While hackers are becoming more sophisticated and constantly finding new, increasingly complex ways of gaining access to restricted networks, most security experts think that the weakest link isn’t necessarily intrusion detection or virus protection. In most cases, experts say, the weakest link is actually passwords (especially email passwords) — and the problem is especially prevalent in the cloud. With the right credentials, hackers can easily access virtualized servers, effectively shutting down a company’s cloud by limiting the servers’ ability to act “as a service” and, of course, stealing the data contained on those servers.
Cloud security has been a primary concern for many companies, especially those entrusted with highly protected data, such as financial and medical records. However, despite the concerns about security, very few companies have implemented all of the best practices for protecting data — most notably, two-factor authentication. According to one survey by the Ponemon Institute, only about 50 percent of respondents said that that their companies use some form of 2FA, while only 40 percent of those who don’t use 2FA were considering it. Given that in many cases, hackers steal passwords via good old-fashioned phishing or other email-based cybercrime, adding an extra layer of protection via a second factor beyond a password only makes sense.
Typically, companies have been reluctant to implement two-factor authentication for two reasons: Cost and complexity. In the past, 2FA generally involved developing a complex infrastructure, investing in individual tokens, and managing the distribution and appropriate use of said tokens, all of which adds costs and creates headaches for security departments.
However, 2FA has evolved in recent years, and most companies can easily implement simple, cloud-based 2FA solutions. Two-factor authentication is most commonly deployed via software as a service, (SaaS) and takes advantage of mobile technology. In other words, 2FA no longer requires managing a token that can easily be lost or stolen; with a cloud-based authentication solution, users can request a random, one-time use code via SMS, removing the need for expensive infrastructure and tokens.
In most cases, such an arrangement thwarts all but the most sophisticated hackers. Given that a significant number of hacking incidents are merely crimes of opportunity, requiring a second authenticating factor will prevent even a hacker who has the “right” credentials (i.e., a stolen username and password) from gaining access to the secured network. Implementing “risk-based authentication,” or requesting another authenticating factor when the log-in attempt has an aspect identified with risk (such as an unfamiliar IP address) provides another layer of protection as well.
The demand for cloud-based authentication solutions is expected to grow exponentially in the next five years, due in large part to the need for companies to protect their own cloud operations. In fact, some predict that within that same timeframe, 2FA will become the standard for cloud data protection, become as second nature as the username and password protocols we are all familiar with — and the news of data breaches will become less common, and less devastating to businesses of all sizes.