The initials “MFA,” as every computer security professional knows, stand for “multi-factor authentication.” The same initials also stand for “Master of Fine Arts.” And maybe that’s no accident. Protecting your organization’s internal systems and data against intrusions by bad actors can indeed be a fine art. It requires balancing the security needs of the organization against the needs of employees for convenient access to the applications and information they need every day to get their work done.
Set the barriers too low, and the bad guys will find a way in. Make the access process too burdensome and users get frustrated. Productivity suffers. Users have even been known—with no ill intent—to set up “shadow systems” just so they can do their work without having to keep track of passwords.
Securing Office 365 with MFA
Microsoft Office 365 is one of the most popular application suites in the world. Many thousands of large organizations provide Office 365 apps for new employees and for existing employees to use on new devices. It offers the benefit of keeping applications like Word, PowerPoint and Excel consistently current with the latest fixes and features—all downloaded from the cloud. But along with the convenience of cloud comes the risk of intrusion every time those apps or updates are downloaded.
That’s where multi-factor authentication (MFA) comes in. Multi-factor authentication is any process that requires an end user to submit two or more pieces of identification to gain access to a system. The most common example is the familiar, two-part username and password authentication. While effective in most situations, the username-and-password combination is a frequent target of hackers. And, because so many of us use the same password for multiple accounts, one breach can threaten a range of systems. Plus, we all have trouble remembering passwords (your golden retriever’s birthday?) and resetting passwords repeatedly to meet ever-stricter requirements for complexity and length.
MFA for the Modern Era
Fortunately, IBM Cloud Identity solutions provide multi-factor authentication that is both secure and easy to use for end users. These solutions offer a variety of multi-factor authentication mechanisms such as email or text, one-time-passwords, and mobile push with biometric requirements to confirm the identity of users on an app-by-app basis. Once identity is established for a specific device, the solution helps simplify user access with single sign-on (SSO) capability. This scalable solution comes with thousands of pre-built connectors to provide quick access to Office 365 and other apps as well as pre-built templates to help integrate in-house apps. In addition, IBM Cloud Identity offers MFA for on-premise enterprise systems as well, such as Linux, AIX, z Mainframe, and Windows remote desktop. Protecting your VPN with IBM Cloud Identity is also supported through a lightweight RADIUS server. All these systems are protected with IBM Cloud Identity under one MFA solution.
Better Control for Administrators
IBM Cloud Identity features an administrator’s dashboard that integrates data from various sources and presents a unified display of relevant, in-context information. It allows administrators to view usage statistics at a glance by geography and time period. Sign-on activity can be monitored across the organization to track successful and failed logins, and spot any unusual activity.
IBM Cloud Identity also offers reporting capabilities that let administrators assemble authentication reports to look for trends or anomalies. The reports show which applications (and thus licenses) are used most frequently and which users are most active.
In addition, since all applications don’t require the same level of security, administrators can also customize settings for when and how users need to authenticate for different applications. An app that offers access to confidential information will require stronger authentication protocols, for example, than access to a calendar.
Simpler Access for End Users
For end users, IBM Cloud Identity provides an application catalog where they can browse available apps and request access to Office 365 or other applications from a simple access request interface. The system generates a request to the employee’s manager, who can approve or deny, based on business need. Then, the users track the approval process so they know the status of their request. The net result is faster access for users, with less burden on administrators.
Perimeter Protections Can’t Cope in the BYOD World
Computer security professionals know only too well that bad actors are relentless in their efforts to break into computer systems. The risk environment is always changing. In today’s world, where mobile devices and bring your own device (BYOD) policies are proliferating, a firewall around the perimeter is inadequate. And while cloud-based applications offer many benefits, they also raise the stakes for the security team. Your security measures need to keep pace with the threats and the evolving needs of your users. IBM Cloud Identity enables administrators to deploy apps quickly while ensuring compliance with company access policies and simplifying the access process for end users. It also integrates seamlessly with IBM MaaS360 to provide password-less authentication, while simultaneously checking for mobile device enrollment and compliance. Something that is truly needed in a cloud-driven company.
Visit the IBM Cloud Identity website to learn more about how IBM Cloud Identity. See how it can help you master the art of multi-factor authentication, and other identity and access management strategies.