This guest post is by Jon Oberheide, co-founder and CTO of Duo Security, which, as part of its relationship with Rackspace, provides best-of-breed, user-friendly two-factor authentication to our customers.
Modern IT infrastructures are changing in a big way. Organizations across all industries are moving to the cloud. The days of on-premise infrastructure behind corporate and government firewalls are going away. Even the CIA is moving workloads to the cloud.
At the same time, information security is more important than ever. Organizations spend more than $60 billion a year on security, yet we’re seeing more and more breaches every day. Along with the growth in the number of data breaches per year, we’re seeing an increase in the cost of dealing with a breach, as well.
On the other hand, the cost of breaching organizations has gone down for attackers. What used to be a few people with sophisticated tools sitting in a corner office orchestrating a hack, has now become a lucrative mass-market opportunity for cybercrime. Cyber criminals have realized that going after end users is much easier and effective than directly attacking systems, networks, and infrastructure. These user-targeted attacks, like phishing, credential theft, and endpoint compromise, represent the soft underbelly of modern organizations and the most common vector for breaches.
Indeed, Verizon’s 2015 Data Breach Investigations report found that 95 percent of breaches are the result of stolen credentials.
Previously, the cost of addressing this growing cybersecurity problem was expensive and involved long evaluation and implementation cycle. For example, when you start looking at some of the preventative security products available such as firewalls or IDS, the cost runs into the hundreds of thousands. And that doesn’t even include the manpower of large security teams needed to develop, implement, and manage such solutions, which make these solutions even more cost-prohibitive for many organizations. What we’ve historically called “defense in depth” in security has turned into “expense in depth.”
Over the last few years, the availability of cloud-delivered, managed security solutions has made effective security available to organizations of all shapes and sizes. One such example is two-factor authentication. While two-factor has been around for decades, it is a fundamental security control that can provide strong authentication of end user access. Two-factor can augment the “what you know” factor of password authentication with a “what you have” factor (eg. using a mobile device), effectively mitigating phishing and other credential theft attacks.
In the past, two-factor authentication was a clunky and expensive experience for end users and administrators alike.
But now, with cloud-based two-factor authentication, Duo provides a seamless, frictionless experience for both users and admins. Rackspace customers can enable Duo’s easy and effective two-factor authentication as part of Rackspace’s security bundle. It’s a security solution that’s designed for people and works to protect services and data — whether on-premise OR in the cloud.