How to Keep Employees Secure with Factor-Based Authentication
Security was also a key theme throughout VMworld, and it’s no wonder: IBM’s Cost of a Data Breach Report for 2021 found that an average breach costs organizations about $4.24 million — and that for organizations lacking mature zero-trust security strategies, the cost is more than $5 million.
Traditional perimeter security, the chief alternative to zero trust, “has not stood the test of time,” explained Paul Schrynemeeckers, a senior engineering consultant with CDW, because threat actors have become adept at “gaining a foothold in corporate networks through compromised systems or stolen credentials.” Consequently, Schrynemeeckers said, “organizations are investing a lot in security outside their domain, such as factor-based authentication, and are seeking to get a more holistic view of their security landscape inside and outside the environment.”
Unlike perimeter-based security, which trusts people and devices already inside a network, zero trust is a framework that requires users and devices to verify their identity to access different network resources, even if they’re already inside, explained Nelson Carreira, an enterprise architect with CDW.
A key step toward zero trust, Carreira said, is deploying factor-based authentication, which requires users to authenticate their identity with more than just a username and password, most often by responding to a push notification on their phone. Organizations can now easily deploy factor-based authentication through an integration between VMware’s Workspace ONE and the Okta Identity Cloud.
“It’s actually not complicated for users,” he said. “You can test what the workflow will look like before implementing it organizationwide, and once it’s implemented properly, the experience is very easy for users.”
For example, an adult-beverage company that has employees all over the world needed to increase its security posture but had struggled in a previous attempt to roll out factor-based authentication. “So we implemented the integration between Okta and Workspace ONE,” Schrynemeeckers explained. “We implemented both factor-based authentication and mobile single sign-on, and we took time to discuss what the workflow would look like with MFA so they understood how it would look in different use cases. We rolled it out slowly, to small groups at first, so there wasn’t a big impact.”