Multi-factor authentication (MFA) continues to generate buzz this year. Twitter, which allegedly began exploring MFA in February, was compromised again yesterday when the AP’s Twitter account was hacked and distributed bogus tweets about President Obama which led to a brief plummet on Wall Street. We also talked about MFA last month when iCloud introduced two-factor authentication. Breach after breach is driving the implementation of MFA. But the question remains, is it enough? What else is needed from an identity provider?
We can all agree that MFA delivers strong benefits, requiring users to provide a second factor as proof of their identity using an SMS, phone call or email. Stronger security environments require a fingerprint for access. However, in complex environments, and particularly for businesses in highly regulated industries, extensive auditing capabilities and granular authorization controls are also needed to ensure accountability and strong security measures.
This is where a proxy-based SSO solution like Symplified comes into play. Any identity provider can authenticate you to Google and Salesforce, but most stop short of providing you with visibility and control over user behavior within those apps. Auditing has become increasingly important to organizations as they address BYOD and SaaS; people are using more of their own devices, and organizations have lost visibility into what users are doing when logged into corporate apps and SaaS services.
Proxying gives you the benefit of knowing how a website or app was used and for how long. It’s the difference between knowing if a user logged into Salesforce and Box, versus knowing if a user logged into Salesforce, downloaded a customer lead list, and then logged into Box and uploaded it into his account there. And with granular policy controls, you could even set rules that prevent him from uploading documents in the first place, or limit session length.
As Symplified CTO Darren Platt put it, SSO is ultimately the “killer app” strong authentication vendors have been waiting for all along. Check out how Symplified enables MFA as part of our comprehensive approach to Identity as a Service in our technical overview video. Or better yet, give us a call for a live demo led by me or one of my SE team members.