ICYMI: Multi-Factor Authentication
iCorps IT Services
How important is multi-factor authentication to protecting business data? Find out what the panel of experts from iCorps' Cybersecurity Summit had to say in this video.
[Chris Stephenson - Moderator] So two-factor authentication. How many people in the room know what two-factor authentication is? Ok, so pretty much a couple. How many have it implemented? Ok, interesting. So for those that haven't implemented it—can you—who wants to take the importance of two-factor authentication in any environment?
[Laura MacDonald - Microsoft] So RSA, we'll start with that, where it was like all the time, everybody, VPN, we wouldn't necessarily use it internally. Microsoft's got a different twist on it - which I really am passionate about - if you try to get the user to do multi-factor authentication for everything they're doing, they're going to get tired. They're going to go around you, it's just not going to work.
So there is a concept, which is called conditional access, which does a lot of analysis on the user, the device they're on, their location, etc. I could go on and on. If the user is okay, they're in the office, on a laptop they're always using, and their identity doesn't seem to be compromised then it's not required. If I am on my grandmother's computer in China, I'm absolutely doing MFA. The one difference would be privileged identities. Absolutely with privileged identities, you need to A: Reduce your administrators. And B: Make sure they're using multi-factor authentication.
[Attendee Question] Can you define privileged identities?
[Laura MacDonald - Microsoft] For the most part, it's administrators to different systems. Whether it be on-premise systems or you've got somebody that's administering Azure, AWS, Google Cloud, whatever. It's somebody that has the control to access your critical information or take down your critical infrastructure.
[Jeffery Lauria - iCorps Technologies] And actually, you know, one of the very bad practices I see a lot of the time for in-house IT is that the in-house IT person, their everyday user account is a privileged account. It's a lot easier for them to not have to maintain two accounts, so it's a privileged account.
So one of the things that we see is when we're called in—let's say there's a ransomware attack. We know that ransomware, generally, as a rule, is limited to whatever it can get its hands on. Well, if you're the administrator, unfortunately, it can get its hands on everything. So that is one of the things we see time and time again. People use privileged accounts when they just shouldn't. You know, I have two accounts in our organization. I seldom ever use my administrator account. Actually, I think our team shut it off. I seldom ever actually do that because, again, you know, there's no reason for me to actually do that because I write emails all day. This is what I do, why do I need a privileged account? So I think that is a really good tip for anyone here.
iCorps Video Library