Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
    • By Category
      • AI/AI Index
      • Cloud/Cloud Wars
      • Cybersecurity
      • Data
    • By Interest
      • Leadership
      • Generative AI
      • Partners Ecosystem
      • Process Mining
      • Sustainability
    • By Industry
      • Financial Services
      • Healthcare
      • Manufacturing
      • Retail
    • By Type
      • Guidebooks
      • Summits
      • Roundtables
      • Video Moments
    • By Vendors
      • All Vendors
      • AI/Hyperautomation
      • Cloud
      • Cybersecurity
      • Data
  • Courses
    • Cloud Wars Top 10
    • Selling AI, Cloud, Data & Cybersecurity
    • The Demise of Traditional Go-To-Market Strategies
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
Twitter Instagram
  • Courses
  • Summit NA
  • Dynamics Communities
Twitter LinkedIn
Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
        • By Category
          • AI/AI Index
          • Cloud/Cloud Wars
          • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
          • Data
        • By Interest
          • Leadership
          • Generative AI
          • Partners Ecosystem
          • Process Mining
          • Sustainability
        • By Industry
          • Financial Services
          • Healthcare
          • Manufacturing
          • Retail
        • By Type
          • Guidebooks
          • Summits
          • Roundtables
          • Video Moments
        • By Vendors
          • All Vendors
          • AI/Hyperautomation
          • Cloud
          • Cybersecurity
          • Data
  • Courses
    • Cloud Wars Top 10
    • Selling AI, Cloud, Data & Cybersecurity
    • The Demise of Traditional Go-To-Market Strategies
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
    • Login / Register
Acceleration Economy
    • Login / Register
Home » Multi Factor Authentication – The Low Hanging Fruit
Cybersecurity as a Business Enabler

Multi Factor Authentication – The Low Hanging Fruit

Analyst Column: Security as an Enabler
Chris HughesBy Chris HughesOctober 1, 2021Updated:December 7, 20214 Mins Read
Facebook Twitter LinkedIn Email
Multi-Factor Authentication
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

Due to the COVID-19 pandemic, 2019 and 2020 saw businesses increasingly shift to a remote workforce. As part of that shift, organizations increasingly exposed business systems externally and adopted Software-as-a-Service (SaaS). These subscription-based services and externally accessible business applications facilitate their business continuity and operations. However, this also presents risks. Because of added risk factors, industries saw a greater need for multi-factor authentication.

Protecting Critical Business Information

These SaaS environments often store critical business information. From customer relationship management, they stored sensitive data. For instance, this may include personally identifiable information (PII) and even organizational intellectual property (IP).

Many organizations simply utilize usernames and passwords. Usernames and passwords aren’t sufficient from a security perspective. Hackers can easily guess and often expose these credentials. Individuals can also check if their credentials have been compromised through popular websites where you enter email addresses. They can check if they have been involved in a data breach.

Malicious actors often expose these during hacks and data breaches. These threats allow hackers to use them to compromise other accounts. This isn’t uncommon, since many individuals re-use credentials from one environment to another. For example, you have your personal email or social media account credentials. Then, you might re-use those credentials, such as for your business accounts and environments. Malicious actors are able to combine guessing usernames and passwords to pivot from personal accounts to business accounts.

Implementing Multi-Factor Authentication

There are a lot of options to secure externally exposed business applications or SaaS environments. One of the easiest to implement and biggest value-added is Multi-Factor Authentication (MFA). MFA is essentially adding another layer of security to your login process. Instead of only providing a username and password, you can now require users to also provide a second factor of authentication. For example, you can require a code delivered via SMS to your cell phone. You can also take it a step further by utilizing applications, such as Google Authenticator, to generate one-time passwords.

Implementing MFA forces malicious actors to need more than just present credentials, such as usernames and passwords. It also requires them to provide codes delivered via SMS text or one-time passwords delivered to applications. This exponentially increases the difficulty for malicious actors looking to gain unauthorized access to your sensitive information.

Leaders in the MFA space point out that implementing MFA has the benefits of enabling stronger authentication. Additionally, it adapts to the remote workforce. It does so without compromising the user experience.

SMS Attacks

Despite the merits discussed above, MFA isn’t without its own concerns, particularly SMS. For example, many utilize SMS text for MFA. However, it can be compromised by SMS attacks. This includes compromising phones, phone numbers, or even messaging centers.

If these attacks are successful, the SMS text sent to your mobile device as part of the MFA process can be exposed or intercepted by malicious actors. It can be utilized and paired with your compromised usernames and passwords to ultimately access your business accounts. Even organizations, such as the U.S. National Institute of Standards and Technology (NIST), have dismissed the use of SMS messages with one-time passwords as a secure MFA measure.

Secure Methods of Multi-Factor Authentication

Utilizing a one-time password application, such as Google Authenticator or Duo, is a more secure MFA method than SMS text messaging. This is due to the potential attacks mentioned above. While malicious actors can also capture one-time passwords (OTP), the method is much more unlikely than the compromising of SMS messaging.

Final Thoughts

As organizations increasingly move to support the remote workforce, exposure to internal business applications will grow. This especially pertains to when it couples with increased adoption of cloud-based systems and SaaS. With this growth, organizations will continue to expose sensitive data. This continuation will typically be through cloud-based storage or by granting external access to their environments as part of SaaS subscriptions.

This reality warrants increased security measures. These measures safeguard both organizational and customer data from malicious actors. Businesses should adopt MFA. Furthermore, they should particularly consider software-based OTP’s to mitigate this risk, secure their business data, brand and avoid potential blowback, both from a regulatory and customer perspective.

Cybersecurity Cybersecurity channel featured Security as an Enabler
Share. Facebook Twitter LinkedIn Email
Analystuser

Chris Hughes

CISO & Co-Founder
Aquia

Areas of Expertise
  • Cybersecurity
  • LinkedIn

Chris Hughes is an Acceleration Economy Analyst focusing on Cybersecurity. Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry Working Groups such as the Cloud Security Alliances Incident Response Working Group and serves as the Membership Chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and Cybersecurity leaders from various industries to assist their organizations with their Cloud migration journeys while keeping Security a core component of that transformation.

  Contact Chris Hughes ...

Related Posts

Oracle to Pair Up in Cloud with AWS, Salesforce, Workday, Others, Says Larry Ellison

September 28, 2023

AI Careers: Job Market Insights, Skills, and Salaries

September 28, 2023

Road to Community Summit North America: Artificial Intelligence, Networking Opportunities, Attendee Tips

September 28, 2023

Oracle: We’ll Connect With AWS, SFDC, Everybody!

September 28, 2023
Add A Comment

Comments are closed.

Recent Posts
  • Oracle to Pair Up in Cloud with AWS, Salesforce, Workday, Others, Says Larry Ellison
  • AI Careers: Job Market Insights, Skills, and Salaries
  • Road to Community Summit North America: Artificial Intelligence, Networking Opportunities, Attendee Tips
  • Oracle: We’ll Connect With AWS, SFDC, Everybody!
  • How C3 AI’s Focus on Domain-Specific Generative AI Is a Key Differentiator

  • 2X a week
  • Analyst Videos & Articles
  • Exclusive Digital Business Content
This field is for validation purposes and should be left unchanged.
Most Popular Guidebooks

The State of Process Mining 2023: Unlocking Efficiency and Driving Customer Satisfaction

July 31, 2023

How Workday Creates Agile Monetization Opportunities for CFOs

June 21, 2023

Why & How to Create a Zero-Trust Framework

June 12, 2023

The Ethical and Workforce Impacts of Generative AI

May 26, 2023

Advertisement
Acceleration Economy
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Advertising Opportunities
  • Do not sell my information
© 2023 Acceleration Economy.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.