In today’s world where much of a business’ data is stored in the cloud, we must be aware of the regular drumbeat of reports about phished accounts or leaked sensitive data. Passwords are the front-door to cloud environments, but are typically insecure, easily replicated and attacked, and is an easy vector for hackers to try and breach an organisations security. Combined with Zero Trust, these solutions can form an extremely secure, but flexible way to provide access to your network and its data. Multi-factor Authentication (MFA) combine several forms of authentication like one-time passwords, fingerprint scans, or face scans together, and contributes to the increase in security as these additional factors aren’t something that’s easy for a potential attacker to obtain, guess or duplicate. An MFA solution is an extremely effective way to mitigate the risk of identity related security breaches, and MOQdigital can help simplify both the configuration, efficacy and success of ensuring a successful deployment to users within an organisation to not only address the risk but to also improve the user login experience.
Deploying MFA at scale is not always straightforward, and without the right expertise from a knowledgeable partner, it’s easy to leave gaps in the security policy, frustrate users and prolong the rollout. Before you start on the technical deployment, remember that delivering MFA across a business is a job for the entire organization, from the IT departments to HR, Marketing, Sales and beyond. It must support all the business applications, systems, networks, and processes without affecting workflow.
Prioritise your systems for the stages of deployment
Start by looking at how users access systems, where the most risk exists, and where optimisations in sign-in processes can be achieved through the use of MFA and Single Sign-On (SSO). Identify high-risk users and focus deployment efforts on users and roles where a compromise would lead to increased financial loss, disruption to business or a higher-level of embarrassment.
Find networks and systems where deploying MFA will take more work and especially on discovering vulnerable apps that don’t support anything except passwords because they use legacy or basic authentication (these will need a different approach to security). Be prepared to choose which applications to prioritise, and to create an inventory of applications and networks (including remote access options) for the continual rollout of MFA. Use this inventory whilst understanding the risk to your business, and plan to roll out a pilot deployment of MFA to high value groups —which includes employees from across the business who require different levels of security access—so your final MFA deployment is optimized for mainstream employees without hampering the productivity of those working with more sensitive information.
Awareness and Training
When deploying MFA, or any security solution, the human element is often the most overlooked. It’s important for users to understand that MFA is there to support and protect their accounts, whilst improving their ability to operate in the current pandemic affected world. The security of data, along with the networks from where users connect, identity and the device itself, will form the principles of Zero Trust Networking, and combine to both increase security but to also provide a granular level of control which can improve the user experience.
Focus on informing your users as to how it will work, explaining why you’re making this change, and providing clear instructions, documentation and avenues to support in the event of an issue with the solution.
Monitoring your deployment
As your MFA solution is deployed, continually monitor and review the rollout to minimise any impact it has on both security and productivity and be prepared to make the necessary changes to make it successful. Security metrics like failed login attempts, blocked credential phishing attempts and privilege escalations are excellent metrics to measure the success of your MFA solution, but also raise any concerns with the deployment before it becomes a limitation for the users. MFA and Zero Trust is an extremely effective step you can take to improve both the security of your business but to also improve the ways in which users operate.
The MOQdigital offer
MOQdigital can help improve the cyber security posture of your business by helping you achieve more with your technology investment, providing all-inclusive security advisory, deployment, and ongoing support to your instance, at a level that suits your business. If you would like to learn more about Multi-factor Authentication and how you can secure your business, please contact us today.