The average employee logs into over 30 cloud-based applications or websites per day in their workflow. That’s a lot of potential risk for a business when it comes to password compromise, which just happens to be on the rise.
The shift in where company technology and data reside from on-premises to cloud and SaaS (Software as a Service), has driven cyber criminals to credential theft. It’s easier for them to breach a user’s password than to try to break into a secure cloud-based environment. This is especially true if it’s run by a company like Microsoft, Google, or Amazon.
From business email to CRMs to accounting software, employees need to log into various online tools in the course of business. But what happens when their password gets breached?
The average cost to a business from compromised employee passwords is $383,365. Plus, there is the loss of reputation (customers wonder if their data is actually safe) and ongoing remediation costs for any data privacy regulation penalties.
Bottom line: It’s important for companies to fiercely protect employee passwords. And this isn’t usually done just by telling employees to use strong password rules, like adding a special character or number.
Bad password habits tend to be the norm. Employees do things like:
- Use the same password in multiple accounts
- Use weak, easy-to-remember passwords
- Store passwords in unprotected documents
- Email or text passwords insecurely
Technology solutions like context-based access can help companies overcome this risk and better secure their accounts.
What Is Context-based Access?
Context-based access is typically used alongside multi-factor authentication (MFA). MFA requires a one-time code or other user input (like a challenge question) in addition to the username and password before access to a system is granted.
You’ll hear context-based access also called conditional access. Both terms refer to the ability to challenge users based on certain conditions. The context of where a user is logging in from, when they log in, and the device they use can all be examined by a context-based access system to trigger types of MFA.
For example, you can set up a rule that if anyone from outside the country where you operate is trying to log in using an employee account, they are presented with an additional challenge question.
Why would you do this? Because, if your employees don’t normally work from another country, there is a high likelihood that this login attempt would be a hacker. By presenting an additional challenge you could stop them. But your employees working where they usually do, aren’t inconvenienced by that additional challenge before they can log in.
This is one of the biggest benefits of using context-based access. It allows you to improve cybersecurity without inconveniencing users. In fact, it often makes MFA more convenient by using conditions for when it’s presented.
Typical Context-based Access Conditions
There are several types of conditions that you can use to present additional challenges to users or to restrict access. These can be used alone or in combination with each other to customize access security to your company’s needs.
Here are some of the most common conditions used:
- The geographic location of the user
- The device the user is using to login
- The role of the user
- Time of the login
- Time of the last login
How Conditional Access Works
When you set up context-based parameters, these are called policies. For instance, you can have a policy that an MFA prompt will be required when anyone is logging in during non-work hours.
Another policy may be to add an additional challenge question for users that have high-level roles, such as account admins or those that work with your financial information.
When a user meets the parameters of a policy, then the additional requirement(s) are presented to help ensure that they are the legitimate user and not a hacker with a stolen password.
What Are the Benefits of Using Context-based Access Policies?
Improves Account Security
Putting context-based access policies in place helps ensure only legitimate users are accessing your company accounts. This improves data security and compliance by reducing your risk of a data breach.
Enhances User Experience
Instead of needing to challenge all users in the same way, you can customize the targeting of your login security. Users with a riskier profile (e.g., logging in from an unknown device or in the middle of the night) receive an additional identity challenge, while others that don’t meet those conditions do not.
Once your policies are set up, the system takes over. Everything is automated, with access conditions being monitored and identified, and appropriate responses served up based on those. This automation reduces the burden on administrative staff and helps ensure the system runs smoothly.
Need Help Improving Cloud Account Security?
Don’t leave your cloud accounts at risk. Quantum Technologies can help your Sturgeon Bay area business with identity and access management security solutions.
Contact us today to learn more! Call 920-256-1214 or reach us online.