The initials MFA, as every computer security professional knows, stand for multifactor authentication. The same initials also stand for Master of Fine Arts, and maybe that’s no accident. Protecting your organization’s internal systems and data against intrusion is indeed a fine art. It requires balancing the security needs of the organization against the needs of employees for convenient access to the applications and information they need every day to get their work done.

Set the barriers too low, and the bad guys will find a way in. Make the access process too burdensome, and users get frustrated while productivity suffers. Users have even been known — with no ill intent — to set up shadow IT systems just so they can do their work without having to keep track of passwords. How can organizations strike the right balance between a pleasant user experience and risk-based multifactor authentication?

Improve Microsoft Office 365 Security With MFA

Microsoft Office 365 is one of the most popular application suites in the world. Many thousands of large organizations provide Office 365 apps for new employees and for existing employees to use on new devices. It offers the benefit of keeping applications such as Word, PowerPoint and Excel consistently current with the latest fixes and features all downloaded from the cloud. But with the convenience of the cloud comes the risk of intrusion every time those apps or updates are downloaded. That’s where MFA comes in to help protect businesses against Office 365 security threats.

Before we go any further, what is multifactor authentication? MFA is any process that requires an end user to submit two or more pieces of identification to gain access to a system. The most common example is the familiar two-part username-and-password authentication. While effective in most situations, the username-and-password combination is a frequent target of threat actors. And, because so many of us use the same password for multiple accounts, one breach can threaten a range of systems. Plus, we all have trouble remembering and resetting passwords repeatedly to meet ever-stricter requirements for complexity and length.

Multifactor Authentication for the Modern Era

Fortunately, today there are cutting-edge solutions to provide multifactor authentication that is both secure and easy to use. MFA mechanisms such as email or text, one-time-passwords, and mobile push with biometric requirements can confirm the identity of users on an app-by-app basis. Once identity is established for a specific device, users can gain access with single sign-on (SSO) capabilities. In addition to protecting your cloud-based applications, the same MFA solutions can safeguard your on-premises enterprise systems as well, such as Linux, AIX, z Mainframe and Windows remote desktop.

Features such as an administrator’s dashboard can integrate data from various sources and present a unified display of relevant, in-context information. This allows administrators to view usage statistics at a glance by geography, time period and other variables. Sign-on activity can be monitored across the organization to track successful and failed logins and to spot any unusual activity.

Some solutions also offer reporting capabilities that let administrators assemble authentication reports to look for trends and anomalies. Reports can show which applications — and thus licenses — are used most frequently and which users are most active.

In addition, since not all applications require the same level of security, administrators can also customize settings for when and how users need to authenticate for different applications. An app that offers access to confidential information, for example, will require stronger authentication protocols than access to an event calendar.

Ideally, end users should be able to browse available apps and request access to Office 365 or other applications from a simple access request interface. Such systems provide faster access for users and place less of a burden on administrators.

Perimeter Protections Can’t Keep Up With BYOD

Security professionals know all too well that threat actors are relentless in their efforts to break into computer systems. The risk environment is always changing. In today’s world, where mobile devices and bring-your-own-device (BYOD) policies are proliferating, a firewall around the perimeter is no longer adequate. And while cloud-based applications offer many benefits, they also raise the stakes for the security team.

Your security measures need to keep pace with the threats and the evolving needs of your users. The right solution can enable administrators to deploy apps quickly while ensuring compliance with company access policies and simplifying the access process for end users. It can also enhance mobile device enrollment and compliance — something that is truly needed in a cloud-driven company.

Learn More in the Webinar: Protecting Office365 with IBM Cloud Identity and MaaS360

More from Cloud Security

How I got started: Cloud security engineer

3 min read - In today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of cloud data is safe from emerging threats and vulnerabilities. Cloud security professionals combine their passion for technology with a deep understanding of security principles to design and implement robust cloud security strategies. What experience do these security experts have, and what led them to the…

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Lessons learned from the Microsoft Cloud breach

3 min read - In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S. State Department officials and other organizations not yet publicly named. Officials and researchers alike are concerned that Microsoft products were again used to pull off an intelligence coup, such as during the SolarWinds incident. In the wake of the breach, the Department of Homeland Security…

What you need to know about protecting your data across the hybrid cloud

6 min read - The adoption of hybrid cloud environments driving business operations has become an ever-increasing trend for organizations. The hybrid cloud combines the best of both worlds, offering the flexibility of public cloud services and the security of private on-premises infrastructure. We also see an explosion of SaaS platforms and applications, such as Salesforce or Slack, where users input data, send and download files and access data stored with cloud providers. However, with this fusion of cloud resources, the risk of data…