Beyond the Password: Implementing MFA at Every Connection Point

Aug 02, 2018 | by Tim Norris

Sure, I get it: today, passwords still have a role to play for organizations looking to secure access to applications and other digital resources. But for how much longer? As we discuss in the RSA webinar series Access Transformation in Action, by going beyond the password to add more ways of authenticating, you can make user access to your resources both more convenient and more secure. With increasingly complex access environments, and more points of access than ever before, you have every reason to add multi-factor authentication options (including hard and soft tokens, smartphone-based push to approve, biometrics, SMS and more) wherever users connect to resources. RSA has identified five key areas where you can start to transform secure access by going beyond the password.

1.      Protecting the Cloud Applications Users Rely on Every Day
What would your workforce do without Microsoft Office 365? Salesforce? Workday? Those are just a few of the applications organizations rely on that live in the cloud these days, and the market for these types of apps continues to grow. At the same time, attacks on cloud infrastructures are also growing, making secure access to cloud-based applications more and more important. By integrating multi-factor authentication directly with SaaS applications, you can make it harder to compromise them—while still making it easy for legitimate users to access them. Learn more about this in the RSA webcast on MFA for cloud applications.

2.      Making Sure Privileged-User Resources Are Protected
Privileged accounts are a favorite target for hackers because they provide access to so many of an organization’s most valuable assets. If an attacker finds a way into a privileged account or a privileged access management (PAM) solution that’s used to manage privileged access, access to a wealth of critical applications, data and other digital assets quickly follows. One step you can take to beef up privileged-account security is add multi-factor authentication to your PAM solution—and while you’re at it, implement a strong identity governance solution, too, to reduce risk of compromise or credential abuse. Find out more about why these measures are important and how to undertake them in the RSA webcast on MFA for privileged accounts.

3.      Securing Digital Workspaces at the Point of Access
Digital workspaces, like Workspace ONE from VMware, are often an essential component of digital transformation, enabling organizations to easily deliver any app on any device and to better manage the many apps and devices the workforce uses. But as with other access points in today’s digital environment, balancing security and convenience is critical in the digital workspace. Integrating multi-factor authentication into the digital workspace serves this purpose well. Moreover, choosing a multi-factor authentication solution that can also be applied at other points of access (where you have on-premises applications that aren’t available through the digital workspace, for example) is important to avoid having to invest in multiple point solutions for multi-factor authentication. Learn more from the RSA webcast on MFA for digital workspaces.

4.      Modernizing Secure Access for the VPN
The need to balance security and convenience is perhaps nowhere more obvious than in virtual private network (VPN) access. Where once the VPN was only accessible by a limited population of users, , over time workforce changes have made it necessary for many other kinds of users to access the VPN—remote employees, on- and off-site contractors, and even customers in some cases. You need to make it easy for all those users to connect, but you also need to ensure that their involvement doesn’t create additional risk. For example, if a remote worker logs in using the WiFi at a coffee shop, and their credentials are compromised, multi-factor authentication adds that extra layer of security to keep a bad actor from getting into the VPN. And because all it takes is a mobile push, it’s easy for the user, too. That’s just one way multi-factor authentication provides authentication beyond the typical username-password combination, as described in the RSA webcast on Modernizing MFA for the VPN.

5.      Making Secure Access to Legacy Applications More Practical
When it comes to legacy and custom applications that live on-premises, adding multi-factor authentication directly to the applications themselves isn’t necessarily a practical option. Many of them don’t support authentication protocols like SAML and RADIUS, so they have to be custom-coded, which can be a long, costly proposition. What you can do instead, though, is apply multi-factor authentication with the next-generation firewall to add MFA at the network layer. That way, you have the ability to require additional authentication at the network level, so you can confirm identity and access privileges before access to applications is granted. You can learn more about how it works in the RSA webcast on MFA for legacy and custom applications.

# # #

In addition to watching the webcasts at the links above, visit to learn more about how multi-factor authentication can transform secure access for the modern workforce—and download the RSA e-book Five Ways to Transform Access and Secure the Digital Enterprise.


Author: Tim Norris

Category: RSA Fundamentals, Blog Post

Keywords: Authentication, Multi-Factor Authentication, MFA, Digital Workspace, Access Risk, SaaS Application, RSA SecurID Access, VPN, Privileged Account, Privileged Account Management