European Reseller

Helping bring new products to market

Sunday, Jan 21st

Last updateWed, 20 Dec 2017 12pm

You are here: Home Biometrics Software Securing the Cloud Against Identity Theft
Hand Held

Securing the Cloud Against Identity Theft

david hald low.WeB

Consumers and organizations alike have made the cloud wildly successful, as the convenience of remotely accessing data and applications gains wide popularity. The rapid uptick of cloud users brings with it the critical need to authenticate the users accessing cloud services for security and compliance purposes. The threat is real: fraud is big business and unscrupulous individuals persist in their efforts to steal users’ identities. Such assaults, according to the 2013 Identity Fraud Report by Javelin Strategy & Research, cost $21 billion.

As greater quantities of data move to the cloud, hacking and malware attacks are continuously evolving to target the ways users access remote data. Many cloud services still employ user names and passwords, which cannot protect against today’s threats. The Trojan.Zbot, or Zeus virus, provides a useful example: the Zeus malware takes over a user’s credentials—including the token code—and sends them to the hacker in an instant message. The hacker can then log in without detection since he or she used the proper credentials. The user has no idea that his or her account has been compromised. Clearly, this brave new world of threats calls for a new breed of security.

Cloud Security Up in the Air

Storing data offsite in huge, third-party data centers, commonly referred to as the “cloud,” has introduced new economies of scale for organizations that lack the resources to store this level of data in-house. Yet many businesses continue to struggle with securing remote access to data as security risks evolve.

Today, cloud-based solutions like Microsoft Office 365, Salesforce, Google Apps and other business applications are granting access to end-users. Some cloud solutions offer generic security measures for authenticating users accessing these systems in the cloud, giving the end-user the responsibility of choosing what type of security to use and relying on personal judgment to determine whether the security is strong enough to protect access effectively. This leaves organizations open to misjudging the level of security they need, which can lead to open doors for hackers. Organizations must have a holistic security system in place that can help secure remote access for their users, rather than relying solely on cloud providers to safeguard their data.

Ensuring Security

Data protected by user names and passwords are no match for threats like phishing, brute-force attacks or outright identity theft. It has become increasingly clear that usernames and passwords are ineffective methods for authenticating access, yet their use remains widespread as users balk at more cumbersome forms of authentication like tokens and certificates.

While the effectiveness of simple user names and passwords has collapsed, the volume of data stored in the cloud continues to increase. Cloud providers must accommodate access to millions of users around the world. A centralized breach in a cloud-based solution would pose a serious risk to the data of thousands – if not more – organizations. Therefore, it is the responsibility of the cloud provider to ensure strong, flexible security that is extremely hard to compromise yet also easy for the end-user to use.

A Higher Standard

As tougher security for cloud access becomes a critical necessity, organizations are beginning to implement standards for authenticating users. A key challenge organizations face is how to handle user identities in the cloud. It often means that IT departments must maintain an additional set of user credentials for each and every cloud solution used by their employees. This approach requires cumbersome procedures and extra work for IT. To bypass this problem, IT should use a centralized method that gives each user a single identity that provides access to a variety of different cloud solutions.

Adopting an approach that provides strong authentication, while at the same time freeing end-users from being dependent on specific software, hardware or features, ensures that users accessing company assets are qualified ahead of time.

SAML For Strong Authentication

One such option is Security Assertion Markup Language, or SAML. A SAML setup requires three roles: the end-user, the service provider and the identity provider. Cloud solutions such as Microsoft Office 365, Salesforce or Google Apps hold the service provider role. The identity provider role handles user authentication and identity management for the service provider. The identity provider in this scenario can serve as a centralized system to handle authentication and identity management for multiple service providers at once. By using a SAML identity provider, organizations can gain all the recognized benefits that are traditionally associated with on-premise authentication solutions.

From the organization’s point of view, using SAML is a time saver since it frees the organization from having to maintain multiple instances of user credentials—one in the local area network (LAN) and more in the cloud. This way, the organization can keep its authentication and security mechanisms the same for all users, regardless of whether they are accessing data from the cloud or from the LAN, thus saving time and money while boosting security.

Tomorrow’s Forecast

Cloud services have brought great convenience to users via remote access, and along with that convenience come new opportunities for hackers to steal user identities. Before contracting with a cloud provider, organizations should thoroughly vet the level of security the provider offers. Due to the number and sophistication of attacks today, the standard practice of simple user names and passwords is not adequate to secure information stored in the cloud. Organizations must exercise due diligence when choosing a cloud provider to ensure that proper security solutions are in place, as part of their overall mandate to build and maintain a robust internal security framework.

By David Hald, co-founder, chief relation officer

David Hald is a founding member of SMS PASSCODE A/S, where he acts as a liaison and a promoter of the award-winning SMS PASSCODE multi-factor authentication solutions. Prior to founding SMS PASSCODE A/S, he was a co-founder and CEO of Conecto A/S, a leading consulting company within the area of mobile- and security solutions with special emphasis on Citrix, Blackberry and other advanced mobile solutions. In Conecto A/S David has worked with strategic and tactic implementation in many large IT-projects. David has also been CTO in companies funded by Teknologisk Innovation and Vækstfonden. Prior to founding Conecto, he has worked as a software developer and project manager, and has headed up his own software consulting company. David has a technical background from the Computer Science Institute of Copenhagen University (DIKU).