The cyber-world is a risky place, but multi-factor authentication (MFA) is one of the most effective ways to protect access and prevent breaches. Although MFA has gained momentum over the past two years, it’s still not widely used. Why? For MFA adoption to really take off, organizations need to understand the real value of MFA and how to effectively implement it. Tech Giants Are Pushing MFA Adoption Outside of work, most people ignore the option of two-factor authentication (2FA) or are for a few common reasons: misplaced confidence in passwords, frustration or confusion about setup, or pure laziness. reluctant to enroll in 2FA Less than 10% of Google accounts have two-factor authentication enabled, and only about 12% of Americans use password managers. This has driven many tech giants to make MFA mandatory: , ,  and . Salesforce now requires MFA Google is gradually making 2FA mandatory for all users Amazon.com Inc.’s Ring made 2FA mandatory in 2020 Why Are Organizations So Slow to Adopt MFA? Unfortunately, the same attitude exists in the workplace, with . enterprise MFA adoption still low Organizations often believe , seeing MFA as a tool only for: common MFA myths The largest organizations, or The most privileged of accounts: Windows local administrator accounts, domain admin accounts, Active Directory service accounts, and anything that has rule over a major part of the network environment. But MFA is equally important for both small and large organizations. No matter the size of your organization, your data is equally sensitive and should be equally well protected. Whether or not MFA should be only for the most privileged accounts merits a closer look. Protection Beyond Privileged Accounts Let’s start with a look at the security approach behind the idea of “privileged accounts.” Securing the login is the first step to making privileged access management (PAM) work. Each organization has a different balance, but you’ll reduce risks by as possible. extending security as far down the “non-privileged” path In the old-school, perimeter-based security approach, we didn’t talk as much about the security of the “average” user account. But thanks to factors like the en-masse shift to remote work, and many organizations’ rapid transition to a hybrid environment spanning both the corporate network and the cloud, the focus has changed. The Principle of Least Privilege is More Relevant Than Ever The – the practice of limiting user access to only sets of data, applications, and systems that they absolutely need – has been around for years ( ). And because the threats of attack today are even greater, : principle of least privilege Microsoft wrote about it in 1999 least privilege is more pertinent than ever to an organization’s security strategy ·        External attacks leverage user accounts to gain control over endpoints, to move laterally within the network and, ultimately, to acquire targeted access to valuable data. ·        Insiders leverage their own granted access or other compromised accounts to leverage data and applications for malicious purposes. See, least privilege isn’t actually about privilege. It’s about the compromised use of a “privileged” account. So, one of the key aspects of the least privileged strategy is to monitor the use of privileged accounts. Monitoring All Account Access Is Key PAM is viable for monitoring truly privileged accounts, like Active Directory administrator accounts. But it doesn’t serve the purpose of monitoring activity for every user in the organization. And one pivotal point of access provides organizations with crystal clear indicators that an account is either being properly used or has been compromised: the logon. All Users Are Privileged Users For the modern organization, the real value of MFA is in protecting any account with access to critical data, applications, and systems. And since every user has attributed access rights and privileges, all users are some sort of privileged user. Set Up Your MFA Deployment for Success Preparation is key! Applying MFA to all users demands more planning than if you apply MFA to only privileged accounts. Whatever the size of your company, here are before you deploy MFA: six key points to remember ·        Securing logins significantly improves your security rating. ·        MFA is not just for privileged users. ·        MFA doesn’t have to be frustrating for IT departments. ·        MFA must balance user security and user productivity. ·        Educate and empower your users to support MFA. ·        Management commitment and buy-in is key. Harness the Full Power of MFA MFA mandates from tech giants may encourage some organizations to adopt MFA, but truly increasing MFA adoption requires a more fundamental shift in the organization’s security posture. The more organizations understand the value of applying principles of least privilege and privileged account management to all accounts, the more they will understand the advantage of securing logins across all users. Organizations will put more effort into finding a balance between employee productivity and security. And when they do, get ready to see the demand for granular, customizable MFA explode. Previously published here.

Amazon

Google

Microsoft

Salesforce

salesforce.com

Try UserLock for Free

Too Long; Didn't Read

Publish Your First Brand Story for FREE. Click Here.

Why Are Tech Giants Pushing For MFA Adoption?

Too Long; Didn't Read

Companies Mentioned

@ISDecisions

RELATED STORIES