What is multi factor authentication in cloud?

Multi factor authentication schema such as the use of robust tokens and requiring multi-factor authentication can reduce the likelihood of unauthorized users gaining access, and restricting authorized users to permitted activities.

Cloud Multi factor authentication has become more popular and widespread in the last five years due to increased demand for better authorization security and dropping prices of the technology.

Only a few years ago, multi factor authentication in cloud mechanisms were far outside the financial reach of anyone except government facilities that required very high levels of security or other highly regulated industries such as banking.

Many banks have used such technology since the early 2000s to facilitate secure wire transfers.

Multifactor authentication is composed of, at a minimum, two of the following aspects—something you know, something you are, or something you have.

Something you know can be a password, passphrase, and so on.

Something you have can be something like a number-generating key fobs, a smartphone capable of receiving text messages, or even a phone that can receive a call and then transmit a number or key to the individual but that is only accessible from a very specific phone number.

Something you are is a biometric trait of yourself, as a living creature. This could be as unique and specific as your DNA fingerprint, or as cursorily general as a photograph.

The authentication solutions featuring the know and have aspects are especially useful with remote access security were presenting a biometric factor would be awkward, because they help to prevent an unauthorized user from accessing an account or data without both pieces of the authentication mechanism.

It is one thing to steal or guess a password on an account, but it is much harder for someone to obtain both a password and a key generated by a device to which only you have access.

You will usually see government employees who work in classified settings using solutions that leverage the have and know factors.

They are typically tokens, or devices, that generate a number that is synchronized with a server in the home environment.

This keeps any would-be malicious user from guessing the number and stealing a key.

So again, even if your password or passphrase were compromised, the second factor used in authentication would be virtually impossible to re-create.

In addition, the numbers generated by these tokens change every 360 seconds.

It would be virtually impossible for a malicious attacker to accidentally guess the second factor’s number, and even if they did, it would change again within 360 seconds.

This is exactly why high-security environments like law enforcement, high-level government agencies, and other highly regulated industries use them.

Top Security Devices use by cloud computing?

Supplemental Security Devices
Supplemental Security Devices

In addition multi factor authentication in cloud Firewall is plays an important role. The firewall is designed as the access point for traffic entering or leaving the perimeter of a network.

Firewalls come in a variety of designs and capabilities.

However, they are all created to provide some type of protection from unauthorized traffic entering or leaving a network.

Early on, these devices were limited to simply port blocking with no ability to see inside the packets traversing the interface.

Then stateful packet inspection came into the picture, which allowed firewalls to prevent inbound traffic from entering unless the connection had been initiated from inside the network.

Today’s application-aware firewalls are far superior to their predecessors of even a few years ago.

However, the battle rages on with attackers and their wily ways, which leads us to the web application firewall (WAF).

The web application firewall (WAF) was first required under PCI regulations several years ago.

These firewalls are deployed in addition to any network firewall and are designed to protect specific web-based applications.

PCI requires them as a way of protecting credit card data egress from a web application that may be handling online transactions.

These firewalls are specific enough that they know the way the application should be behaving and can detect even the smallest unusual activity and bring it to a stop.

In addition, WAFs can also protect against such network-based attacks as DoS or DDoS attacks.

WAFs function at Layer 7 of the OSI model.

Another form of protection is database activity monitoring (DAM).

Again, as with the web application firewall, the idea is to have a piece of software or a dedicated appliance watching databases for any type of unusual requests or activity and then to be able to send alerts and even take actions to stop malicious activity.

These DAMs can be either agent-based or network-based, meaning an agent resides on the machine or instance of the database or a network agent monitors traffic to and from the database.

One of the newest forms of security designed to work in conjunction with both WAFs and DAMs is something called deception technology.

Deception technology works something like this.

Let’s say a DAM has picked up some actor poking around with SQL injection attacks to see if they can find a weakness in the database or if the WAF will stop them.

Deception occurs by quietly rerouting what may be attack traffic to another network segment with databases populated with phony data and triggers that can capture the attack.

Although this is often referred to as a honeypot, there are now companies that will set up and manage these deceptive networks for you and not only move the attack traffic away from targets but inform law enforcement and even trap the attacker with logs.

API gateways are also an important part of a layered security model. They can be used to impose such controls on API activity as 

  • Acting as an API proxy to not directly expose the API
  • Implementing access control to the API Limiting connections so that bandwidth is available for all applications, which can also help in the event of an internal DoS or DDoS attack
  • Allowing for API logging
  • Allowing for metrics to be assembled from API access logs
  • Providing for additional API security filtering

XML gateways work in much the same way, except they work around how sensitive data and services are exposed to APIs.

They can be either software- or hardware-based and can implement some types of data loss prevention (DLP).

Leave a comment