Has your remote work policy changed in the last month or two? Are more of your employees working from home or at locations that are “untrusted”? The answer is almost certainly a resounding YES! Now more than ever you need to ensure that Two Factor Authentication (2FA) or Multi-Factor Authentication is being used throughout your organization in as many places as possible. Many people are becoming more comfortable with this concept as they are having to perform these same steps to access their personal accounts (banking, Gmail, etc.).
Whether it is accessing your corporate VPN or cloud-based applications such as Office 365, Salesforce, NetSuite, Workday or many others you need to make sure users are required to supply two forms of authentication to access company resources and data. Something they know (username and password) and something they have (a text message with a unique code or an app on their phone that must be clicked to accept the request to connect) are no longer optional in the workplace.
Microsoft has a Multi-Factor Authentication product called Azure Multi-Factor Authentication that can be configured to deliver Two-Factor Authentication four different ways. The Azure Multi-Factor Authentication service can send you a text message with a code that you must provide, call you on a preset phone number and provide you with the number, provide a rotating code on the Microsoft Authenticator smart phone application, or push a pop up message to your smart phone for your approval. Azure Multi Factor Authentication is available as a standalone product and is also included in Azure Active Directory Premium, Enterprise Mobility Suite, and Microsoft 365.
Fortinet also has Two-Factor Authentication capabilities built directly into the FortiGate firewalls. A physical token or a smart phone application can be used to get a rotating code that can be used as the One Time Password when connected to a FortiGate SSL VPN.
In addition to 2FA, geography-based access to your corporate resources should be something that you consider implementing. Allowing someone to connect from any location in the world may not be necessary, when your users should only be coming from certain geographies. If you only operate business in the United States, why not block any connection attempt from international locations? Sure, you may have users that travel internationally from time to time and exceptions can be made as they arise. Reducing your attack surface in as many ways possible is the best course of action to protect your business now and into the future.
If you are interested in learning more about how Two-Factor Authentication or geography based restrictions could better protect your business, CONTACT THRIVE TODAY!
Part 3 of 4
In part 2, we reviewed many of the high level features available in Azure Active Directory. At this point, we’d like to drill-in on some of the critical features that you can take advantage of. With all of the different bundles that are available it’s easy to get lost among the offerings.
In part 1 of this series, I detailed some of the background and terminology around Azure Active Directory which among items functions powers Office365. I recently heard some feedback that some of the large SSO providers are having trouble competing with Azure AD’s Premium suite simply due to the large install base of Office365. At last count, we understand that the number of active users is well over 100 million. The understanding is that while Azure AD may not be able to go toe-to-toe with the larger SSO vendors on features, the pre-existing installs and existing Microsoft relationships is what is winning deals.