Multi-factor authentication (MFA) is the security industry’s response to failings in the simple and traditional userID/password authentication approach. MFA is considered to be a primary solution to help defeat phishing and to demonstrate compliance. But it suffers from one major drawback: user friction.
Put simply, MFA delays business. Users don’t like it, and business managers see it as a delay in business processes. The industry is responding with attempts to reduce that friction. Earlier this week, Preempt launched a product that applies behavioral-based MFA to specified applications. Now Vera has announced an add-on to its data-centric solution that allows MFA to be limited to specified data.
Vera’s methodology is to attach the additional authentication requirement to an existing data classification. Assuming particularly sensitive data is already classified within the Vera product as ‘secret’ (or perhaps, given the imminence of the European General Data Protection Regulation (GDPR), as ‘PII’), then the additional MFA will be automatically applied to all such labeled data.
The result is that any attempted access to that data — wherever the data is located or whomever the applicant is — will result in an MFA challenge. This process defends the data against successful phishing (an attacker may steal log-in credentials, but won’t get by the MFA challenge) and simultaneously helps ensure compliance with PII-protecting regulations.
“Providing the right level of protection to enterprise data is,” explains Prakash Linga, CTO and co-founder of Vera, “key to complying with regulations like the NY DFS and the EU GDPR. Furthermore, the ability to layer context-driven authentication to specific files and emails lets companies appropriately protect their information wherever it travels.”
The process does not require that all recipients of Vera MFA-protected data be Vera customers. If a protected document is sent to a trusted but external recipient, Vera will first validate the email address and then challenge the recipient with Vera’s native two-factor Twilio-based authentication challenge.
“Alongside our own native capabilities, we’re also launching integrations with Duo Security and RSA SecureID to let businesses simplify their multi-factor authentication strategy,” announced Chuck Holland, Vera’s director of product management, in an associated blog post. The Duo and SecureID are ‘out-of-the-box’ plug and play integrations.
Earlier this month, Vera announced a strategic investment of $15 million led by Hasso Plattner Ventures. Yair Re’em, general partner of Hasso Plattner Ventures, said at the time his firm’s first venture into cybersecurity is prompted by “the crumbling state of enterprise security [which] has clearly demonstrated the need for a fundamental paradigm shift in cybersecurity.”
Talking about Vera’s adoption of data-centric security over perimeter-based security, new board member Chris Rust said, “The enterprise network perimeter has collapsed and those clinging to solutions trying to save or resurrect it are fighting a battle long since lost. Vera is the driving force behind a positive and profound shift away from perimeter-based security and towards a more flexible and reliable data-centric model.”
Vera’s new MFA offering adds strong authentication to corporate data wherever it travels.
More from Kevin Bowers
- Alexa May Be Recording More Than You Realize
- UK’s NCSC Adopts HackerOne for Vulnerability Coordination Disclosure
- Artificial Intelligence in Cybersecurity is Not Delivering on its Promise
- Untangle Partners With Malwarebytes to Bring Layered Security to SMBs
- Testing Security Products: Third-Party Standards vs. In-House Testing
- New Cyber Readiness Program Launched for SMBs
- Personal Details of 120 Million Brazilians Exposed
- Researchers Find Thousands of Twitter Amplification Bots in Just One Day
Latest News
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023 | Regulations
