Virtualization Technology News and Information
Article
RSS
SecurEnvoy 2016 Predictions: 2FA The Holy Grail of Authentication in the Cloud

Virtualization and Cloud executives share their predictions for 2016.  Read them in this 8th Annual VMblog.com series exclusive.

Contributed by Steve Watts, co-founder of SecurEnvoy

2FA The Holy Grail of Authentication in the Cloud

The need for employees to be able to login to systems and business-critical applications remotely using the cloud is increasing, due to the propensity for staff to work from anywhere at any time; whether from a home office, a hotel lobby or accompanied by a skinny decaf sugar-free vanilla syrup latte in one of the seemingly never-ending array of coffee shops. This has become something that has kept even the calmest CIO up at night as they try to balance the requirements of remote workers with the challenge of authenticating users all over the world on a multitude of devices that are logging into cloud services. Passwords are intrinsically and fatally flawed, but 2FA can provide a simple solution to keep sensitive corporate information secure - regardless of where it is accessed.

Two-factor authentication (2FA) has been around for much longer than you think. For a decade or more we have been used to a card reader to use with our bankcard and Personal Identification Number (PIN) when we need to complete an Internet banking transaction. 2FA technology has also, over the past year or so, been employed by seven of the ten largest cloud-based social networking sites (including Facebook, Twitter and LinkedIn) as their authentication measure of choice.

Because of this, the use of the technology has become widespread in the consumer realm, with consumers well versed in how to use 2FA and the importance of it to keep their private data safe from prying eyes. So why can't the same be said about the largest businesses? Surely the time is right for businesses to look at the user's authentication method of choice?

Boardrooms must now take the technology seriously. Seemingly every week there is a widespread data breach hitting news headlines. In fact, recent research of some 692 security professionals from both global businesses and government agencies found that almost half (47 percent) have suffered a material security breach in the past two years.

Many of these breaches could be have been averted through the implementation of 2FA. The technology is all things to all people, meaning users can have the same user name and password for numerous business apps yet you won't get into a TalkTalk type scenario as the second factor required for authentication is generally hashed, unknown and randomised for each login. The Ponemon Institute has reported that the average cost of a data breach for a company is a staggering $3.79 million. This unreal cost to the business could be increasingly catastrophic and shouldn't be ignored.

Time for 2FA

Using 2FA can help lower the number of cases of identity theft in the cloud, on the Internet, as well as phishing via email, because the criminal would need more than just the user's name and password details, and often something the user themselves doesn't know if your extra authentication layer should be a one-time passcode.

Central to the growing popularity of 2FA, is the fact that the technology provides assurance to businesses that only authorized users are able to gain access to critical information (whether it be customer records, financial data or valuable intellectual property).  This helps them maintain compliancy to a plethora of industry regulations such as PCI Data Security Standards, GCSx CoCo, HIPAA, or SOX.

Another core benefit of 2FA is that it is a key example of a technology that compliments the prevalence of BYOD (bring your own device) rather than conflicts against it, as staff can use their existing smartphones for authentication input. This convenience of integrating the "something you have" of 2FA with something employees are already used to carrying is a benefit to users, while also circumventing the need for capital expenditure costs for the organization. Also, by using devices staff are already familiar with, 2FA reduces potential training time. In summary, businesses empower employees with an easy-to-use solution that provides a consistent experience, drastically reducing login time and human error.

While 2FA empowers users, CIOs and IT decision makers also benefit from a flexible cloud-based solution that can be hosted how, where and when they prefer. 2FA is built to suit any business, as it supports both on premise and cloud hosting and management, making it a strong contender for any CIO changing their security systems.  Cloud services are appropriately supported by the 2FA provider and give decision makers full control and flexibility over the solution, which can be rolled out to departments and employees at their discretion.

The solution is in our pockets

We are constantly told that users are the weakest link in corporate security. Yet with 2FA becoming as ubiquitous as taking a selfie is for the modern masses, the information security technology being seen by many as the holy grail of authentication could be the one that is literally already at the palm of our hands. And with the number of mobile phones now exceeding the number of people on the planet according to GSMA Intelligence the input mechanism is easy to achieve.

##

About the Author

Steve Watts, co-founder, SecurEnvoy

Steve Watts brings 25 years' of industry experience to his role at the helm of Sales & Marketing for SecurEnvoy. He founded the company with Andrew Kemshall in 2003 and still works tirelessly to grow the company in new and established markets. His particular value is market and partner strategy; having assisted in the development and design of the products, designed the pricing strategy and recurring revenue model that has been so key to the businesses growth and success.

Before starting SecurEnvoy, Steve was responsible for setting up nonstop IT, the UK's first IT security reseller in 1994. Prior to setting out on his own, Steve worked as Sales Director at the networking and IT division of Comtec, and had started his career in office solution sales in 1986.

Outside of work, Steve is a keen rugby fan. He also enjoys sailing, mountain biking, golf and skiing.

Published Wednesday, December 02, 2015 8:35 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2015>
SuMoTuWeThFrSa
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789