We are comprehensive cloud management for modern enterprises, services providers, and the public sector.
Everything you need to manage and allocate costs, optimize spending, and save money.
Unified secure configuration, activity monitoring, and IAM tracking for the public cloud.
Give financial operations a complete picture of IT costs across hybrid cloud infrastructure.
The next step in cloud security—ensure your cloud infrastructure is audit-ready for 35 regulatory standards.
Built to optimize the best features of the major cloud providers in a single pane of glass.
With an integrated ecosystem carefully chosen for your success.
Our technology partners amplify the advantages of the cloud.
Total visibility cloud management.
Advanced security for regulated industries.
FedRAMP Ready cloud management.
Multi-Factor Authentication, or MFA, is the requirement that users bring something tangible with them, in addition to knowing a password, when trying to login. The security concept is called “Bring Something, Know Something.” Futuristic examples include retina scanning or even DNA blood sampling, but there are more practical ways to perform MFA.
MFA is an important security tool because logins and passwords are easily found on the dark web.
The physical device requirement could be as simple as a pre-authorized mobile phone that can receive a text. It could be a smartphone or smartwatch running a synchronized app. Multi-factor authentication solutions can be achieved by a proprietary keychain-size device that generates a unique token or a USB key that needs to be inserted into the computer a user wishes to login to. Insistence on requiring such a physical device, in addition to entering a password, decreases the likelihood that a hacker could log in remotely equipped only with the correct username and password.
MFA is an important security tool because logins and passwords are easily found on the dark web. Additionally, computing power has accelerated to the point where “brute force” techniques have become practical, enabling hackers to use a computer to programmatically guess passwords. In situations when MFA is required, simply knowing the password is almost useless without having access to the associated physical device.
Similarly, MFA is not a substitute for complex passwords. A smart combination would be MFA plus passwords that are longer, more complex, harder-to-guess and are unique to each login platform. Any breach would be isolated and the damage could be mitigated.
MFA is not unique to Amazon Web Services (AWS) or any of the other cloud vendors. Microsoft Azure, Google Cloud, other public clouds, and even on-premise data centers can all benefit from multi-factor authentication. Cloud administrators must know their role and do their part in the Shared Responsibility Model: The cloud vendors are responsible for the security of the cloud and the customer is responsible for security in the cloud. That applies to passwords in general and MFA in particular, as Identity and Access Management (IAM) falls within the domain of the customer.
The value of MFA is clear. Enterprises should enable MFA for their end users and service providers should encourage their clients to do so as well. With the public cloud’s Shared Responsibility Model, it is incumbent upon each organization, and ultimately each individual, to do their part to secure their resources. A user’s identity is perhaps the most important—and weakest—link in the security chain. Multi-factor authentication can reinforce that link.
Add unified secure configuration, activity monitoring and regulatory compliance to your cloud infrastructure with cloud management by CloudCheckr. CloudCheckr makes tracking IAM and permissions simple by centralizing control and applying best practices. Get started today with a live demo or free, 14-day trial.
Are You Subscribed to the Check List?
Our Best Articles and Insights Direct to Your Inbox
Get What You Need to Succeed—Download our White Papers
Your Role in the Shared Responsibility Model
A Guide to Understanding and Taking Control
Free Webinars Await—See What's Next
Make Your IT Team Your Strongest Security Asset