Chances are your organization uses cloud applications like Microsoft Office 365, Salesforce and Workday every day. And chances are also that the cloud applications you count on are primarily password-protected. At a time when 81 percent of hacking-related data breaches are password-related, that’s cause for concern about the security of your data in those apps. And if the cloud apps and platforms you count on all have different access policies and password requirements, as they often do, that’s even more reason to be concerned.
Adding Multi-Factor Authentication Can Reduce Risk…
An important step you can take to reduce the access risk associated with password-protected cloud apps is to bolster that protection by adding multi-factor authentication to the access environment. A multi-factor authentication solution that’s applied across all your organization’s cloud applications makes access more secure in two key ways: It adds another means of authentication by challenging users to prove they are who they say they are, and it provides IT security teams with broad visibility into access across multiple applications.
…and Increase Convenience
A multi-factor authentication solution that works across multiple apps, both in the cloud and on-premises, provides another benefit in addition to boosting security; it makes it more convenient for users to access applications and for admins to manage them. Regardless of which resource— VPN, email, HR tools, and so forth—the same authentication process applies, so there’s no need to adapt to a different mechanism for every application. And managing cloud application security is also easier when there’s just one multi-factor authentication solution to manage regardless of the number of applications.
Using a Risk-Based Approach Further Balances Security and Convenience
A risk-based approach to multi-factor authentication uses data analytics to decide whether to challenge a user for further authentication of identity, taking into account factors such as business context, user location, device and IP address. The system can request additional authentication if the analytics suggest a high-risk access attempt—or simply let the user in if it doesn’t.
What defines a high-risk access attempt? Examples include logging in on an unrecognized device or from an improbable location, or attempting to access a highly-sensitive resource for the first time. Conversely, a low-risk access attempt may be identified by the absence of such factors—a user seeking authentication from the same device and location as always, and seeking access to a relatively low-risk application. When the latter happens, the solution should recognize that the user’s behavior poses little risk and not require additional authentication.
Not all multi-factor authentication solutions can offer a risk-based approach. Such an approach requires a combination of sophisticated data analytics, machine learning, and the ability to recognize context. It’s a combination that’s well worth seeking out if you want secure access that offers robust protection for IT and convenient access for users.
Learn more about transforming secure access to meet today’s challenges by signing up for the RSA five-webinar series Access Transformation in Action, continuing through July 25 and available on demand after that date.