One of the most effective methods of protecting information and boosting your cyber security posture is also a simple one. Multifactor Authentication (MFA) is increasingly built into the applications and services available from many cloud (and other) vendors – so taking advantage is often as simple as enabling it and setting it up. With this being the case, there is simple and yet crucial advice for anyone and everyone online: take the time to enable MFA on every service possible, as this moves you closer to a ‘zero trust’ environment where every user must demonstrate their credentials before they can access and use company services.

Multi-factor Authentication (MFA) requires the person accessing an application or service to provide two or more verification methods to gain access to a resource (which could be an application, online account, cloud service, and so on). Part of Identity and Access Management, MFA often uses something you know (a password) along with something you have (like an email or texted code), or something you are (your voice or fingerprint).

Combining several methods of authentication makes it far harder for hackers to get into your systems, for obvious reasons: even if they manage to get a password, the difficulty in intercepting a text message to your smartphone is close to impossible.

Just how close? A Microsoft report found that the use of MFA blocks up to 99.9 percent of takeover attempts. That’s as close to blocking them all as you’re likely to get; while intercepting the multiple authentication methods is technically possible, it is a practical nightmare for even a skilled hacker. They’re far more likely to give up and target someone else.

On to Zero Trust

MFA is often considered a core component or aspect of a Zero Trust approach to cloud security. Zero Trust literally means ‘trust no-one’; the number of trusted parties, applications or users on the network is precisely 0.

The Zero Trust model is built on the concept of ‘never trust, always verify’. This means devices and services (behind which are often, but not always, a person or people) are never trusted by default, even when they are ‘inside’ the network, or if they were previously verified. Zero Trust is only possible with strong identity and access management, including verification and validation ahead of granting access. It also limits access only to those resources necessary for any given task.

Eagle-eyed readers will note: doesn’t Zero Trust, then, limit the efficiency with which resources are accessed and used? Or, simply put, doesn’t it make things difficult for people doing their jobs?

The answer is two-fold: yes it could. But properly implemented, no it doesn’t have to.

Configuration is the key

As is often the case with any IT deployment, the real advantage isn’t so much in introducing the technology, but in how it is configured. MFA offers substantial advantages for securing your environment and protecting data and services from compromise.

And, once again, MFA is likely to be available as a component of the services you’re already paying for from big name (and sometimes also small name!) vendors including Microsoft, AWS, and many others.