Why You Need Multi-Factor Authentication - Especially with Office 365

Why You Need Multi-Factor Authentication - Especially with Office 365

September 9, 2015

Today's cloud-connected and mobile world is more challenging than ever. Companies need to monitor all types of people in its systems - employees, customers and partners across web, mobile and APIs. Security also needs to cover every company resource, whether its internal systems or data accessed from a private or public cloud - not to mention from any device in any location.


Now with Office 365, many companies will be making their first foray into the cloud. As companies take on this new frontier, they'll need more than just a username and password to authenticate users. Protecting mission critical apps and company data in this new world calls for multi-factor authentication.


MFA adds another level of authentication to an account log in. MFA requires users to have at least two out of three types of credentials before gaining access to company data: a knowledge component, such as a PIN number or password; a physical component, such as an iPhone or fob, and/or a biometric component, such as a fingerprint or voice recognition.


Does this extra layer of security sound like too much of a hassle for you and your users? Consider these harsh reminders of what a cruel cyber world we live in:


In March 2015, collaboration platform Slack disclosed that it was hacked over the course of four days in February, and that some number of users' data was compromised. That data included email addresses, usernames, encrypted passwords and, in some cases, phone numbers and Skype IDs that users had associated with their accounts. Once discovered, the site blocked the unauthorized access and made additional changes to its technical infrastructure to prevent future incidents, but industry-watchers say the damage was already done in terms of users' compromised information and the company's loss of credibility among corporate users.


In July, media streaming service Plex announced that their forum and blog servers were hacked, and that email addresses, IP addresses, forum messages and encrypted passwords may have been stolen.


Turning the knife even further, the thieves also blackmailed the company. Someone claiming responsibility for the hack posted that they had "managed to obtain all of your data, customers, as well as software and files." They were holding the data for ransom until they receive 9.5 Bitcoin (about $2,200). If the demands weren't met, the thieves threatened to release the data on torrent networks. No word on whether the ransom was paid.


Even security-leading industries have fallen victim to these types of hacks. A server that lacked two-factor authentication was the gateway hackers used to breach a Top 10 US Bank in December. According to The New York Times, the attack against the bank began after hackers stole the log-in credentials of a bank employee. While two-factor authentication is common in many environments, the bank's security team failed to upgrade one of its network servers with the security scheme - a mistake that left the bank open to intrusion.


The move to Office 365, or any move to the cloud for that matter, means that your critical business applications are in the cloud. Information once held closely behind company firewalls, like spreadsheets, documents and PowerPoints, is moving beyond the control of your business. Think about all of the sensitive documents (i.e., budgets, roadmaps, financial data, etc.) that could be exposed that you're now trusting to the cloud.


PingID is a multi-factor authentication solution that enables users to authenticate to applications via a swipe on their phone, a tap on their Apple Watch, a one-time password delivered by voice or SMS, or by using a hard token like YubiKey. It's easy to use for both end users and IT administrators and allows companies to implement strong authentication to legacy and cloud applications using a mobile app. It also supports biometric authentication on Apple and Samsung devices. PingID can be used on VPN servers using the RADIUS protocol.


Ping's multi-factor authentication also integrates easily with dozens of third party, two factor and strong authentication providers. You can connect to systems like RSA SecureID, Symantec VIP, Safenet, Google Authenticator and more. You get the security you need without the added expense of replacement software or custom development.


With multi-factor authentication you add another level of security. With Ping MFA, you secure all of your apps, including Microsoft and other software-as-a-service (SaaS) apps, with one, very easy-to-use tool.