Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 1 October, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Going Beyond Usernames and Passwords

by The Gurus
January 8, 2016
in This Week's Gurus
Share on FacebookShare on Twitter

Going Beyond Usernames and Passwords
Phil Turner, VP EMEA, Okta 
As businesses increase their usage of cloud applications and services, security concerns are rapidly taking centre stage within IT departments. Today’s organisations not only have to maintain visibility over who has access to what in a time when more and more employees use phones and tablets to access both personal and work related information; they also have to protect a mix of on premises and cloud applications, most of which leverage their own identity store and security model to secure sensitive data, making it difficult for IT to enforce uniform control policies.
Subject to the significant security threat posed by users themselves — who tend to either use the same insecure password across all personal and professional channels, or leave passwords written on pieces of paper for all to see — both individuals and large groups of users are vulnerable to password theft. These acts of password theft can result in credentials being sold individually or in bulk on the black market to any criminal organisation that might want them. So how can businesses protect themselves from password breaches? The key is to efficiently manage the roles and access of individual network users within an enterprise — and supplement the insecure username and password with strong and easy-to-use second factors.
The danger behind passwords
Traditional web applications are protected with single-factor authentication: a username and password. In addition to being difficult to remember, these credentials leave sensitive data and applications vulnerable to a variety of attacks. Hackers are using increasingly widespread and sophisticated techniques to steal passwords to consumer, banking, and enterprise applications. Companies of all sizes, including the likes of Sony and Thomson have previously been at risk.
While individuals are more vulnerable to password theft via highly targeted phishing attacks, large groups of users can be compromised by an attack on a specific vendor holding their credentials. The effect of a stolen password is magnified by the fact that users frequently reuse passwords across multiple applications. This means that a stolen Facebook or Financial Times password may compromise users’ Salesforce.com or Active Directory accounts.
As enterprises adopt more cloud applications, addressing this threat will become increasingly critical. Unlike older on-premises applications, cloud applications are accessible to anyone on the public Internet. And while enterprise cloud software vendors like Salesforce.com and Workday go to considerable measures to ensure they run a highly available and secure service, their login screens are equally as available to attackers as to legitimate users.
What’s more, today’s cloud applications do not easily integrate with existing enterprise products used to monitor dangerous security events, which can make password breaches of enterprise cloud apps difficult if not impossible for most IT organisations to detect.
Enter Multifactor Authentication
Due to increased breaches, over the past two years businesses have begun to adopt new security standards that meet current enterprise needs.
To allow users to login to their applications, organisations typically leveraged one-factor authentication — a username and password — and verification like a security question to protect their applications. However, today a growing number of businesses are implementing multifactor authentication (MFA) to protect against the range of attacks that rely on stealing user credentials.
This highly secure authentication mechanism involves the use of  two or more different types of authentication — such as a password plus a temporary key which is sent to a user’s phone, dongle, email address, or app to ensure users are who they say they are, reducing the risk of unauthorised access.
Using single-use, expiring tokens to exchange authentication and authorisation data between a trusted identity provider and an application, MFA eliminates the need for people using the service to remember their usernames and passwords. With MFA in place, even if a user’s password is stolen, the account is safe from unauthorised access.
Supplementing the password
Adding MFA one app at a time is simply not practical, as it would require administrators and users to juggle dozens of factor types across as many applications. What organisations need is a unified access gateway that applies equally to VPNs and on-premises and cloud based applications.
While traditionally, MFA solutions were purpose built for large enterprises, the cloud is democratising its use for companies of all sizes, so that smaller companies can benefit from this technology as well.
Businesses can choose from a variety of second factor options, balancing the needs of their user base, the sensitivity of the applications they are protecting, and overall ease of use. While some enterprises may choose to use security questions as an added form of protection, others may implement a text message option which will work with any SMS-enabled cell phone. Additionally, other companies may opt for a “soft token”— an app that is installed in smartphones which generates a single use six-digit number, which users can use to access protected resources.
With companies of all sizes going digital, the number of applications, access points and user types within organisations will continue to grow and diversify, creating an increasingly urgent need to gain visibility and control whilst also simplifying user access to cloud systems.
For any organisation looking to maintain control of their applications and data, having a holistic understanding of the network and its surroundings is imperative. By adopting services such as MFA, businesses can reduce concerns over visibility of users, devices and applications and realise the real benefits from operating in a cloud-first environment, giving employees access to the apps they need, when and where they want them.

FacebookTweetLinkedIn
ShareTweet
Previous Post

Ukraine power outages blamed on “hackers and malware” – the lessons to learn

Next Post

Online shoppers are unforgiving – once they’ve gone, they’ve gone for good

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information