• United States



by Tony Karam

Getting Around the Obstacles to Multi-Factor Authentication in Today’s Access Environment

Jan 02, 20183 mins
Identity Management SolutionsSecurity

When someone wants access to your organization’s resources, multi-factor authentication lets you say “come in!” or “keep out!” with confidence. But in today’s increasingly open-access environment, how can you put multi-factor authentication in place everywhere you need it? Hint: Think at the network level.

mfa istock 851103406
Credit: iStock

Cloud, mobile and the Internet of things are opening up more avenues for people in your organization to connect with each other and with key resources—a welcome development for collaboration and innovation, to be sure.

But there’s a downside, too: a larger attack surface and more vectors for cyber attackers to find their way into your critical applications and sensitive information. Multi-factor authentication seems like the obvious answer, until you realize it’s impractical (if not impossible) to add it everywhere you need it. Here’s a look at the obstacles to implementing multi-factor authentication across a growing attack surface—and, more important, how you can get around them.

 3 Challenges for Multi-Factor Authentication in Today’s Access Environment

  1. Legacy apps pose a problem for multi-factor authentication because they often don’t support standards-based authentication protocols like SAML or RADIUS that you need to roll out a multi-factor solution. Updating these applications to support MFA would therefore require code changes that are time-consuming and costly—especially if, like most organizations, you have dozens or even hundreds of them.
  2. IoT devices present a similar issue as legacy apps—only it’s worse, because if the devices weren’t developed internally, it’s unlikely you’ll have the ability to update their system software. And if you can’t make updates to the device software, there’s really no way to adapt them to use multi-factor authentication.
  3. Remote-network applications can’t connect to cloud-based identity management services to verify credentials. So even though it makes sense to isolate some networks from the internet for security and compliance purposes, the inability to connect to an identity management server makes it difficult to deploy multi-factor authentication to them.

The Get-Around: A Next-Generation Firewall with Integrated Multi-Factor Authentication

Instead of trying to deploy multi-factor authentication at every point of access, think about putting it at the one place that opens the door to so many critical resources: the firewall. Today’s next-generation firewalls provide policy-based enforcement at the network level, so if you can integrate multi-factor authentication there, you can stop would-be attackers from ever reaching critical applications and other resources.

Integrating multi-factor authentication at the firewall addresses the problem of defending an attack surface that’s continually expanding. And it also deals with the issue of not being able to deploy multi-factor authentication to isolated remote networks—because if you use a next-generation firewall with integrated multi-factor authentication to segment those networks, you bring the multi-factor authentication capability to the network segment along with the firewall.

The takeaway: One integrated solution can make it possible to easily extend multi-factor authentication to legacy apps, IoT devices and remote networks where it would otherwise be difficult or impossible to deploy. It’s a great example of how organizations today can reimagine identity to balance uncompromising security with open collaboration.