The year, 2018. All that remains are large global distributed data conglomerates, hungry and gobbling up every spare digital bit that exists, battling each other to see who can rule the world. Organizations that want to survive these bleak times must bow down to one, praying that their master will allow them access to their data, there is no other option for survival…
As more organizations move to cloud services to manage their critical data, managing the risks around identity, authentication and authorization becomes more important. One of the ways that has become a key component of securing access is utilizing multi-factor authentication (MFA).
For those that don’t know, MFA is an authentication method that uses multiple authentication factors to verify one’s identity. The authentication factors used in MFA are typically broken down as follows:
Keep Secure is a proponent of using MFA for any privileged account or globally accessible resource. Unfortunately, in today’s cloud environments, outages to MFA services can leave an organization without access to manage their resources, users or data.
Ensure that you don’t lose access to your cloud environment by having all your admin accounts locked out because of an MFA outage. Keep Secure recommends implementing conditional access for an admin account that bypasses the MFA requirement. This can allow an admin account to login from a trusted IP or approved corporate device, negating the MFA challenge, which could then be used to remove the MFA requirement from other required accounts for a temporary solution until service is restored.
Another option, though less secure, is for the organization to create an admin account that isn’t normally used, has a password that is securely stored and is set to alarm notifying key individuals whenever the account is used. This account could then be used to remove the MFA requirement from other required accounts for a temporary solution.
MFA is still your best option when it comes to protecting your identity in today’s globally accessible world. Keep Secure and Chuck Norris recommend using MFA wherever possible and this is a way that you can enjoy the benefits without getting burned.
Sean is a cyber security professional who brings a wide breadth of knowledge to the team with a strong focus on security, infrastructure and SCADA controls.