Organizations use VPNs to secure their cloud infrastructure in multiple ways. It allows them to dictate which users have access to certain parts (or the entirety) of their infrastructure, secure connections between the on-prem and cloud networks, and redirect internet traffic for efficiency.
Two-factor authentication (2FA) can reinforce an organization’s VPN by requiring users to supply an additional form of authentication –– such as a TOTP token users can access through their phones –– to gain access to the cloud infrastructure. This can protect access to DevOps infrastructure, among other benefits.
Why Add 2FA to VPN Access?
VPNs already make connections to cloud infrastructure more secure by preventing packet sniffers from intercepting data transfer. Requiring a secondary form of authentication (i.e., 2FA) to access these resources makes it much more difficult for bad actors to infiltrate a private network.
By extension, 2FA helps prevent data breaches. In 2019, each data breach costs an organization an average of $3.92 million worldwide, and the mark a breach leaves on an organization’s reputation can take years to bounce back from. Deterring breaches by adding extra barriers to server access can save an organization’s budget and name, allowing it to grow and prosper into the future.
Aren’t VPNs Secure Enough?
Although VPNs are generally regarded as a layer of security, not all VPNs are secure by default. Some may log your information, including search history, browser history, and personal details. Additionally, if a user’s credentials to the VPN are stolen, bad actors can access cloud servers –– such as those at AWS®, Azure®, and GCP™. Adding 2FA on top of VPN access could reduce the risk of a bad actor penetrating your VPN and accessing critical infrastructure.
Add 2FA to VPN With JumpCloud
There are a few services that offer 2FA for VPN access to cloud servers, but JumpCloud® provides TOTP 2FA via RADIUS along with many other security features at no additional cost. This can help cut down on your bottom line while improving your overall security posture. It doesn’t require any on-prem equipment, either, making implementation more streamlined.