Establishing Trust and Identity in the Cloud
As cloud computing spreads itself worldwide, it is easy to imagine every organization will tap into this opportunity. At the same time, cloud computing brings a new angle to long-standing concerns around security and authentication of users. A few questions commonly asked in the Cloud Security arena are "How does one authenticate myself to a SaaS/PaaS vendor?" and "How does one prevent unauthorized third parties from accessing my information?"
Typically, one would use his/her username and password to authenticate to a cloud application service. While this may seem like two different factors, the username and password are 'what you know', not 'what you know and what you have’. This is a single-factor authentication system.
If a user of a cloud-based application doesn't manage their own username and passwords carefully, they may be guessed and/or found. Ask Sarah Palin how her email was obtained by a college student.
NetSuite has a great tool to strengthen authentication in the cloud; hardware two-factor authentication. NetSuite Two-Factor Authentication (NetSuite 2FA) requires a physical token ('what you have') in addition to the standard username and password ('what you know').
Using NetSuite 2FA, a malicious individual would have to know my password ('what I know'), and be in physical possession of my token ('what I have') in order to authenticate as me. Automatically integrated into NetSuite, Netsuite 2FA enables secure two-factor authentication using a convenient hardware device small enough to attach as a keychain.
In some industries, such as banking, regulations require more than one factor of authentication. Two-factor authentication is a best practice for companies that want a strong security presence to protect their customer and financial data, even in industries or companies that are not subject to such requirements.
Posted on Sun, January 24, 2010
by John Menerick filed under