Since October 2022 Softline has been operating under the brand name Noventiq.
A recent survey published by Microsoft found that 99.9% of compromised user accounts did not use multi-factor authentication (MFA). This is quite a compelling reason to use MFA, which is about confirming the user’s claimed identity by using a combination of at least two factors when signing into a service. This solution, however, gives you much more than you would think. By leveraging its flexibility and customisation options, you can provide a secure and practical system for your company. Zsolt Pótor, Senior Solution Sales Manager at Softline has shared his views on multi-factor authentication and the common myths around it.
Not Just for Banks Anymore
When talking about multi-factor authentication, we usually think of securing access to the company’s financial assets, but the possibilities are virtually unlimited. Due to the undoubted importance of your company’s data and information assets, access to these is critical in terms of security. Whether it’s about entering into internal communications channels (email, chat programs) or accessing a company database, each and every connection can increase the exposure of the organization. Our experts have several solution plans for these situations, offering support from planning through implementation to operating the system.
Well-Designed Solutions Without Lengthy Deployment
Many think that transitioning to multi-factor authentication takes several months to complete. Of course, the time needed to implement the system depends on several factors, but, thanks to our preliminary assessment, we will only secure those processes where MFA is actually required. This is important from several aspects, because for securing access to several systems concurrently, we will recommend compatible solutions to ensure that their implementation and operation will both pay off.
Practicality Instead of Time-Consuming Login
A common myth regarding multi-factor authentication is that once it has been deployed, the user must perform it for each login. In fact, this solution is also flexible and can be adapted to real-world requirements. For example, if the user needs to access multiple systems in a given timeframe then we can create a rule requiring the user to perform multi-factor authentication only the first time they log in during a session on the same computer. No further re-authentication will be required until the session expires. Similarly, we can also configure MFA to be required only when logging in from outside the network, so when on company premises, the user can access the data in a single step. The scenarios mentioned above underline both the essential nature of preliminary needs assessment and the rich opportunities offered by the system.
Starring IT–and Many Others
Although their access to databases and company information impacts how employees do their work, the preliminary assessment among users is often skipped. To implement and deploy a complex and well-working system, the involvement of other business departments of the company is essential. The time invested will really pay off, making it possible to get the system right first time, avoiding subsequent modifications. It is also important to provide additional support to users, whether in the form of online training or electronic tutorials—that’s why we offer comprehensive solutions extending to the period after the deployment as well. We will suggest the most efficient training format based on the various user levels.
Although the field of IT security is quite complex, selecting and combining the proper components allows an efficient and customizable system to be created. If you are interested in learning more about enterprise security, please read our expert’s previous article or contact us today!
Strong identity is one of the foundational pillars of Microsoft’s Zero Trust security model, which provides a framework for moving from controlling access based on implicit trust assumptions to an approach that requires real-time verification of all users, devices, locations and other signals. Microsoft recommends four steps for implementing strong identity: Multi-factor authentication, Policy-based access, Identity protection and Secure access to SaaS and on-premises apps. Multi-factor authentication is a foundational one to strong identity. “Condition-based access and controls such as MFA are important to prevent unauthorized access to corporate applications, services and data. MFA spamming has become more prevalent with increasing adoption of strong authentication. Azure AD offers a broad range of flexible authentication methods to meet the unique needs of your organization and helps keep your users protected.” - Balázs Maar, Microsoft Solutions Sales Manager.
According to the Zero Trust framework, when an identity attempts to access a resource, organizations need a system that can verify the identity with strong authentication, ensure access is compliant and typical for that identity and apply principles of least privileged access. Identity protection is one of the 4 recommended steps that helps implementing a strong identity, as our expert says “it is fundamental to ensure that everyone is only and exclusively authorized to do the job they are supposed to do.”
Businesses are facing multiple threat types from a variety of endpoints, apps, services and networks. Remote work and hybrid work as the new normal working type, force businesses to revisit ways to streamline and strengthen the security of their environments. In this blog post we summarize a Microsoft study that introduces how businesses can consolidate security with a more cost-effective solution, deliver unified end-user experiences for greater security, and reduce cyber risk with integrated, best-in-class protection.
Rest assured that your company’s information, devices and employee identities are secure. Microsoft 365 offers many options for zero trust, endpoint management and security and identity protection. Read our article for a brief summary of all these solutions.