After the Target Hack, which resulted in the resignation of the CEO and possible fines that can go into the billions, security is paramount to all discussions concerning an IT deployment.
Cloud Deployments Are Under Extra Scrutiny
Thanks to recent hacks on Facebook, Twitter, LinkedIn and SnapChat – cloud providers get extra scrutiny. An MSP needs to answer the following questions:
- What are my access policies?
- What 2-Factor is available?
- Where are my identities being stored?
- Who has access to these identities/
If an MSP offers a security solution, especially a 2-Factor, it may just ADD to the security risk!
The key to Identity Security – Don’t Pass it Around
The biggest mistake in identity security is to replicate identities across services. The problem with securing an identity is that its exponentially damaging if the ID and the authentication credentials are replicated to multiple services. This is what the hackers aren’t looking for. Most hacks are NOT at the tier one vendors – they are at the weaker services – and the identity tuple (username/password) is then repeated at more valid targets.
Thus – when you, the MSP, pick a 2-Factor security vendor – you need to insure you are not synching identity data to the 2-Factor vendor
Synching PII is Losing PII
PII is Personal Identity Information – and is, as stated, what the hackers are trying to obtain. If they can steal your home address, phone #, e-mail address and legal ID #’s – they can impersonate (become) you.
So why are MSPs giving up their phone numbers to 2-Factor vendors? These solutions expect the MSP to synch the user’s phone # to their cloud services. This is nuts. And dangerous. (Snapchat had 4.6 million phone numbers stolen from them)
Security is Not Only a Good Idea, Customers Are Demanding it from the MSP
Even before the big 2014 hacks Report Buyer.com stated the multi-factor authentication market is growing at %19.1 a year due in large to compliance for different industry regulations like PCI DDS, CJIS, NERC, FFIC, HIPPA and more. Despite this need customers are still putting off investing in legacy 2-Factor authentication products due to the excessive cost and hassle. Your customers need secure, flexible and easy to use solutions that can affordably meet their needs. Leveraging a cloud based 2-Factor Authentication partner will meet your customer needs and add a new stream of revenue for your organization.
About the author – Garret Grajek is a CISSP-certified security engineer with more than 20 years of experience in the information security and authentication space. As Chief Technical Officer and Chief Operating Officer for SecureAuth Corp., Garret is responsible for the company’s identity enforcement product offerings.