Read time: 4 min
A cyber insurance webinar we recently hosted revealed the top cyber security practices with the most significant impact on risk. Some of these highest-ranking practices include:
Taking the top spot on the list is Multi-Factor Authentication (MFA). According to our cyber insurance partner, over 70% of claims for cyberattacks could have been avoided had Multi-Factor Authentication been implemented.
Multi-Factor Authentication (often shortened to 2FA or MFA) adds an extra layer of security to compensate for password challenges, such as weak passwords or overly complex passwords that users have been known to write down on paper and tape to their workstations.
MFA provides an additional level (or levels) of identity authentication beyond the standard username/password validation we have used for years. MFA requires two or more of the following factors for authentication:
A major cause of cyber-breach is the ability of criminals to compromise standard user authentication through sophisticated password-cracking techniques or phishing attacks. By implementing additional layers of authentication, we can ensure the user is whom they say they are and reduce the risk of a successful attack.
Regulators and stakeholders recognize the importance of MFA. Today most cyber insurance policies require MFA. In addition, meeting regulatory compliance (PCI-DSS, GDPR, PIPEDA, and so on) is often dependent in part upon MFA.
Many companies only implement MFA at initial network login. This approach simplifies implementation and reduces user impact. Following this approach assumes that once a user is authenticated, they should be fine for all network access levels if they stay connected. However, this approach ignores the value of using MFA to further secure your most critical assets and processes, a fundamental factor in cyber-insurance approval, premium cost, and compliance audits.
For example, if you have a critical application that only certain users should be able to access, then adding an MFA layer when users log into that application will help prevent someone who can bypass the network login MFA (or compromise the identity post login) to have to go through yet another layer of authentication before accessing this most critical resource.
MFA for IBM I, a third-party solution, is available from multiple vendors. It allows you to implement MFA specifically for IBM i login and target specific applications or processes running on the IBM i platform. It typically integrates with IBM exit point security as well as access control and elevated authority solutions. Most solutions utilize industry-standard authenticators such as Radius or RSA SecurID, although they also come with their own authenticators, if preferred.
As the IBM i platform typically runs your company’s mission-critical applications and houses highly sensitive data, it certainly deserves the extra layer of security that MFA can provide.
The following are two common use cases for IBM i based MFA and their corresponding implementation best practices:
The objective of implementing a native IBM i MFA solution is to add additional layers of security to your environment beyond the standard network login MFA. It is not only best practice to utilize a layered approach to implementing your IT security infrastructure, but it will help you qualify for, and reduce the cost of, your next cyber insurance policy.
For a broader discussion and review of IBM i security, look at the following blog titled “8 IBM i Security Tips.”
Brian Olson
Director, IBM Power Server – AIX and Security Solutions
Quadbridge
Client profile
Industry: Environmental
Employees: 25-50
✓ Managed IT
✓ Managed M365
✓ Managed Backup
✓ Professional Service
✓ Managed Endpoint
After supporting Waterloo Biofilter with an office move, they quickly switched fromtheir current Managed Services Provider to Quadbridge. We now manage their entireIT environment and support their end-to-end IT needs.
• Quadbridge worked with the client to implement our Elite IT service thatprovides ongoing IT monitoring and management, responsive help desk,proactive service, and vCIO consulting
• We’ve become a fully trusted partner and have proactively led a number ofinitiatives to improve performance and advance their IT, including thefollowing services:
• Managed Cloud Backup: we optimized their backup strategy with anaccessible, cost-efficient cloud-based backup solution that our teamcontinuously monitors and assists with restore requests.
• Infrastructure Architecture: we upgraded their server infrastructure toimprove redundancy and performance – especially for employees workingremotely.
• Ad Hoc Requests: as the clients’ IT support, our team uses our range ofexpertise and onsite support capabilities to deliver on a range of simple andcomplex IT projects. These have included upgrading their conference roomsystems and completing a functional and aesthetic clean up of their cabling
As always, the Quadbridge team is here to help. Please reach out to us for any of your IBM security or other IT needs.
1 800-501-61721 800-655-3282info@quadbridge.cominfo@dtm.ca