Implementing MFA comes with multiple benefits such as having great security (one factor is not enough), better access control, and compliance with regulations in various industries. Before implementing MFA, have a look at these MFA deployment factors and asses their importance for your company:
Security
Ideally, an MFA implementation will be determined by the performance and protection of the technology used. Sensors, devices, and other types of technology used to authenticate users are not a guarantee. If retina and fingerprint scanners or other biometrics like typing behavior are used, the False Acceptance Rate (FAR) and False Reject Rate (FRR) must be analyzed. What is the threshold of security that your company is considering? Could a misused log-in attempt be a gateway to very sensitive data in government institutions, industrial IP’s, or medical breakthroughs? Based on the level of security, the FAR and FRR should be as low as possible. Also, be sure to keep the presentation attack in mind. Since the ’70s, James Bond movies have shown numerous examples of impersonation. Most biometrics like fingerprints or iris scans are easy to copy. The only behavioral factor that is challenging or difficult to duplicate is typing biometrics due to the unique blend of physical traits utilized as well as one’s behavior.
Ease of use
Easy deployment doesn’t always equal ease of use. If your employees have a hard time using the MFA that you just set up for them, consider educating them on the importance of this security measure. Keep in mind that some factors like typing biometrics offer seamless in-band? authentication and don’t require any additional action from the users. Make sure the MFA is not complicated and ensure a smooth adoption across your user base.
Scalability
What’s more beneficial than paying only for what you need instead of what you might need? From Amazon Web Services to Dropbox, companies realize the value of scalable and flexible solutions. If your operations depend on fluctuating figures such as contractors or varying numbers of clients, consider a flexible option, so you don’t end up paying for what you wish you had, instead of what you have!
Compliance
It’s important to follow security protocol recommendations. An essential part art of an MFA implementation is to keep up with the latest compliance requirements. Some of the most important ones are NIST SP 800-53, HIPAA/HITECH, and EBA’s PSD2. Also, when working with EU citizens, keep GDPR in mind. Look for vendors that can accommodate the requirements mentioned in the protocols listed above.
Support
High-level support comes with great benefits. Knowing someone will be there at any time to serve your company’s interest is a major benefit. A reliable service for 100% of the time comes with considerable costs, and many times, this option is not even available. Look carefully for vendors that offer maintenance service and are there for you in critical times. Losing access to access control is any IT departments nightmare.
Budget and tax friendly
With an MFA deployment that is flexible and allows for a forecast of expenditure, the budget allowance will always be of significance. If possible, make it a day-to-day expenses necessary to keep the business running. Shifting from CAPEX to OPEX is a big win for enterprises, especially in regards to the tax treatment. If the MFA implementation you opt for is flexible, scalable, and allows you to dynamically add users, the long term benefits will also be reflected in the budgeting forecasts.
Deployment in the Cloud
The days we were explaining what the could is are long gone. More and more companies are working with cloud technology. Most enterprises rely on cloud services to scale their businesses. Security vendors often offer cloud set up, updates, and maintenance while customer companies can pay a monthly fee to access authentication-as-a-service (AaaS).
Flexibility
When deploying for a large enterprise or even a middle-sized company, you must keep diversity in mind. Age is a key determinant of the factors in an MFA. Various demographic groups prefer different authentication methods. Studies have shown millennials are comfortable with facial recognition, while baby boomers and seniors are not. It is also known that millennials have a preference for texting over calling if they had to choose one form of communication. In this latter example, typing biometrics is a non-disruptive, seamless authentication method to implement for younger users.
Granularity
MFA is here to stay. However, are all your employees equally authorized to access sensitive data? Not all user actions carry the same risk. In many cases, a user’s login will not necessarily need a high level of security due to the specificity of the performed task. In such cases, it’s best to opt for a granular MFA deployment to make sure the log in process is not affecting productivity. Enterprises should include protocols as diverse as adaptive authentication, risk-based policy-adaptive authentication, and step-up authentication. Our partners at Optimal IDM are here for your enterprise’s needs.
Update 2021: TypingDNA has launched a better MFA/2FA product. TypigDNA Verify 2FA – replace SMS 2FA codes with better UX: Just type 4 words! Take a look here.