In July 2018, Timehop, a small cloud-based company that retrieves old social media content for users as part of what it calls the "digital nostalgia" category, reported that its database of 21 million users had been breached. About 4.7 million records were stolen with information that included user names, email addresses, and phone numbers.
According to the company's incident response team, the cause of the security breach could be traced to the fact that there was no multi-factor authentication required to access its cloud computing environment. The company has since updated its cybersecurity protocols to include multi-factor authentication, but that is little comfort to the 4.7 million users who have had their sensitive personal information stolen by unknown individuals.
While the benefits of cloud computing for enterprises, employees, and customers in terms of convenience, performance, scalability, and overall cost can't be denied, those benefits come with a certain amount of inherent risk. To mitigate that risk, all stakeholders should embrace a corresponding level of cybersecurity procedures and protocols, including multi-factor authentication.
SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)
Multi-factor authentication and cloud computing
An August 2018 survey conducted by Decision Analyst, reports that 63% of respondents experience significant resistance from their employees when they try to implement a multi-factor authentication protocol for accessing cloud computing services. This attitude toward what should be a basic and minimal cybersecurity practice must change.
When considered collectively, enterprises around the world are losing billions upon billions of dollars to coordinated, concentrated, and targeted attacks on existing security vulnerabilities. This drain of resources can't be sustained indefinitely, and steps, regardless of sentiments surrounding inconvenience, must be taken to reduce the effectiveness of criminal cybersecurity attacks at all levels of the enterprise.
SEE: How to set up two-factor authentication for your favorite platforms and services (free TechRepublic PDF)
In addition to multi-factor authentication, enterprises taking advantage of cloud computing services should be implementing procedures for data encryption, data classification, credential verification, biometric access control, and more. Every enterprise with cloud computing exposure should have at the very least a detailed policy that outlines security procedures and protocols.
Tech Pro Research, TechRepublic's premium sister site, offers a Cloud computing policy that provides a framework for establishing a complete cybersecurity profile for your enterprise. It's a good place to start. Businesses can't keep doing what they've been doing with regard to security and bearing the consequences. It's time they do something about it.
Has your enterprise implemented multi-factor authentication? Share your experiences with fellow TechRepublic members in the discussion thread below.
Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.