To businesses of all sizes the cloud is the rage. Companies are moving to the cloud for cost savings, convenience for their road warriors, data backup, new applications and a host of other business reasons. What one rarely hears is that companies are moving to the cloud for security.
I have written blogs and posted comments on LinkedIn, Facebook and other social media outlets on some of the dangers of cloud security. My goal is for business owners to understand their risks.
- Did you know that if a cloud service gets hacked you’re still liable for protecting customer’s private data?
- Did you know that many cloud servers are located off shore where you have different laws regarding privacy?
- Did you know that cyber-attacks are on the rise?
Most cloud providers will discuss Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS), but there is one other key component that is often ignored: Access-as-a-Service (AaaS).
AaaS focuses on how users gain access to the cloud’s software, platform and/or infrastructure. The most common method used today for access is the User Name and Password. Contrary to some opinions, I am still a big supporter of passwords because they are already part of most platforms, they have a low cost of ownership and they can be very secure. Wait! Did you read that correctly? Passwords are “secure”?
Yes, passwords are secure. What is not secure is how people choose and manage their passwords, and the protection from malware attacks to capture passwords from a user’s computer. Some of the security flaws include writing passwords on sticky notes, picking very simple passwords and using the same password on multiple sites. Remember, IT can’t identify a data breach if a legitimate User Name and Password is used to access an account. So that is where Access Smart’s Power LogOn comes to the rescue.
With the use of a smartcard, Power LogOn addresses the first line of defense: multi-factor authentication. We use a smartcard as a secure token (something you have) and add in PIN and/or biometrics (something you know and something you are). Plus, with a limited times of acceptable false authentications a lost or stolen card is not a threat.
No longer do employees need to remember, type or even know their account passwords. A different complex 20-character long password can be assigned to every account that again the employee doesn’t have to know or type. IT has centralized control of the password policies that the employee cannot circumvent. Because Power LogOn is so easy to use from the employee’s perspective, he/she doesn’t even notice all the advanced security features.
Another unique feature that Power LogOn offers is its “8-Levels of Assurances” where each level may use multiple layers of authentication. Here we have incorporated different lays of authentication: (1) authentication of the user to the card; (2) authentication of the card to the application/site; (3) authentication of the card to the server; and (4) authentication of user to application/site.
The cloud has its advantages and cost savings, but only if you also include security. With the average cost of a breach now at $7.2M per incident, a single compromise will wipe out more than your IT savings. It might wipe out your company. So the first line of defense in authenticating who is accessing your cloud data/services. Power LogOn delivers an easy to implement, low cost of ownership and secure authentication to be your Access-as-a-Service solution.