Tag: remote work

27 Apr 2020

Multi-Factor Authentication Is Redefining Digital Business

Why risk everything on someone’s poor password habits? Multi-Factor Authentication (MFA) is quickly becoming the new norm for verifying people are who they say they are before granting access to digital assets.

Yet there remains a certain reluctance to implement MFA on account of its supposed detrimental impact on the user experience. But MFA has come a long way from its clunky beginnings two decades ago – making it easy for everyone except attackers.

Easy to use

When people think of MFA, they usually think of the authentication system in its most extreme form – requiring a combination of disconnected physical tokens, location-based factors or USB keys which must always be carried on your person. Some of these more-severe MFA systems are designed to be difficult so that organizations can be sure, without a doubt, that users requesting access are who they say they are. While these factors are still used at organizations requiring more robust security protocols for their digital access points, today there are frictionless factors available for a streamlined user experience.

An organizational portal, for example, designed to grant access to sensitive communications, can be set up to require as password for a first factor and a Time-Based One-Time Password (TOTP) – a single-use, soft-token and time-stamped random code – issued from a third-party SaaS app installed on the user’s mobile device as a second factor before access is granted. With the app-issued TOTP, an additional authenticating factor is added with little change to the user experience.

Hard to compromise

A password is only as strong as it is complex – and even the most complex password can be cracked. But people are notorious for choosing weak passwords, reusing old ones, and even using the same passwords for multiple points of access regardless of sensitivity. According to Verizon, 81 per cent of breaches in 2017 were due to weak or stolen passwords. By asking for additional factors of authentication, MFA ensures that even if a weak password is compromised, access is still denied.

In this way, MFA also acts as an effective deterrent to malicious actors. Consider, for example, that half a per cent of Azure Active Directory accounts used by Office 365 are compromised every month – that amounts to a yearly total of 600 compromised users at an enterprise composed of 10,000 accounts. Gartner says an organization which adopts MFA can see a figure like this drop 50 per cent by the end of 2020.

Works well with others: the case of Maersk

Large enterprises undergoing digital transformations are investing in cloud-based SaaS providers to help them bridge gaps in their massive tech stacks. Take Maersk of Denmark, for example, the world’s largest shipping empire, who’s ‘cloud-first’ policy means they outsource tasks and services which are not directly tied in with their product.

Rasmus Hald, Head of Cloud Center of Excellence at A. P. Moller – Maersk, told Computer Weekly, “Why in the world would I run an email system in the year 2019? You might have constraints, like legal requirements [that stop you], but if you don’t, why would you have the hassle of running an email service when you can buy great services off the Internet that probably give you a better service than you would every be able to provide yourself? [Our philosophy at Maersk is to] buy other people’s software as a service and then focus our efforts on building great software for our users, [and] for our customers.”

But with more third-party connections come more opportunities for malicious agents to gain access to organizational networks. This is what makes MFA such an important feature to look for when choosing a SaaS partnership. If MFA mechanisms are in-place, then a higher degree of security can help mitigate any authorization vulnerabilities outweighing the benefits of the service provided.

Perimeterless

Digital transformations enable organizations to be available anywhere and anytime to better serve customer bases across the planet. For an organizational leader, this customer-centric digital world is good for business. But for someone in charge of internal organizational IT infrastructure, a fully digital connected cloud-based environment, where sensitive data is flowing, SaaS providers are plugged in and users are mobile, can be a nightmare without help – especially for sensitive processes like authentication.

MFA can help an organization prepare itself for perimeterless cybersecurity postures in a zero-trust world – where every user needs to be vetted before access is granted. Gartner says, as digital organizations continue their digital transformations, they are going to begin relying less on traditional digital security tools, like VPNs, firewalls and hardware, and focus more budget on securing users outside their digital environment. With its ability to authenticate users more accurately according to various digital factors, MFA is going to play an important role in perimeterless security solutions.

By Alex Loo, VP Operations at Echoworx

24 Apr 2020

Spotlight on Email Security

People transitioned to remote work overnight, sending information like bids, intellectual property, medical records and personal customer data all through their emails. Protecting this data is vital.

You’re doing a great job protecting against inbound email attacks (spam, phishing, malware) but what about the email leaving your organization? Here are five of the most important factors to consider when looking for more ways to protect data being sent through emails:

1. Easy to use

Can a person easily send secure email without any extra steps? Sending an email is a behavior all of us do automatically; introducing encryption shouldn’t hinder this process. Likewise, the person receiving it should easily be able to open the encrypted email. Good solutions will take these behaviors into account and keep them quick and efficient. Organizations can easily adopt encryption as long as their workflow doesn’t change.

2. Easy to send

Does the solution support multiple delivery methods? If you’re communicating with other businesses, they may have an encryption method already set up. Your solution should support multiple delivery methods, like TLS, PGP and third party S/MIME to take advantage of this. A good solution should also support delivery methods that make it easy for anybody to pick up messages, through encrypted PDF/ZIP or a secure web and mobile web portal. Enterprise administrators should be able to select the delivery methods that best meet their business needs.

3. Easy to access

As organizations are increasingly adopting cloud based solutions, shouldn’t your encryption decision follow the same strategy? Can the solution run completely in the cloud, so you don’t have to run any software or hardware on premise? Cloud implementations save you deployment time and resources, and allow the encryption solution to grow with the company.

4. Easy to automate

Does the solution allow you to easily set scanning policies to inspect email subject lines, body, attachments, and take action accordingly? You may only want to encrypt emails that contain certain keywords or regular expressions like credit card numbers or other customer information. A good solution will use a robust policy engine to allow you to create and edit policies to determine what should be encrypted and how.

5. Easy to get approval for

Is the solution easy to integrate and manage across the organization? Can it adapt to your changing policy and regulatory requirements without impacting everyone? You can never predict where a security leak will come from. A cost effective solution will be adaptive and scalable to meet a wide spectrum of business requirements; protecting all sensitive information from going out in the clear, not just executives or specific departments.

It’s time we all get serious about securing email.

By Jacob Ginsberg, Senior Director Market Intelligence at Echoworx