As organizations shift to entirely distributed-work models, IT admins need to be sure that their remote end users are as secured as possible. Given that users are outside of IT’s direct control when out of the brick-and-mortar office, admins should prepare their users for security and success right out of the gate so they don’t run into any problems later on.
Multi-factor authentication (MFA) is a great way to frontload your security efforts, but setting up MFA for remote employees can be troublesome unless you have the right tools. In this post, we’ll cover the importance of MFA and how to best implement it across a remote workforce.
MFA, also known as two-factor authentication (2FA), requires the presentation of an additional authentication factor beyond the standard username/password credential pair at login to a service. This additional factor, which can be anything from a randomly generated code to a physical USB key, significantly improves login security.
When a user is forced to present an additional factor at login, the same can be said for a bad actor who has gained access to that user’s credentials. Regardless whether they’re compromised through phishing or cracked through brute force bot attacks, a set of credentials backed by MFA carries significantly less weight in the hands of someone looking to attack an organization.
In their study of MFA as a general security best practice, the Google® Security blog found that commonly used device-based forms of MFA are, on average, at least 90% effective at preventing account takeovers due to a botnet or bulk phishing attack. Most forms of MFA have varying degrees of success, but physical security keys were shown to be up to 100% effective for most attack types.
Where Can MFA Be Used?
Because it’s such an effective security tool, MFA should be applied wherever possible. Depending on the solution used to enforce MFA, IT admins can require MFA at login to user systems, applications, and even VPN connections when integrated via RADIUS. For organizations with distributed end users, VPN MFA is especially key for protecting remote access.
Setting Up MFA for Remote Employees
In order to leverage MFA across a disparate workforce, IT admins need the proper tools to integrate MFA into their organization.
To be used effectively, MFA should tie directly into the identity being used to authenticate to a resource. For many organizations, this identity is sourced from the core identity provider (IdP).
Traditional IdPs, such as Microsoft® Active Directory®, struggle with this task, as they don’t natively feature MFA capabilities or authenticate to resources that exist outside of their direct domain. Oftentimes, organizations using AD need to purchase additional tooling, like Identity-as-a-Service (IDaaS) solutions, to extend AD identities and apply MFA to authentication.
Beyond implementation troubles, IT admins may experience additional challenges when it comes to the end user experience. Depending on how it’s implemented, MFA can make login processes trickier for users, requiring additional information to be entered beyond the username and password they’re used to. With a fully remote workforce, these issues may be exacerbated by the fact that IT admins can’t address the problem in person like they might usually in the office.
IT organizations can leverage a cloud directory service to set up MFA for remote employees across systems, apps, and networks. Using a cloud directory service, admins can require these forms of MFA:
Unlike traditional IdPs, a cloud directory service doesn’t need additional tools to apply MFA or extend identities; they’re all built in and capable of being administered remotely.
Watch this webinar to learn more about the importance of MFA in the modern enterprise and how it can be implemented through a cloud directory service.