Multi-factor authentication (MFA) is the security industry’s response to failings in the simple and traditional userID/password authentication approach. MFA is considered to be a primary solution to help defeat phishing and to demonstrate compliance. But it suffers from one major drawback: user friction.
Put simply, MFA delays business. Users don’t like it, and business managers see it as a delay in business processes. The industry is responding with attempts to reduce that friction. Earlier this week, Preempt launched a product that applies behavioral-based MFA to specified applications. Now Vera has announced an add-on to its data-centric solution that allows MFA to be limited to specified data.
Vera’s methodology is to attach the additional authentication requirement to an existing data classification. Assuming particularly sensitive data is already classified within the Vera product as ‘secret’ (or perhaps, given the imminence of the European General Data Protection Regulation (GDPR), as ‘PII’), then the additional MFA will be automatically applied to all such labeled data.
The result is that any attempted access to that data — wherever the data is located or whomever the applicant is — will result in an MFA challenge. This process defends the data against successful phishing (an attacker may steal log-in credentials, but won’t get by the MFA challenge) and simultaneously helps ensure compliance with PII-protecting regulations.
“Providing the right level of protection to enterprise data is,” explains Prakash Linga, CTO and co-founder of Vera, “key to complying with regulations like the NY DFS and the EU GDPR. Furthermore, the ability to layer context-driven authentication to specific files and emails lets companies appropriately protect their information wherever it travels.”
The process does not require that all recipients of Vera MFA-protected data be Vera customers. If a protected document is sent to a trusted but external recipient, Vera will first validate the email address and then challenge the recipient with Vera’s native two-factor Twilio-based authentication challenge.
“Alongside our own native capabilities, we’re also launching integrations with Duo Security and RSA SecureID to let businesses simplify their multi-factor authentication strategy,” announced Chuck Holland, Vera’s director of product management, in an associated blog post. The Duo and SecureID are ‘out-of-the-box’ plug and play integrations.
Earlier this month, Vera announced a strategic investment of $15 million led by Hasso Plattner Ventures. Yair Re’em, general partner of Hasso Plattner Ventures, said at the time his firm’s first venture into cybersecurity is prompted by “the crumbling state of enterprise security [which] has clearly demonstrated the need for a fundamental paradigm shift in cybersecurity.”
Talking about Vera’s adoption of data-centric security over perimeter-based security, new board member Chris Rust said, “The enterprise network perimeter has collapsed and those clinging to solutions trying to save or resurrect it are fighting a battle long since lost. Vera is the driving force behind a positive and profound shift away from perimeter-based security and towards a more flexible and reliable data-centric model.”
Vera’s new MFA offering adds strong authentication to corporate data wherever it travels.