Improve Security With MFA On Google Apps And AWS

By Greg Keller Posted July 14, 2015

security

Let’s face it: companies are always under attack. Hardly a day goes by without us hearing about a major company being hacked.

These are big, multi-national enterprises with tremendous resources. They have deep IT teams, smart engineers, and enough tools and technology to solve serious security problems… and they still get hacked!

Hackers find a way to penetrate all of those defenses, outsmart the smart engineers, and make irrelevant all of the resources spent on the problem. That’s a scary proposition for small to medium sized organizations that don’t have the resources of the big guys.

Security for Small and Medium-Sized Enterprises

Security

Believe it or not, as an SME  you have some advantages in security over the big guys. You can move quickly and make changes that make it much harder for hackers to get in.

Your goal doesn’t have to be perfect security. You need to create enough difficulty so that the hackers will move on. Most hackers are using automated tools to try and penetrate networks, so if you can step up your security with that knowledge, you’ll be able to dramatically decrease your risk of a breach.

Essential Security Steps for SME – Enabling Multi-Factor Authentication 

There are three things that we suggest that organizations do right away to secure their infrastructure.

Enable the multi-factor authentication option on Google Apps 

Multi-Factor Authentication for G Suite

Most small to medium sized businesses are leveraging G Suite (also known as Google Apps). If a hacker can take over a key individual’s email account, the hacker has the ability to reset passwords, search for confidential information, and pose as that person. That’s high risk.

The easiest way to defend against that is by enabling multi-factor authentication. Your users will have to enter a pin code as they login. The pin comes either via text message or through an app on their smart phone. A hacker now needs to not only have their username and password, but also their smartphone. Possible? Yes. But it is extremely unlikely that this all happens without the user becoming aware of the breach and notifying IT.

Setting up multi-factor authentication for all of your users is simple but powerful. It may be the single most significant step you can take to decrease risk company-wide.

Add multi-factor authentication to your AWS account 

Multi-Factor Authentication for Servers

Many organizations are leveraging AWS’s Infrastructure-as-a-Service capabilities. But while IaaS is an innovative and effective solution, it also introduces security risks.

The cloud servers are housing critical applications and data. AWS credentials are often literally the keys to the kingdom. The root AWS account is what hackers are after. Once they have that account they can do whatever they want with your AWS infrastructure. You may think it will never happen to you, but it has happened before, with disastrous consequences.That root AWS account should always be protected via multi-factor authentication. It can be set up to use Google Authenticator so your users don’t have to have multiple applications for their MFA codes.

As a next step, your critical servers should also have MFA attached to them. JumpCloud’s Directory-as-a-Service® can help you do that for your Linux servers.

Require credentials to access your wireless network 

Access WiFi using credentials

Just using a SSID and passphrase for your wireless access isn’t enough. Just like you need another factor with your Google Apps and AWS accounts, access to your wireless network should be dependent upon a user’s credentials.

Leveraging RADIUS and directory services is easy way to make that happen. JumpCloud’s Directory-as-a-Service can help you accomplish this without the heavy lifting.

Security for SME comes down to Multi-Factor Authentication

Multi-Factor Authentication security

There are no guarantees in the online world. Big companies are spending tremendous dollars to keep themselves safe. Small to medium sized businesses don’t have those resources so they need to be smarter.

Adding MFA to Google Apps and AWS is a great step forward, as is requiring unique credentials to access your wireless network. All of these are within the realm of possibility for a company of any size. Take these three steps and you’ll sleep easier at night.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts