One of the most fundamental cybersecurity practices required by any business is to implement policies and tools that limit access to corporate systems and information - restricting who has access, to what, and by using what means of authentication they’ll require. Businesses are frequently turning to multi-factor authentication (MFA) for its added protection over traditional authentication methods.
Multi-factor Authentication adds layers of defense
Traditional user ID and password logins are easily compromised, as they’re often stored or saved in an unprotected manner. Additionally, they can be subverted by tools like brute-force attacks, for example, which use automated password cracking tools to guess various combinations of usernames and passwords until they gain access.
The goal of MFA is to harden access by creating a layered defense that makes it more difficult for an unauthorized person to access your endpoints, cloud, network or databases. If one factor is compromised or broken, the adversary still has at least one or more barriers to breach before successfully breaching its target.
What type of MFA do you need?
When it comes down to it, businesses may have to implement more than one type of MFA since many businesses operate in a hybrid environment where some of their stored data and systems, and access to it, is stored locally, and some is hosted in the cloud. For companies using with all systems and data on-site, and using an Active Directory (AD) domain, using digital certificates, like tokens, fobs, or usbs, is an effective way to incorporate MFA. For cloud environments, Out-of-Band (OAB) MFA solutions, like one-time passwords, have to be considered for those environments. A hybrid approach requires both forms.
However, determining MFA technology comes down to two things: 1) knowing WHAT your Controlled Unclassified Information (CUI) is; and 2) knowing WHERE your CUI is stored, transmitted and processed so you can partition it from non-CUI data, which simplifies compliance scope.
For insight into which applications should have multi-factor authentication and the importance of multi-factor authentication to compliance, download our threat insight report!