Identity Management Practices
With cloud platforms, there are so many passwords to remember that it’s almost impossible to stay secure without writing passwords down, or using the same password for all systems.
Both of these are security no-no's so what should you do to have strong controls around access to systems that don't drive workers crazy.
Firstly, your passwords need to be strong passwords, but this doesn't necessarily mean hard to remember.
Password length is the key to password strength.
A 9 character password takes 2 minutes to crack.
Increase that to 11 characters and it will take 6 days to crack.
Add special characters and 6 days becomes 2 years.
Go up to 12 characters including a special character and now we're up to 2 centuries to crack.
But that's quite a lot of characters to memorise. So now we need a memory trick.
Make your 12 characters from a combination of words or a phrase. For example, "We fix your cloud".
Now substitute special characters "W3F!*UrCl0ud" and we have a memorable 12 character password that is easy to remember and hard to crack.
Next it's important to use another security measure in addition to your password. This is known as 2-Factor or Mulit-Factor authentication. Typically a code or link delivered to your registered phone number, an email address or an app on your smartphone.
With multi-factor, even if someone does crack your password, they still won't have the additional access code required to sign in.
The snag here is that not all systems support multi-factor authentication, so whilst it's a good option if available, you still need that secure password as your first line of defence.
Additionally, think of all the systems you access in a day. If each requires a unique strong password and a code, that's a lot of security challenges to complete before work can be done.
Importantly, multi-factor has now become susceptible to phishing and tools have become available for cybercriminals to breach multi-factor security more easily than before.
All of this leads to potentially greater benefits from the use of security platforms.
Single Sign On/ Identity as a Service
To overcome the need for multiple passwords and multiple codes just to get to the point of starting work, a new class of solution is becoming popular; the Single Sign-On (SSO) or Identity as a Service (IDaaS) platform.
With this type of solution, you sign in once, to the directory platform, and all other sign-ins are managed from there.
Sign in happens without further challenges simply by clicking the application icon within the SSO/IDaaS portal.
The user doesn't need to know (and should not know) their password or MFA code for any sign-in other than their sign in to the SSO/IDaaS platform.
If you are interested in IDaaS we are happy to assist you in finding the right platform for your needs.
Zero Trust Security is coming
So far, we've been thinking about how people interact with systems. The increasing use of Bot's, Smart Devices and Automation mean that systems and data also need to be protected from things, and from themselves!
A new paradigm is on the horizon that switches security from trusting the authenticated user, to trusting no-one and nothing. This approach is called zero trust.
Zero trust concerns the configuration of a secure and aware network through firewalls, secure and aware integration through managed API's and secure access through IDaaS.
We are keeping a close eye on the evolution of Zero Trust Security as we think this will be the new standard for cloud security.
Please let us know if you are looking at zero trust security as we can help craft your security architecture for the future.