Microsoft Office 365, Salesforce, Workday: These and other applications in the cloud have become so commonplace that it's hard to imagine an organization that doesn't rely on them daily. They're great for operating efficiently and keeping costs manageable, but what about the security implications? Considering that the most widely used SaaS apps are the ones that contain a company's most sensitive data, it's an important question. After all, it's hard to rest easy when the only thing standing between your company's critical information and a cyber attack is a username and password.
At a time when 81 percent of hacking-related data breaches are password-related, the seriousness of the threat posed by password-protected SaaS apps is clear. The more of these apps an organization relies on, the bigger the problem—especially if all the cloud apps and platforms in play have different access policies and password requirements, as is often the case. Thus, the inherent risk associated with password-based security grows as the use of cloud apps grows. And it's definitely growing: The market for SaaS applications is forecast to be worth $117.1 billion by 2021, nearly double its estimated value in 2018.
An important step you can take to rein in the risk is to add multi-factor authentication (MFA) to the access environment to prevent your organization from leaning so heavily on passwords for cloud application access. Multi-factor authentication applied across a growing number of cloud applications makes access more secure, not only because it adds another means of authenticating users, but also because it can provide security teams with broad visibility into access across multiple applications.
Which brings up another important benefit of multi-factor authentication working across multiple solutions—a benefit that applies to both admins and users: convenience. Having just one solution, no matter how many applications, makes managing cloud application security easier for admins, as well as making cloud applications easier for users to access.
Additionally, a multi-factor authentication solution that uses a risk-based approach to authentication can balance security and convenience to the benefit of both security teams and everyday users. Look for a solution capable of discerning when access risk is high, and responding accordingly by requiring the user to step up to another authentication factor—or by not requiring it when access risk is low.
For instance, if a user attempts to authenticate from a device she's never been associated with before, or from an unfamiliar location, the solution should be able to detect this anomaly and ask for additional authentication—especially if she's attempting to access a particularly critical resource in the cloud. If, on the other hand, she's authenticating from the same device and location she signs in from every morning, and seeking access to a relatively low-risk application, the solution should be able to recognize her behavior and not require additional authentication.
Risk-based authentication requires a combination of sophisticated data analytics, machine learning and context recognition capabilities not every multi-factor authentication solution offers. Having one that does can move your organization toward access that's both more secure and more convenient.
This is the second in a series of posts about transforming secure access in five key areas to address today's changing access landscape. To learn more about transforming secure access in other key areas, watch this space for future posts exploring the rest of the five areas in depth. And in the meantime, sign up for the RSA webinar series Access Transformation in Action.