Flaws in the authentication process mean compromised security for businesses that contract with major cloud providers for services, data storage, and protection. One of the most significant weaknesses in their armor occurs when customers are allowed to enter usernames and weak passwords over unencrypted channels.
Microsoft is taking the lead to combat these practices. As of October 1, users of its Online Exchange service will no longer be able to use basic authentication, mandated instead to switch to token-based measures. By the same token, Google has convinced over 150 million customers to enroll in the two-step verification process. Rackspace, another major cloud provider, will be ceasing its cleartext email protocol by the end of 2022.
Digital bad actors are taking advantage of whatever security holes they can find. As a result, an estimated 84 percent of companies experienced an identity breach in 2022, up from 79 percent in the previous two years. Given the continuing upsurge in data breaches, implementing these measures may turn out to be just the beginning of a trend toward escalated authentication precautions across the industry.
In a business landscape where changing and pivoting can tax resources that are already severely limited, some companies have demonstrated reluctance to do what is necessary to ramp up their safety measures, leaving them vulnerable to hijacking, phishing campaigns, password abuse, and brute-force attacks.
Once data thieves have gained entrance into corporate email servers, they can steal vital information or launch costly ransomware attacks that can damage a business’s long-term reputation. Because of these dangers, service providers like Microsoft, Google and Rackspace are taking matters into their own hands by closing the door on basic authentication procedures. This single action can thwart attackers using credential stuffing and other mass access techniques to compromise information.
Strengthening security fortresses by eliminating basic authentication has immediate benefits for the companies that take these steps. For instance, data compromises went down by 50 percent among the Google customers who had signed up for the company’s two-step verification process. In addition to moving away from elementary authentication, many cloud providers are also pushing for the advancement of zero-trust initiatives and stronger user identity protocols.
Even so, obstacles to adoption still remain. While it is true that all of the prominent cloud providers offer secure tokenization and multi-factor authentication over secure channels, not every company has been quick to take advantage of these precautions. Experts speculate that their reluctance may stem from a lack of the financial or human resources required to implement these additional security procedures. Additionally, logistical problems remain; there are challenges with backward compatibility and the migration of legacy apps, devices, and protocols.
Reluctance is not limited to corporations; consumer-oriented services have also demonstrated a tepid response to the need for higher security. Despite the laudable efforts of major players Google and Apple in this space, only a paltry 12 percent of consumer-focused organizations have implemented multi-factor authentication.
Even so, the overall outlook for enhanced authentication procedures looks positive, with 64 percent of businesses planning to implement initiatives that secure digital identities. It is encouraging to note that the cloud providers that serve these companies seem poised to make security a higher priority, with 29 percent currently rolling out improved identity management protocols and 21 percent intending to do so in the future.