Want a Secure Move to the Cloud? Multi-factor Authentication Can Get You There
History is filled with examples of clear threats ignored. The most recent example was the US housing bubble of 2008, which severely impacted local and global markets when it burst, despite warnings from numerous financial experts.
Within the digital landscape, identity attacks are the new housing bubble. In 2018, attacks reached an all time high, affecting 16.7 million US consumers—an 8% increase from 2017. Added to that, 81% of all data breaches were focused on compromising user credentials. As we move into a new decade, with companies moving more of their systems and applications to the cloud, these breaches are also increasing in sophistication, with the likes of rotating IP addresses and new signatures (proxy anonymizers, app or device spoofing, etc.) enabling malicious actors to avoid discovery by traditional tracking solutions.
Despite the clear threat to their internal and external users and their identities, companies are only putting 4.8% of the total $96.3 billion spent on security towards identity and access management. To remedy this, businesses need to implement a modern approach to identity that combines security with seamless, cloud-based user experiences using tools such as multi-factor authentication (MFA).
Why the cloud alone isn’t enough
Storing data on the cloud is largely considered more secure than keeping it on-premises—but moving to the cloud doesn’t guarantee security. Identities and applications stored on the cloud can still be compromised, and bad actors are refining their hacking techniques in order to do just that.
To combat this, enterprises need to move security to the point of access—as opposed to the network perimeter. Securing how users access enterprise systems and applications means adding in layers of authentication that can verify internal and external identities by using more than usernames and passwords, which have proven fallible as security factors. Enter MFA.
MFA secures access to cloud-based applications by using various factors—security answers, one-time passwords, mobile authenticator apps, and biometrics—to verify user identities. That way, if a hacker has access to one piece of account information (usually, a password), they can’t access the account because they don’t have access to the additional authentication factors.
Unfortunately, MFA adoption isn’t always seamless. All too often, businesses do not deploy MFA consistently for all user groups and all applications across the organization. Hackers often exploit this—once they have one set of credentials they escalate privileges to gain access to more sensitive and proprietary data and information, making it critical to secure all user groups and applications.
Companies have also struggled to make MFA easy to use. By either deploying too many factors or making timeout policies too short, it’s easy to irritate users that have become used to seamless digital experiences both as customers and employees. The key is to balance security with deployability and usability.
Enhance security without risking user experience
Modern solutions such as Okta’s Adaptive Multi-Factor Authentication (AMFA) free organizations from the cumbersome, insecure practice of password entry logins. They enable companies to securely embrace the cloud by mitigating the emerging risks of identity attacks and providing simple login processes without sacrificing security or usability.
This is especially important as user login methods evolve, which in itself creates new security risks. Businesses therefore need to ensure their security can keep pace, which modern MFA does by:
- Enabling dynamic policy changes
- Providing step-up authentication in response to changes in user behavior
- Supporting detection and authentication challenges for breached passwords, proxy use, location and device changes, brute force, and DDOS attacks
- Helping businesses implement universal policies across cloud apps and gateways to their on-premises resources, such as VPNs, Application Delivery Controllers, and LDAP directories
It’s important to remember that not all users or applications require the same MFA policies, and different situations require different authentication and identity assurance strategies. Okta’s Adaptive MFA, for instance, solves this by providing flexible support for a wide range of passwordless authentication factors that help users prove they are who they claim to be, such as:
- SMS, voice, and email
- One-time passwords, such as Okta Verify and Google Authenticator
- Biometric tools like Windows Hello and Apple FaceID
- Physical tokens, including support for RSA, Symantec, and Yubikey tokens
Providing the enhanced level of security required to defend against identity attacks shouldn’t complicate the user experience. Implementing modern, contextual MFA practices will help enterprises to detect high-risk threats and activity and only enforce additional factors when necessary.
If they want to avoid going down the same path as financiers in the 2008 housing crisis, enterprises cannot afford to make the mistake of ignoring the looming threat of identity attacks. Adaptive MFA secures your move to the cloud, and simplifies the process of managing user and application security, and makes monitoring suspicious activity and enforcing security measures simple, all while providing seamless user experiences.
Discover how Okta’s MFA can help your business implement an identity-centric security approach by watching our demonstration.