Smile On Fridays secured coverage in Global Banking & Finance for OneLogin!

Securing cloud-based apps

A quarter of a century into the web era, it seems astonishing that protecting the personal and business accounts on which it depends remains a mortal challenge. There are many dimensions to this problem, starting with the weakness of the security model that assumes that a password and username offers a reliable authentication that someone is who they claim to be. Additional layers such as Multi-Factor Authentication (MFA) and behavioural modelling have been added to supplement the process of verifying identity, but they remain as complex to implement as they are diverse. Uptake among consumers remains incredibly weak while even some businesses have baulked at the management overhead, assuming applications even support MFA in the first place.

Perhaps the biggest challenge isn’t so much technical as it is old fashioned risk – the scope and value of resources protected by online accounts has expanded so dramatically that the entire fate of many businesses depend on their integrity.  Where once these were a way to access a limited palette of services, business accounts in particular offer attackers the sort of foothold inside organizations that can fuel everything from phishing and Business Email Compromise (BEC) attacks to the wholesale compromise of shared servers and cloud services. When cyberattackers find a way to undermine an employee account, they gain not simply an insight into that individual’s job and data but, potentially, a way to compromise the whole organization.