Virtualization and Cloud executives share their predictions for 2016. Read them in this 8th Annual VMblog.com series exclusive.
Contributed by Steve Watts, co-founder of SecurEnvoy
2FA The Holy Grail of Authentication in the Cloud
The need for employees to be able to login to systems and
business-critical applications remotely using the cloud is increasing, due to
the propensity for staff to work from anywhere at any time; whether from a home
office, a hotel lobby or accompanied by a skinny
decaf sugar-free vanilla syrup latte in one of the seemingly never-ending array of coffee
shops. This has become something that has kept even the calmest CIO up at night
as they try to balance the requirements of remote workers with the challenge of
authenticating users all over the world on a multitude of devices that are
logging into cloud services. Passwords are intrinsically and fatally flawed,
but 2FA can provide a simple solution to keep sensitive corporate information
secure - regardless of where it is accessed.
Two-factor
authentication (2FA) has been around
for much longer than you think. For a decade or more we have been used to a card
reader to use with our bankcard and Personal Identification Number (PIN) when we
need to complete an Internet banking transaction. 2FA technology has
also, over the past year or so, been employed by seven of the ten largest cloud-based
social networking sites
(including Facebook, Twitter and LinkedIn) as their authentication measure of
choice.
Because of this,
the use of the technology has become widespread in the consumer realm, with
consumers well versed in how to use 2FA and the importance of it to keep their
private data safe from prying eyes. So why can't the same be said about the
largest businesses? Surely the time is right for businesses to look at the
user's authentication method of choice?
Boardrooms must now
take the technology seriously. Seemingly every week there is a widespread data
breach hitting news headlines. In fact, recent research
of some 692 security professionals from both global businesses and government
agencies found that almost half (47 percent) have suffered a material security
breach in the past two years.
Many of these breaches
could be have been averted through the implementation of 2FA. The technology is
all things to all people, meaning users can have the same user name and
password for numerous business apps yet you won't get into a TalkTalk type
scenario as the second factor required for authentication is generally hashed,
unknown and randomised for each login. The Ponemon Institute has reported that
the average cost of a data breach for a company is a staggering $3.79 million.
This unreal cost to the business could be increasingly catastrophic and shouldn't
be ignored.
Time for 2FA
Using 2FA can help lower the number of cases of identity
theft in the cloud, on the Internet, as well as phishing via email, because the
criminal would need more than just the user's name and password details, and
often something the user themselves doesn't know if your extra authentication
layer should be a one-time passcode.
Central to the growing popularity of 2FA, is the fact
that the technology provides assurance to businesses that only authorized users
are able to gain access to critical information (whether it be customer
records, financial data or valuable intellectual property). This helps them maintain compliancy to a plethora
of industry regulations such as PCI Data Security Standards, GCSx CoCo, HIPAA, or
SOX.
Another core benefit of 2FA is that it is a key example
of a technology that compliments the prevalence of BYOD (bring your own device)
rather than conflicts against it, as staff can use their existing smartphones
for authentication input. This convenience of integrating the "something you
have" of 2FA with something employees are already used to carrying is a benefit
to users, while also circumventing the need for capital expenditure costs for
the organization. Also, by using devices staff are already familiar with, 2FA
reduces potential training time. In summary, businesses empower employees with
an easy-to-use solution that provides a consistent experience, drastically reducing
login time and human error.
While 2FA empowers users, CIOs and IT decision makers also
benefit from a flexible cloud-based solution that can be hosted how, where and when
they prefer. 2FA is built to suit any business, as it supports both on premise
and cloud hosting and management, making it a strong contender for any CIO changing
their security systems. Cloud services
are appropriately supported by the 2FA provider and give decision
makers full control and flexibility over the solution, which can be rolled out
to departments and employees at their discretion.
The solution is in our pockets
We are constantly
told that users are the weakest link in corporate security. Yet with 2FA
becoming as ubiquitous as taking a selfie is for the modern masses, the
information security technology being seen by many as the holy grail of
authentication could be the one that is literally already at the palm of our
hands. And with the number of mobile phones now exceeding the number of people
on the planet according to GSMA Intelligence
the input mechanism is easy to achieve.
##
About the Author
Steve
Watts, co-founder, SecurEnvoy
Steve Watts brings 25 years' of industry
experience to his role at the helm of Sales & Marketing for SecurEnvoy. He
founded the company with Andrew Kemshall in 2003 and still works tirelessly to
grow the company in new and established markets. His particular value is
market and partner strategy; having assisted in the development and design of
the products, designed the pricing strategy and recurring revenue model that
has been so key to the businesses growth and success.
Before starting SecurEnvoy, Steve was
responsible for setting up nonstop IT, the UK's first IT security reseller in
1994. Prior to setting out on his own, Steve worked as Sales Director at the
networking and IT division of Comtec, and had started his career in office
solution sales in 1986.
Outside of work, Steve is a keen rugby fan.
He also enjoys sailing, mountain biking, golf and skiing.