Cloud-based platforms, accessible over the internet, have become essential business tools deployed by enterprises worldwide. While internet accessibility is one of their major attractions, organisations need to ensure that they implement stringent security measures so that only authorised users have access to online accounts. The key to achieving this is through authentication.
Cloud authentication – an overview
Authentication is a process that validates the identity of anyone logging in to a cloud-based account, ensuring that the person is the genuine account holder. Authentication software does this by cross-referencing the information inputted by the user during the login, such as the username, password, passcode and answers to secret questions, and then cross-referencing these with data held on the server. If there is a match, the user is granted access. If not, access is denied.
Besides people, enterprises sometimes require applications to access their cloud-based platforms. These might be apps that carry out essential functions like scheduled backups, automated software updates and remote monitoring. As with people, it’s just as crucial that any app attempting to access your platform is authorised to do so and is not malware attempting to hack in. Rather than usernames and passwords, authentication for applications is usually achieved through the use of APIs and digital certificates. Again, the data provided by an API or digital certificate needs to correspond with that on the server for authentication to take place.
Why authentication is important
In an age where enterprises store huge amounts of data, much of which is personal or financial, it is vital that they strictly control who has access to their platform. Failure to keep data secure can have significant consequences. Under GDPR, for example, a data breach can result in fines of up to €40 million or 4% of global, annual revenue – whichever is the greatest. In addition, there are the consequences of class action lawsuits, reputational damage, intellectual property theft, financial theft, operational downtime, system ransom and more. And this is just the impact of a cybercriminal attack. There are also many state-backed cyber-terrorists whose aim is to cause disruption and do so by targeting the cloud platforms of key businesses and organisations, national infrastructure and government.
Without implementing stringent authentication protocols, any organisation’s cloud platform is vulnerable and with enterprises moving more operations online and giving access to more employees and customers, there is increasing urgency to find the most secure solutions.
Balancing authentication with user-friendliness
Security and user-friendliness often pull in opposite directions. Users want the login process to be quick and easy, whereas security protocols slow the process down, often with difficult actions involving complex, hard to remember, login credentials. Enterprises will need to balance authentication with user-friendliness so that they can keep users happy while ensuring online accounts remain secure.
There are several processes enterprises can use to authenticate users, however, not all of them are suitable for all platforms. Here are some of the main ones.
To enable users to access cloud platforms, many enterprises use the traditional username and password form of authentication. For this system to remain secure, however, the user has to ensure that the password remains private.
While this can be a very user-friendly way to login, especially as many devices will store passwords and input them using autofill, the process does have its weaknesses. Users often use the same login credentials for multiple online accounts and this means if a hacker gets hold of one username and password, they can access a range of that individual’s accounts.
What makes this particularly worrying is that there are various ways in which a hacker can get hold of login details. This can be done by phishing scams, the purchase of stolen username and password databases from the black market and by the use of sophisticated password cracking software.
It doesn’t help that the majority of usernames are linked to an individual’s real identity and that not everyone chooses to use a strong password, preferring those which are easier to remember and which can be cracked in a relatively short time.
For these reasons, authentication using the traditional password and username combination is not recommended – especially for accounts where personal or financial data is stored.
Two-factor and multi-factor authentication
Security can be significantly increased by requiring additional information from users during the authentication process. These pieces of information are known as authentication factors and include the following types:
- Location: where GPS location data from a phone or computer verifies where the user is when logging in.
- Knowledge: where users have to input information such as a PIN, date of birth or the answer to a secret question.
- Possession: where users input a security code received via their registered mobile phone, email address or via a card reader.
- Biometric: where fingerprints, retina scans or facial recognition is used to verify the identity of the user.
Asking for one additional piece of information is known as two-factor authentication. Asking for several additional pieces of identification is known as multi-factor authentication.
The term ‘strong authentication’ is given to verification methods that are considered rigorous enough to guarantee platform security. What is regarded as strong, however, depends upon the organisation and the type of data its platform stores.
While two-factor authentication is considered adequate by many organisations, especially when they require biometric data or codes sent to mobile phones in the individual’s possession, others, like banks and healthcare institutions, often demand multi-factor authentication because of the nature of their operations and the sensitivity of the data they hold.
Simple username-password authentication is no longer seen as adequate security for cloud-based platforms as it presents too many vulnerabilities for cybercriminals to exploit. Today, increasing numbers of organisations are using much more stringent two-factor and multi-factor authentication methods to protect their systems. These strong authentication methods are available on all types of cloud network, public, private and hybrid, and all enterprises should seriously consider the value of implementing them.
For information about our enterprise-level cloud solutions, visit hyperslice.com