Another day – another major Cyber incident. Hot on the heels of Dropbox’s report of the loss of 68 million passwords back in 2012, Yahoo has now admitted losing 500 million users credentials in 2014.
The question is, should I worry about impact to my business?
Consider this:
We all typically use our favourite passwords for a number of systems, both for private and business applications. As an example, a Yahoo or Dropbox user who has been using a ‘standard’ password on multiple systems for years is now posing a security risk to business applications because the user’s credentials have been in wrong hands for years. Standard advice is to change password, but not everyone will be aware – and who knows who else are being breached? Note that it took Dropbox four years and Yahoo two years to report.
How can Cloud help?
A key criterion for verifying a good Cloud Services Provider (CSP) is provision of tools that assist in keeping login credentials secure. Remember that migrating to the Cloud still leaves the user with full responsibility for system breaches due to hacked, guessed or shared passwords.
The best antidote for password breaches is what is described as Two-Factor Authentication (TFA). TFA basically means that a second layer of authentication is added after you have entered your password. The most popular form of TFA simply sends a one-time SMS code to your Mobile to enter as a secondary authentication when logging in. This means that a perpetrator cannot access your data without access to your Mobile – even when in possession of your password. A good Cloud provider will offer TFA as an option for their users. Switching on TFA for a Cloud service is much, much easier for a business than asking the IT Department to implement TFA across all in-house systems.
Another function to look for from a Cloud provider is the ability to integrate with other systems to enable Single Sign On (SSO). SSO basically means that you sign on once to get access to many/all applications you are authenticated to use. This is of course great for us end users, less login sequences to go through and less passwords to remember. It is also great for security, in that it is much easier to enforce TFA and password policy across all systems.
It is time to stop worrying and start acting. Migrating to the Cloud does not remove your responsibility regarding protection of login credentials, but if you choose your provider carefully you can get more tools in your bag to easily improve the protection of your business’ application and data.