In cybersecurity everyone agrees that you should have multi-factor authentication (MFA) in place to reduce the risk of a breach. If you don’t have a way for people on your network to prove they are who they say they are, you’re asking for trouble.
If you’re looking for an MFA provider, it can be tempting to work with vendors that bundle individual services along with MFA for those resources. For example, if you’re using an office suite, it might seem like a good idea to work with that vendor to configure MFA for your users as well.
Although taking this approach might appear convenient, that convenience comes at a significant cost in terms of weakened security, greater complexity, and more confusion for users. In the end, what looks like a bargain comes at far too high a cost.
Who uses only one application?
The biggest problem with relying on single-purpose MFA solutions is that almost no one uses only one application or application suite. Sure, you could work with a vendor that bundles both an office suite and the MFA for that office suite. But will their MFA work with your other applications? And will it work wherever your users need to use it?
With more hybrid workplaces, people are working from multiple locations, yet they need access to their favorite tools and applications no matter where they are. The rise in remote and hybrid work is why more organizations are looking more seriously at the zero-trust security model. Although the concepts behind zero trust have been around for more than a decade, it’s becoming a security staple following recent legislation in the United States tasking organizations to improve the nation’s cybersecurity.
MFA is a cornerstone of zero-trust security because the basic philosophy behind zero trust is that you can’t trust anyone or anything without verification. What that means in practice is that every user must authenticate that they are who they claim to be for every access request.
Ultimately, any organization that plans to implement zero trust needs to have MFA in place first. You need an MFA solution that applies for access to anything from anywhere; it doesn’t make sense to just set up MFA for one application.
Who wants to authenticate multiple times?
If we accept the reality that almost no one uses just one application, the next problem you run into is that now you need multiple security solutions to protect every resource in your IT environment.
Setting up a single-purpose MFA solution for each application or resource is less than ideal. If you think users complain about having multiple passwords, just wait until you tell them that they need to authenticate with multiple MFA solutions multiple times a day, depending on what they want to do. Let’s just say it’s not going to be popular.
Administering all those MFA solutions won’t be a lot of fun either. At best, it would mean that your security team would wind up spending more time configuring and managing multiple MFA solutions. At worst, it would dramatically increase complexity. The more solutions you add, the more complex the environment becomes. And complexity is the enemy of cybersecurity. A bunch of siloed MFA solutions means you’re never going to have decent visibility into exactly who is really on your network.
The high cost of single-purpose
Compromising security in the name of short-term convenience is never a good idea. When you are implementing MFA solutions, you should look at the big picture and how your choice will work over the long term and across your IT environment.
It’s important to select a solution that’s both user friendly and that offers broad coverage across all the applications and services you need, no matter where they are located. If you have some applications that are on-premises and some in the cloud, your solution needs to support it.
Look for an MFA solution that gives users a range of ways to authenticate easily, even when they’re offline. For example, passwordless and biometric options for authentication mean not only decreased cybersecurity risk, since there are no passwords to steal, but also greater user convenience, since there are no passwords to remember.
The solution you select also should have a solid foundation for identity governance. You should be able to tell who has access to what, as well as whether their level of access reflects what is required to do their job. Defining user roles will bring organizations closer to zero trust; it reduces over-entitlements and means that security teams only give users access to the resources they need to do their jobs and nothing more.
RSA Identity Management
RSA offers range of choices for how to authenticate, with hardware, software, and mobile options to deliver the same level of secure, convenient access to remote or on-site users in the cloud or on-premises working on any technology platform.
Our modern authentication methods including FIDO, push-to-approve, biometrics (fingerprint or facial recognition), “bring your own authenticator,” and hardware tokens that represent the gold standard in authentication.
Our centralized platform to simplify authentication and credential management includes unified identities, access points, and applications to ensure a consistent approach. You can build out rules and risk evaluations to lay the groundwork for dynamic management of access and authorization to applications, which simplifies processes for both granting access and requesting it.
Learn more about how RSA MFA provides secure access to all your critical resources on-premises and in the cloud, reduces administrative burdens, and brings organizations closer to zero trust.