A key benefit of SafeNet Trusted Access is its support for a wide range of MFA form factors, including hardware and software, SMS and email, push notification and biometrics, and numerous authentication methods including OTP, PKI (certificate-based), adaptive and pattern-based authentication.
SafeNet Trusted Access supports authentication standards, including RADIUS, OpenID and SAML – all delivered from the cloud. In addition, SafeNet Trusted Access supports passwordless authentication via FIDO in a variety of methods, including via PUSH OTP, certificate-based authentication, FIDO authentication and Windows Hello. Based on customer feedback, Thales is a Customer First vendor in the Access Management market for the SafeNet Trusted Access series of products.
About the Author
Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years’ worth of experience in managing IT projects and evaluating cybersecurity. During his service in the Armed Forces, he was assigned to various key positions in national, NATO, and EU headquarters and has been honored by numerous high-ranking officers for his expertise and professionalism. He was nominated as a certified NATO evaluator for information security.
Anastasios’ interests include among others cybersecurity policy and governance, ICS and IoT security, encryption, and certificates management. He is also exploring the human side of cybersecurity – the psychology of security, public education, organizational training programs, and the effect of biases (cultural, heuristic and cognitive) in applying cybersecurity policies and integrating technology into learning. He is intrigued by new challenges, open-minded and flexible.
Currently, he works as a cybersecurity content writer for Bora – IT Security Marketing. Tassos is also a member of the non-profit organization Homo Digitalis.