With the growth in cloud computing, business leaders must be very aware of where data is and the related cyber security risks. The freemium subscription models of most SaaS applications make them easy to easy to buy and easy to adopt. Each one creates new exposure risks that must be mitigated with cyber security best practices for cloud applications.
The freemium business models of many SaaS suppliers make it downright easy to get started. Users and departments can ignorantly start putting information at risk. This “frictionless” adoption experience can quickly devolve into a “Wild West” without adequate consideration of the important cyber security, compliance, and data protection.
In this blog post, we will explore the four most important cyber security considerations for cloud and SaaS applications.
Password Re-use Challenge
Employees are drowning in usernames and passwords. A typical employee may have literally over a hundred different accounts between their work software tools and their personal life. Unfortunately, employees re-use passwords across their work and personal accounts. While best practice teaches us that unique, strong passwords should be used across every account, most users simply re-use passwords. According to a survey conducted by Google and Harris Poll in 2019, 65% of U.S. adults re-use passwords across work and personal accounts.
Truth is, passwords get compromised in mass data breaches. With these passwords now in the wild, it does not take too long for cyber criminals to work backwards and attempt to breach an employee’s other personal and work accounts with the stolen password. The bad habit of password re-use leads to major breaches of a company’s email and other important business applications. With so many vital corporate data in SaaS and cloud services, cyber criminals have many opportunities to exploit employee bad habits and stolen passwords.
Multi-factor Authentication (MFA)
One solution to the password re-use problem is multi-factor authentication, or MFA for short. MFA adds an important layer of password security by adding a one-time password or authentication step to the authentication process. With MFA enabled on business applications, your employees are required to provide something they know, such as their traditional username and password, and something they have, such as a one-time passcode generated by an authentication app on their previously registered mobile device.
With MFA, your applications and data are protected from cyber criminals, since even if they attempt to breach your systems with a stolen and re-used password, the criminal will not have access to the one-time passcode generated by the employee’s mobile app. According to Microsoft, 99.9% of all password-related compromises are stopped by MFA.
At NENS, one of the standards we utilize is Cisco Duo for multi-factor authentication. Duo verifies that users are who they say they are, before they access company data — and with multiple second-factor options, including one-touch Duo Push, users can easily authenticate in seconds.
Password Managers
Implementing MFA is a huge step forward for companies. The next step is to pair your MFA deployment with Password Manager services for your staff. Password Managers enable employees to store their hundreds of unique passwords in an encrypted password locker that is accessible from their computer and mobile devices. Password Managers eliminate the need for password re-use, since all the user needs to remember is one, long complex passphrase to secure their password vault. Then, for each account, the user can implement unique, strong passwords. The Password Manager does the heavy lifting of storing the otherwise impossible to remember strong passwords.
The good news is, with services like LastPass, Dashlane, and 1Password, they are easy to use and have features to help employees reinforce good password habits. First, these password manager services work seamlessly across work computers and mobile devices. The password locker is synced in the background and employees can securely access their corporate apps whether they are on their work machine or on the go on their mobile phone or tablet. Second, password managers have browser plugins which make it easy to drop in the unique, username and password for various SaaS applications as an employee goes about their workday. And lastly, password managers have features to create a randomly generated strong password with just a click of the mouse. Again, this reinforces the good habit of creating unique, strong passwords for every SaaS or cloud application.
Single Sign-on (SSO)
Single sign-on is a great way to take security to another level for your cloud and SaaS applications. SSO is often deployed by companies to make life easier and more secure. From the employee’s perspective, SSO provides many of the same conveniences of a password manager, but the company is managing the authentication process across the board for all the company’s SaaS applications. With SSO, employees login using MFA once at the beginning of their work session. The SSO service will dynamically sign the user into their other corporate applications throughout the session or workday. SSO services often will be configured to deliver the employee a convenient, web-based dashboard with all of their key applications at hand. This overall approach to authentication improves user productivity and raises security levels.
At NENS, we are experts in helping organizations securely adopt cloud and SaaS applications. Our highly trained staff implement best-in-class technologies, such as MFA, SSO, and other enhanced cybersecurity solutions to help our clients safely leverage the benefits of cloud computing.