<img alt="" src="https://secure.norm0care.com/164647.png" style="display:none;">
Breaking News: Onegini and iWelcome are now OneWelcome | READ PRESS RELEASE  

IDaaS & MFA: how they protect Cloud Identities together

Elena Leu
October 29, 2019 at 1:20 PM

Identity & Access Management policies date back to the pre-digital era, when physical information used to be guarded by perimeter protocols and restrictions. These ensured that assets would only be accessed, viewed and handled after passing all restrictions, usually in the form of guards, restricted areas, badges or copy limitations.
As organisations started adopting digital processes, IAM shifted from a purely physical form to a set of processes assigning digital access rights to people within their internal network and servers. This led to the transformation of the perimeter as well, to a digital one, which focused on firewalls, VPNs and passwords.

Nowadays, along with digital transformation, adoption of Cloud technologies and increase in mobility, enterprise data is going through an unprecedented decentralisation process. All this Cloud revolution poses new challenges to businesses that used to only use legacy systems. As employees and consumers become more tech-savvy, IT admins must reconsider their IAM strategy and shift towards an identity-focused framework.

IDaaS as the guardian of Cloud identities

Identity-as-a-Service (IDaaS) is a response to organisations’ need to use Cloud technologies for their speed and reliability. Where traditional IAM failed, IDaaS has the answer and is showing great promise.

The first milestone that IDaaS has seen in its evolution was the development of Single Sign-On (SSO) for Cloud-based applications in 2011. It was a fantastic solution that solved the problem of authenticating users to multiple applications, over multiple devices.

The next challenge encountered by Identity-as-a-Service was finding a way to on-board and off-board users of Cloud applications. Once again, IDaaS delivered.

However, the greatest challenge of all, access governance, is still unravelling, as increasingly complex collaboration environments are needed. Privileged insider access and third party vendors are giving organisations a hard time on figuring out ways to grant them the access they need while maintaining the company’s security intact. An organisation’s network is accessed by third-party vendors on an average of 181 times a week.

58% of businesses responding to a survey believe they might have suffered a data breach due to third party vendor access, while 64% said that at least one breach was caused by employees’ privileged access. The conclusion we might draw from these examples is that companies must control, manage and monitor privileged access in order to mitigate the risk of malicious access.

As two-thirds of all employees use a personal device at their job and 87% of organisations depend on their employees’ availability to use their own devices to access business apps, it is clear that the perimeter approach to security is now obsolete.

Making sure that “the right individuals” are able to access “the right resources at the right time for the right reasons” is in itself the definition of Identity & Access Management. And the “right individuals” begins with authentication. As IDaaS brought innovation to companies, acting as both a gatekeeper and an enabler of growth, authentication is doing the same thing. Although password-based authentication systems continue to be the most widespread, passwords have proven their vulnerabilities over time and are slowly but surely replaced by more secure alternatives.

Authentication is the front door to any Identity & Access Management system. You wouldn’t want your front door to be easy to open by strangers, would you?

MFA as the guardian of IDaaS

Alfred Marshall’s theory on supply and demand states that an increase in demand leads to an increase in supply, creating a market equilibrium. This theory stands strong when it comes to security and technology as well: an increase in data breaches leads to an increase in security mechanisms.

Multi-factor authentication (MFA) came as a response to the growing need for securing the increasing attack surface triggered by digital transformation. The MFA market is in full development and is expected to reach $17.76 Billion by 2025, empowered by Cloud services, BYOD and growing security regulations.

By using a combination of independent credentials instead of the simple password, organisations are now able to protect sensitive information and meet their security goals.

Let’s have a look at what these credentials (factors) mean:

  • What you know
    The first authentication factor is represented by something that the user knows. It consists of information, and may be a username, PIN, password, or simply a response to a question.

  • What you have
    The second factor in MFA is a physical device that the user possesses and that acts as a medium for performing the authentication. It might be a smartphone linked to an IAM system or a hard token used to auto-generate time-based one-time passwords (TOTPs).

  • What you are
    Last but not least, the final frontier of a successful authentication is a relatively recent one, biometrics. Users’ fingerprint, retina, facial features or their way of typing are all biological markers that can be used as a powerful method of protecting their identity within an access management system.

It comes as no surprise that Multi-factor authentication strengthens the security of any IDaaS platform by strengthening the way of verifying a user’s identity, hence diminishing the likelihood of unauthorised access. If properly implemented, MFA can complement an organisation’s IAM system in the following ways:

  • Provide a risk-based approach
    Not all users pose the same level of risk to company data. While admin users often have access to significantly more information and require more account security, guests may only require a password to get in. Multi-factor authentication is a secure alternative for high-risk identities such as admins.

  • Enable authentication flexibility
    Organisations can decide how many and what authentication factors to use according to their security needs and objectives.

  • Can eliminate passwords
    We all know that humans are the weakest link in security. This is partially caused by weak passwords or password reuse. By leveraging MFA’s passwordless capabilities, businesses are able to step up their security by eliminating passwords, while relieving users from their burden.

  • Frictionless security
    Even though getting users on-board with a stronger login mechanism may require some time, once they’re in, they’ll be able to benefit from frictionless, user convenient security.

As the value of personal data is increasing, stricter privacy regulations are emerging and mobility becomes part of business operations, businesses worldwide are turning their attention to more sophisticated ways of securing their digital environments and protecting identities. Multi-factor authentication keeps proving its value in complementing Identity-as-a-Service systems from both the security point of view and as far as user convenience goes.

Feel free to repost this blog on your website or social channels! But when you do so, please be so kind as to mention the source and give us a notice via marketing@iwelcome.com.

Subscribe by Email

No Comments Yet

Let us know what you think