Multifactor Authentication and Authorization: The Key to Evolving as Fast as Insider Threats

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Jason Lohrey of Arcitecta introduces us to Multifactor Authentication and Authorization (MFA&A); examining how it’s the key against insider threats.

In today’s digital age, data security is of utmost importance. Data repositories and file systems contain large amounts of sensitive information that must be protected from unauthorized access, alteration, or deletion. Data security is a critical aspect of any system used to store and manage data. It is increasingly important with the rise in the frequency of cyber-attacks, as external actors seek to gain an advantage from the troves of intellectual property and sensitive data amassed by corporations and institutions.

As National Insider Threat Awareness Month in September reminded us, external actors are not the only threat. Threats can often already reside within an organization, in different forms. Some individuals may simply be negligent by unwittingly clicking on phishing emails, carelessly handling data, or not following security protocols. Others may unknowingly pose a risk when external actors compromise their credentials. Then, of course, malicious insiders intentionally cause harm by committing fraud, stealing sensitive data, or disrupting systems.

Gartner predicts that by 2025, human failure or lack of talent will be the cause of more than half of significant cyber incidents, asserting that the number of cyber and social engineering attacks against people is spiking as threat actors increasingly see humans as the most vulnerable point of exploitation.

The consequences of a successful insider threat may include a data breach, fraud, theft of trade secrets or intellectual property, and sabotage of security measures.

MFA&A: The Key to Evolving as Fast as Insider Threats

Stored Data Security

Organizations store information in various systems, including a) structured databases, b) asset and data management systems, and c) file systems. Many of these systems contain sensitive information that requires critical protection. Most systems in use today for managing data do not employ contemporary techniques that enhance the safety of that data, such as multifactor authentication (MFA). The security of file systems, in particular, has not advanced as quickly as other data systems over the last few decades and needs to be much stronger.

The use of second factors (hardware token, phone, and even SMS) has been shown to significantly improve the reliability of establishing an individual’s identity for authentication – that is, when connecting to a system, a person is asked to confirm their identity using a) a password – something that is known, and b) a security device or token – something in possession. That same mechanism can also be used to re-assert a person’s identity before doing something with the data, such as attempting to access or delete it.

It is worth noting that MFA on a virtual private network (VPN) is not a sufficient level of protection, as the VPN will not protect a system compromised with malware. Once someone authenticates via the VPN and the account has elevated permissions, a lot of damage can be done. It is daunting to think of the damage that could result simply through administrative accounts in systems with petabytes of data.

Introducing Multifactor Authentication and Authorization

Another level of protection is required to thwart such damage. In addition to authentication, authorization at the very core of the system, including global file systems of federated storage, is needed to prevent security breaches. Multifactor authentication and authorization (MFA&A) confirms individual identity during authentication (when seeking initial access) and grants authorization or approval when attempting to perform sensitive data operations to prevent unauthorized access, modification, and deletion. MFA&A also provides enhanced accountability through audit trails.

In combination, multifactor authentication and authorization create a critical security measure that provides much more robust security, increases control over system access, and reduces the risk of data breaches. It also ensures compliance with industry regulations and is a cost-effective solution for data security. By implementing MFA&A, organizations can protect their sensitive data and ensure the integrity of their file systems.

As an example, file deletion may not be allowed unless a person attempting to delete is authorized and acknowledges the deletion with a second factor, such as a phone. Imagine hard destruction or modification of data requiring a quorum of people to agree to that destruction before it can occur in the first place. This safeguard is made possible with multifactor authentication and authorization.

The Benefits of MFA&A

Further examination reveals many advantages and benefits provided by MFA&A.

• Stronger Security: MFA&A is a highly effective security measure that protects against unauthorized access to a file system. It is much more difficult for hackers to gain access as they would need to bypass multiple authentication factors. Multifactor authorization requires users to provide at least two forms of authentication. This approach makes it more difficult for attackers to impersonate legitimate users and gain access to sensitive data.
• Preventing Accidental or Unauthorized Deletion: File system multifactor authentication prevents accidental or unauthorized deletion of files by requiring additional authentication factors before allowing users to delete files. This additional authentication factor ensures that only authorized users with proper clearance can delete files, reducing the risk of accidental or unauthorized deletion.
• Increased Control: MFA&A provides increased control over who has access to the file system. System administrators can customize the authentication and authorization process to ensure that only authorized users can access the system. This approach prevents unauthorized access to sensitive data and protects the integrity of the file system. The policy for MFA&A can be set per file, per collection/directory, and/or system-wide. It can also be set as a function of a person’s role.
• Reduced Risk of Data Breaches: MFA&A reduces the risk of data breaches by making it more difficult for hackers to access the system. Even if a hacker manages to obtain a user’s password, additional authentication factors are still needed to gain access to the system.
• Audit Trails: Multifactor authorization enhances the accuracy and completeness of an audit trail by providing more detailed information about user activity, including authentication and authorization factors. Multifactor authorization provides an additional layer of authentication and authorization that is recorded in the audit log, providing more granular details about who accessed a system, when, and for what purpose. For example, if a user attempted to access a system with multifactor authorization but was unable to provide the additional authorization factor, this information would be logged in the audit trail. Similarly, if a user attempted to perform a sensitive action, such as deleting a file, but was required to provide additional authorization factors before completing the action, this would also be recorded in the audit trail. The audit trail is used to identify and investigate security incidents or suspicious activity and to monitor compliance with organizational policies and regulations. By providing more detailed information about user activity, multifactor authorization ensures the integrity and accuracy of the audit trail, which is critical for forensic analysis and legal compliance.
• Compliance with Industry Regulations: Many industries, such as healthcare and finance, have strict regulations that require using MFA for data security. Implementing MFA&A for a file system ensures compliance with these regulations and protects sensitive data.
• Cost-Effectiveness: While implementing MF&A may require additional hardware and software, it is a comparatively cost-effective solution for data security. The cost of a data breach is much higher than the cost of implementing MFA&A.
• Aiding Forensic Investigations: Multifactor can be helpful in forensics investigations by providing additional layers of authentication and authorization that can be used to trace and verify user actions in the system. Here are some ways in which multifactor authorization can help with forensics:
  • Verification of User Identity: Multifactor can help to verify the identity of users accessing the system, as it requires users to provide multiple factors of authentication or authorization. This verification can help to prevent unauthorized access and ensure that actions performed in the system are associated with a specific user identity, which can be critical for forensic investigations.
  • Granular Details About User Actions: Multifactor can provide more detailed information about the specific actions performed by users in the system. For example, suppose a user attempts to perform a sensitive action, such as deleting a file. In that case, a multifactor may require additional authorization factors, such as approval from a manager or a confirmation message. This information can be critical in forensics investigations, as it can provide more granular details about the user’s intent and motivations.
• Preventing Data Theft: Multifactor authorization can help protect against data theft by providing an additional layer of security beyond just a username and password. Here are some ways in which multifactor authorization can help protect against data theft:
  • Protection Against Phishing Attacks: Multifactor authorization can also help protect against phishing attacks, where attackers attempt to trick users into revealing their login credentials. Even if an attacker obtains a user’s password through a phishing attack, they will still need the second factor of authentication to gain access to the system.
  • Access Control: Multifactor authorization can also help enforce access control policies, such as restricting access to sensitive data based on user roles and permissions. This approach can help to prevent unauthorized users from accessing sensitive data, even if they have obtained valid login credentials.
  • Monitoring and Alerts: Multifactor authorization can also provide additional monitoring and alerting capabilities, such as sending notifications when a user logs in from a new device or location. This can help to identify suspicious activity and alert administrators to potential security threats.

Multifactor authentication and authorization is a critical security measure that provides:

• Stronger security
• Increased control over system access
• Reduced risk of data breaches

Implementing MFA&A across a global file system of federated storage systems gives organizations increased control over who has access to the file system and protects sensitive data. The benefits of MFA&A include stronger security, prevention of accidental or unauthorized deletion, increased control, reduced risk of data breaches, compliance with industry regulations, and cost-effectiveness. Additionally, MFA&A provides granular details about user actions, which is critical for forensic analysis and legal compliance. Implementing MFA&A ensures the integrity and accuracy of the audit trail, which is crucial for identifying and investigating security incidents and suspicious activity.

In the end, it seems obvious to implement a data management system with MFA&A at its core if you’re serious about protecting your data.