Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

09) Does your organisation secure remote access to its network or cloud environment using multi-factor authentication?

August 30, 2022
Network and Cloud Security
Remote Access

Answer yes if your organisation forces all remote connections to its network or cloud environment to be secured using two factor authentication.

What is the control?

Multi-Factor Authentication (MFA) requires a second form of authentication when logging into or connecting to a service. This makes it significantly more difficult for an account to be compromised as, to authenticate, someone needs the password to the account but also a second piece of information that is often variable. As an example, this could be a 6 code on a physical token or sent to the person’s phone via an SMS.

This ensures that someone who may have your account password still cannot use it unless they also have your physical token or phone.

Why should I have it?

While MFA is increasingly common, it’s especially important to use it for network remote access or any cloud-based business platform due to the implications of such an account being compromised. It would be akin to someone plugging their computer into your internal network (or cloud service), bypassing all your network protections (Firewalls, intrusion detection systems, etc), with the access of a regular user (or worse) from which they can start exploring your network and escalating their access.

It is not only a potentially devastating attack vector, but one that is relatively easy to slowly brute force over time without being detected. Conversely, it’s also one of the easiest to mitigate with MFA and why many clients will look for it as part of their due diligence.

MFA is also increasingly becoming a regulatory requirement within many sectors.

How to implement the control

Your network security policy should dictate that all remote access, such as VPNs connecting to the internal network, or critical cloud services, have MFA enforced for all connections. Ensure that any product you deploy to grant remote access, or any remote or cloud services involving sensitive data, supports this capability as part of your procurement and provisioning processes.

There are numerous consultancies or individual consultants that will be able to assist in crafting the correct security architecture in a way that meets your business and technical requirements. Please message us if you would like a recommendation.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.