A Spike In Home Workers Raises MFA Resilience Questions
In the midst of the coronavirus pandemic, many businesses are asking -- or mandating -- that office-based employees work from home. Millions of employees that have been logging in from workstations on corporate networks are now logging in from home, or elsewhere on public networks. Stronger authentication, and VPNs, that used to be required for a subset of employees, at any given time, become the point of entry for your entire workforce. So, what happens if your multifactor authentication (MFA) provider's infrastructure goes down?
For organizations that deal with personally identifiable information (PII) and other sensitive information, having remote workers log in with only username/password, even over VPN, is not acceptable. A critical piece of any MFA platform service is a high-availability configuration, to ensure authentication requests are processed if the infrastructure fails or parts of the network are overloaded.
So, let's say you have high availability in place. What happens when the assurances of high availability from a single MFA vendor are not enough, what should the organization do? A client at a banking institution that I spoke with raised some excellent points on the challenges with addressing this: Swapping in a second vendor isn't easy -- there's purchase and licensing, integration to the VPN platform, user provisioning, mobile-app-authenticator setup, VPN client configuration changes, user (re)training, and many other considerations. Building a parallel VPN entry point that uses a different MFA solution is costly and has the same issues as a swap-out. Plus, there is the increased risk of expired tokens, user confusion, and system upkeep. In short, these challenges are daunting to implement and introduce new challenges. Therefore, consider a more targeted approach.
Take the following steps as you develop an MFA resilience plan:
- First, ensure that you have high availability in place for MFA and that it is turned on and configured properly.
- Account for differences in vendor support for cloud vs. on premise applications. The latter may require you to invest in additional infrastructure, depending on your MFA vendor.
- Get SLAs in place, or other written assurances, from your MFA vendor for uptime, including for extreme cases such as a pandemic.
- As noted above, rolling out a back-up MFA system from a separate vendor is expensive and difficult. Therefore, identify your most critical apps and users – those that would have a significant impact on your business if down for days or even hours – and build MFA redundancy for those.
This post was written by Senior Analyst Sean Ryan, and it originally appeared here.
Harnessing AI To Combat Cyber Risk: Strategies For Financial Institutions
Cyber threats pose an ever-present danger to financial institutions, requiring robust strategies to mitigate risks effec... Read more
Adaptation And Innovation: Revolut's Response To Banking License Delay Through Advertising Sales Push
As Revolut eagerly awaits the acquisition of its banking license, the fintech giant has demonstrated remarkable adaptabi... Read more
Riding The Wave: The Evolution Of Fintech Investment Strategies
The fintech industry has experienced unprecedented growth in recent years, captivating the attention of investors worldw... Read more
How Fintech Is Revolutionizing Traditional Banking
How fintech is revolutionizing traditional banking is a topic that is garnering positive and immense discourse within th... Read more
Blockchain And Its Impact On Fintech Industry
Blockchain and its impact on Fintech Industry has become a hot topic in the current digital era. The amalgamation of blo... Read more
The Rise Of Fintech In The Digital Era
In the heart of the digital revolution, we've observed a term termed as "fintech" creating a substantial and transformat... Read more