As enterprises adopt cloud applications, users are plagued with password fatigue–the never-ending burden of creating and maintaining separate identities and passwords for the multiple cloud and web apps they need to access on a daily basis. Adding to the frustration and downtime, when accessing certain resources, users are also required to validate their identities with strong multi-factor authentication, slowing down the access journey even further.
To offer the most frictionless experience possible without sacrificing security, organizations can leverage cloud single sign-on (cloud SSO) combined with contextual information and step-up authentication. This lets users access all their cloud and web applications with a single identity and password, and lets IT require stronger access security only in high risk situations. In fact, cloud access management solutions have emerged, providing organizations with the ability to set flexible access policies that include:
- Single Sign On
- Granular access policies
- Context-based Authentication
- Session management
Cloud single sign-on enables users to access all their cloud and web applications using a single identity–a single username and password set. So instead of maintaining 10 or 20 passwords, users can maintain just one! Cloud SSO removes the need to re-authenticate separately to each cloud application, allowing users to easily move from one cloud app to another.
That said, cloud security is still inherently complex, so we would breakdown some simple steps to leverage the cloud safely and securely.
Multifactor authentication (MFA) is one of the most concrete guards against cloud-based security risks and, where supported by the cloud application provider, should be implemented immediately. While MFA is not a new technology, the simplicity and ubiquity of smartphones has made MFA a seamless extension of the user access protocol. Long gone are the days where a user has to carry a randomizing FOB that must be replaced, has battery challenges and requires server-side management to keep up to date and integrated with the company account management policy. Today, anyone with a smartphone has the MFA client and basically ready to comply with a fundamentally sound security and cloud access policy.
Ensure Internal Systems Management
Large cloud providers invest extraordinary resources to protect themselves and their clients from cybercriminals. The reality is that cyberattackers are not going to attack the most hardened resources when they are clearly aware that the easiest path of entry is through the small- to mid-size business. Consequently, it is just important that you are keeping a close watch on internal technology systems and controls as that is most likely the least secure point of entry on your way to the cloud. In addition, many cloud implementations still incorporate private VPNs to allow direct and controlled network access, so the importance of the following basic systems management disciplines are critical:
- 100 percent internal device management
- 100 percent patch management (PCs, servers, network devices, etc.)
- Storage management
- Network access control
- Managed security
- SIEM tool
- Web filtering
- DNS filtering
While this may seem like a daunting list of items, chances are you have some form of these for cloud security either in a managed services relationship or internal tool set you already own. The key is discipline in management and metrics/reporting of either the provider, or the internal IT team.
The velocity of technological change combined with the evolution of threat vectors simply forces us to train our users to keep a keen eye out for anomalies, particularly when dealing with external or cloud systems. User training is a simple, reasonably cost-effective way to breakdown and educate our workforce on modern security risks. While none of these items are silver bullets for eliminating cloud computing risk, they take large strides in mitigating the risk associated with the cloud. The cloud offers a wealth of benefits and when delivered and used appropriately, can offer the same or better security protections than a local computing environment. However, there are appropriate safeguards and measures that shou