Multifactor Authentication and Cybersecurity
There’s a war going on.
Multifactor authentication (MFA), now common across enterprises of all sizes, has cybercriminals taking note and adapting accordingly. Consider a recent real-world example: Reports on the Russian attack on U.S. elections confirm that hackers were able to bypass MFA systems.
As lines of cyberdefense improve, the bad guys continue to look for the next weak link. And as MFA becomes prevalent, they’re searching for ways to circumvent it.
Hackers tend to be motivated by two factors: how easy it is to break in and what the reward is for doing it. If the hack involves a cloud service provider, the reward could be huge, especially if it’s multitenant—in which case, one hack could mean many breaches.
When it comes to cloud authentication and the choice of a cloud service provider, it’s best to follow these security precautions:
- Take a close look at the security of the cloud service provider’s software development and deployment practices—everything from code reviews to the handling of proprietary information to vulnerability scanning.
- Consider the architecture of the cloud solution and make sure it’s compartmentalized so that if one customer is compromised, the entire platform isn’t.
- Make sure the right security controls are in place to prevent unauthorized users from gaining access to the cloud infrastructure—and that all activity is audited securely.
- Confirm that the service provider is proactive about addressing all aspects of information security.
- Don’t just rely on the vendor to tell you their solution can be trusted. Get third-party certification, as well.
In short, don’t just assume you’re secure–ask questions and verify.
To quote the adage, it’s better to be safe than sorry.
Jerome Becquart is COO of Axiad IDS
Our guest author for this month’s blog represents Axiad IDS, a valued Ingram Micro partner and an industry thought leader in MFA IAM (identity and access management) solutions.
IAM occupies the space where physical and logical security converge. It serves as an additional layer of data security, allowing companies to identify and authenticate employees seeking access to facilities or data.
Unlike most other manifestations of stringent security measures, MFA isn’t an opposing force with user experience or convenience. It removes vulnerability associated with compromised passwords while improving the user experience—alleviating the need to memorize, and frequently change, complex passwords.
Axiad ID Cloud offers a secure, integrated and simplified solution for protecting an organization’s entire ecosystem, including employees and contractors, data, devices and infrastructure. The result is better protection, simpler deployment, less complexity and lower upfront investment.
Dave McClary is a physical security category strategist for Ingram Micro’s security business unit.
This guest blog is part of a Channel Futures sponsorship.